Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Micra.exe

Overview

General Information

Sample name:Micra.exe
Analysis ID:1545328
MD5:1ad521dbfab2e258ac84aa46e82fb5c7
SHA1:560a6c25f441e888a805b328f773969a82e2c4a3
SHA256:5249ac3848e42ac5264815414a321bfa6a698970ff8ffea1dd1d0a4e070b0224
Infos:

Detection

FormBook, GuLoader
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Micra.exe (PID: 6248 cmdline: "C:\Users\user\Desktop\Micra.exe" MD5: 1AD521DBFAB2E258AC84AA46E82FB5C7)
    • Micra.exe (PID: 2024 cmdline: "C:\Users\user\Desktop\Micra.exe" MD5: 1AD521DBFAB2E258AC84AA46E82FB5C7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b8d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13bbf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000000.00000002.3421465563.000000000336C000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-30T12:42:58.760192+010028032702Potentially Bad Traffic192.168.2.450002142.250.184.206443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: Micra.exeAvira: detected
      Multi AV Scanner detection for submitted file
      Source: Micra.exeReversingLabs: Detection: 16%
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: Micra.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.4:50002 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.4:50003 version: TLS 1.2
      Source: Micra.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: wntdll.pdbUGP source: Micra.exe, 00000005.00000002.4039419079.0000000035730000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4039419079.00000000358CE000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974687432.00000000353C7000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3977470529.000000003557D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Micra.exe, Micra.exe, 00000005.00000002.4039419079.0000000035730000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4039419079.00000000358CE000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974687432.00000000353C7000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3977470529.000000003557D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_00406232 FindFirstFileA,FindClose,0_2_00406232
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004056F7 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004056F7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004026F8 FindFirstFileA,0_2_004026F8
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:50002 -> 142.250.184.206:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: Micra.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: Micra.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: Micra.exe, 00000005.00000001.3420489258.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: Micra.exe, 00000005.00000001.3420489258.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: Micra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: Micra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: Micra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/s
      Source: Micra.exe, 00000005.00000002.4039037120.0000000034B40000.00000004.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015584233.000000000566B000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS
      Source: Micra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS)
      Source: Micra.exe, 00000005.00000002.4015584233.000000000566B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaSfJ
      Source: Micra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaSk
      Source: Micra.exe, 00000005.00000003.3530333738.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974977352.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975134687.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975222724.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015767984.00000000056CD000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974880692.00000000056C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: Micra.exe, 00000005.00000003.3974880692.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015584233.000000000566B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS&export=download
      Source: Micra.exe, 00000005.00000003.3530333738.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974977352.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975134687.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975222724.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015767984.00000000056CD000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974880692.00000000056C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/vCp
      Source: Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: Micra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: Micra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: Micra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: Micra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: Micra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
      Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
      Source: unknownHTTPS traffic detected: 142.250.184.206:443 -> 192.168.2.4:50002 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.185.65:443 -> 192.168.2.4:50003 version: TLS 1.2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_00405194 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405194

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: C:\Users\user\Desktop\Micra.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A35C0 NtCreateMutant,LdrInitializeThunk,5_2_357A35C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_357A2DF0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_357A2C70
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A3010 NtOpenDirectoryObject,5_2_357A3010
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A3090 NtSetValueKey,5_2_357A3090
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A3D70 NtOpenThread,5_2_357A3D70
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A3D10 NtOpenProcessToken,5_2_357A3D10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A39B0 NtGetContextThread,5_2_357A39B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A4650 NtSuspendThread,5_2_357A4650
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A4340 NtSetContextThread,5_2_357A4340
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2D30 NtUnmapViewOfSection,5_2_357A2D30
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2D10 NtMapViewOfSection,5_2_357A2D10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2D00 NtSetInformationFile,5_2_357A2D00
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2DD0 NtDelayExecution,5_2_357A2DD0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2DB0 NtEnumerateKey,5_2_357A2DB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2C60 NtCreateKey,5_2_357A2C60
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2C00 NtQueryInformationProcess,5_2_357A2C00
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2CF0 NtOpenProcess,5_2_357A2CF0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2CC0 NtQueryVirtualMemory,5_2_357A2CC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2CA0 NtQueryInformationToken,5_2_357A2CA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2F60 NtCreateProcessEx,5_2_357A2F60
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2F30 NtCreateSection,5_2_357A2F30
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2FE0 NtCreateFile,5_2_357A2FE0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2FB0 NtResumeThread,5_2_357A2FB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2FA0 NtQuerySection,5_2_357A2FA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2F90 NtProtectVirtualMemory,5_2_357A2F90
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2E30 NtWriteVirtualMemory,5_2_357A2E30
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2EE0 NtQueueApcThread,5_2_357A2EE0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2EA0 NtAdjustPrivilegesToken,5_2_357A2EA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2E80 NtReadVirtualMemory,5_2_357A2E80
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2B60 NtClose,5_2_357A2B60
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2BF0 NtAllocateVirtualMemory,5_2_357A2BF0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2BE0 NtQueryValueKey,5_2_357A2BE0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2BA0 NtEnumerateValueKey,5_2_357A2BA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2B80 NtQueryInformationFile,5_2_357A2B80
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2AF0 NtWriteFile,5_2_357A2AF0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2AD0 NtReadFile,5_2_357A2AD0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A2AB0 NtWaitForSingleObject,5_2_357A2AB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004031BB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031BB
      Source: C:\Users\user\Desktop\Micra.exeFile created: C:\Windows\resources\nringsmiddelet.iniJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeFile created: C:\Windows\terzettersJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeFile created: C:\Windows\Fonts\karrooers.iniJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004049D30_2_004049D3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004065BB0_2_004065BB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031923120_2_03192312
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031913160_2_03191316
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191F230_2_03191F23
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031913250_2_03191325
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191F5D0_2_03191F5D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190F440_2_03190F44
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191B460_2_03191B46
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031913680_2_03191368
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319276E0_2_0319276E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190F640_2_03190F64
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319139C0_2_0319139C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191F950_2_03191F95
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191B940_2_03191B94
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031927970_2_03192797
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031923890_2_03192389
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031917820_2_03191782
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031923A80_2_031923A8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190FA10_2_03190FA1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190FD80_2_03190FD8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031917DD0_2_031917DD
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031923C20_2_031923C2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031913C20_2_031913C2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031927C60_2_031927C6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031917F90_2_031917F9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191FF90_2_03191FF9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031927FE0_2_031927FE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031913F30_2_031913F3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191BE30_2_03191BE3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031926130_2_03192613
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190E3B0_2_03190E3B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319123A0_2_0319123A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319022B0_2_0319022B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319222D0_2_0319222D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191E2E0_2_03191E2E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031912270_2_03191227
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191A530_2_03191A53
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03192A520_2_03192A52
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031926470_2_03192647
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031922780_2_03192278
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319127D0_2_0319127D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031916770_2_03191677
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03192A770_2_03192A77
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190E680_2_03190E68
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191E6A0_2_03191E6A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191A6C0_2_03191A6C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031922610_2_03192261
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031916970_2_03191697
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031926810_2_03192681
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191EB80_2_03191EB8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031912B10_2_031912B1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031922B00_2_031922B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190EB70_2_03190EB7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031926A80_2_031926A8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191AAE0_2_03191AAE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191ACD0_2_03191ACD
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03192AF90_2_03192AF9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031916FE0_2_031916FE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191EF70_2_03191EF7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031926E90_2_031926E9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031922E00_2_031922E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190EE40_2_03190EE4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319211F0_2_0319211F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031915110_2_03191511
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031919080_2_03191908
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319290D0_2_0319290D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031925330_2_03192533
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191D2F0_2_03191D2F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031911200_2_03191120
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191D5F0_2_03191D5F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031919500_2_03191950
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031911720_2_03191172
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031919770_2_03191977
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031929640_2_03192964
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191D9A0_2_03191D9A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031921910_2_03192191
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031929950_2_03192995
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031925970_2_03192597
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031915890_2_03191589
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031925B70_2_031925B7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031919B60_2_031919B6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190DDB0_2_03190DDB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031925DC0_2_031925DC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031929D70_2_031929D7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031921D70_2_031921D7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031929FC0_2_031929FC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190DFE0_2_03190DFE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03190DEF0_2_03190DEF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031919EE0_2_031919EE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031911E60_2_031911E6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319241F0_2_0319241F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031920110_2_03192011
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031910120_2_03191012
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031928380_2_03192838
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319103E0_2_0319103E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031914370_2_03191437
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319242F0_2_0319242F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031918270_2_03191827
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319245D0_2_0319245D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031920530_2_03192053
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031918540_2_03191854
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191C4E0_2_03191C4E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031920750_2_03192075
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031914770_2_03191477
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319106F0_2_0319106F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319009B0_2_0319009B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031928960_2_03192896
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191C8C0_2_03191C8C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031918870_2_03191887
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031920B80_2_031920B8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031924BB0_2_031924BB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031928D10_2_031928D1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031910CB0_2_031910CB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03191CCA0_2_03191CCA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031924FC0_2_031924FC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031920F00_2_031920F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580D5B05_2_3580D5B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358395C35_2_358395C3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358275715_2_35827571
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357614605_2_35761460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582F43F5_2_3582F43F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582F7B05_2_3582F7B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357617EC5_2_357617EC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357B56305_2_357B5630
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358216CC5_2_358216CC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A516C5_2_357A516C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577B1B05_2_3577B1B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583B16B5_2_3583B16B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F0CC5_2_3581F0CC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582F0E05_2_3582F0E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358270E95_2_358270E9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582132D5_2_3582132D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357B739A5_2_357B739A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578D2F05_2_3578D2F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C05_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578FDC05_2_3578FDC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35821D5A5_2_35821D5A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35827D735_2_35827D73
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582FCF25_2_3582FCF2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582FFB15_2_3582FFB1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582FF095_2_3582FF09
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F925_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357799505_2_35779950
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B9505_2_3578B950
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357759905_2_35775990
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD8005_2_357DD800
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357738E05_2_357738E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357ADBF95_2_357ADBF9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E5BF05_2_357E5BF0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582FB765_2_3582FB76
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E3A6C5_2_357E3A6C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35811AA35_2_35811AA3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580DAAC5_2_3580DAAC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581DAC65_2_3581DAC6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35827A465_2_35827A46
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582FA495_2_3582FA49
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357B5AA05_2_357B5AA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358305915_2_35830591
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357705355_2_35770535
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581E4F65_2_3581E4F6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358144205_2_35814420
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358224465_2_35822446
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357707705_2_35770770
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357947505_2_35794750
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578C6E05_2_3578C6E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358241A25_2_358241A2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358301AC5_2_358301AC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358281CC5_2_358281CC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357601005_2_35760100
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580A1185_2_3580A118
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358020005_2_35802000
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358303E65_2_358303E6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577E3F05_2_3577E3F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F02C05_2_357F02C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358102745_2_35810274
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580CD1F5_2_3580CD1F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35788DBF5_2_35788DBF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577EC605_2_3577EC60
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35810CB55_2_35810CB5
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35760CF25_2_35760CF2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35790F305_2_35790F30
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357B2F285_2_357B2F28
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577CFE05_2_3577CFE0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35812F305_2_35812F30
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35762FC85_2_35762FC8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EEFA05_2_357EEFA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582CE935_2_3582CE93
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582EE265_2_3582EE26
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35782E905_2_35782E90
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357869625_2_35786962
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583A9A65_2_3583A9A6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357729A05_2_357729A0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357728405_2_35772840
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577A8405_2_3577A840
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579E8F05_2_3579E8F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35826BD75_2_35826BD7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582AB405_2_3582AB40
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576EA805_2_3576EA80
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166211F5_2_0166211F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016621D75_2_016621D7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016621915_2_01662191
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016620755_2_01662075
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016620535_2_01662053
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016620115_2_01662011
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016620F05_2_016620F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016620B85_2_016620B8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166009B5_2_0166009B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016623125_2_01662312
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016623C25_2_016623C2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016623A85_2_016623A8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016623895_2_01662389
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016622615_2_01662261
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016622785_2_01662278
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166222D5_2_0166222D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166022B5_2_0166022B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016622E05_2_016622E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016622B05_2_016622B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016625335_2_01662533
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016625DC5_2_016625DC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016625B75_2_016625B7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016625975_2_01662597
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166245D5_2_0166245D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166242F5_2_0166242F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166241F5_2_0166241F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016624FC5_2_016624FC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016624BB5_2_016624BB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166276E5_2_0166276E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016627FE5_2_016627FE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016627C65_2_016627C6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016627975_2_01662797
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016626475_2_01662647
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016626135_2_01662613
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016626E95_2_016626E9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016626A85_2_016626A8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016626815_2_01662681
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016629645_2_01662964
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166290D5_2_0166290D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016629FC5_2_016629FC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016629D75_2_016629D7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016629955_2_01662995
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016628385_2_01662838
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016628D15_2_016628D1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016628965_2_01662896
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01662A775_2_01662A77
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01662A525_2_01662A52
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01662AF95_2_01662AF9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660DEF5_2_01660DEF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660DFE5_2_01660DFE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660DDB5_2_01660DDB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660F645_2_01660F64
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660F445_2_01660F44
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660FD85_2_01660FD8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660FA15_2_01660FA1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660E685_2_01660E68
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660E3B5_2_01660E3B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660EE45_2_01660EE4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01660EB75_2_01660EB7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016611725_2_01661172
      Source: C:\Users\user\Desktop\Micra.exeCode function: String function: 357DEA12 appears 66 times
      Source: C:\Users\user\Desktop\Micra.exeCode function: String function: 357B7E54 appears 96 times
      Source: C:\Users\user\Desktop\Micra.exeCode function: String function: 3575B970 appears 201 times
      Source: C:\Users\user\Desktop\Micra.exeCode function: String function: 357EF290 appears 84 times
      Source: Micra.exeStatic PE information: invalid certificate
      Source: Micra.exe, 00000005.00000002.4039419079.000000003585D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Micra.exe
      Source: Micra.exe, 00000005.00000003.3977470529.00000000356AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Micra.exe
      Source: Micra.exe, 00000005.00000003.3974687432.00000000354EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Micra.exe
      Source: Micra.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: classification engineClassification label: mal92.troj.evad.winEXE@3/12@2/2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004031BB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031BB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_00404460 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004020CB CoCreateInstance,MultiByteToWideChar,0_2_004020CB
      Source: C:\Users\user\Desktop\Micra.exeFile created: C:\Users\user\entomostracaJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeFile created: C:\Users\user\AppData\Local\Temp\nsi283C.tmpJump to behavior
      Source: Micra.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Micra.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Micra.exeReversingLabs: Detection: 16%
      Source: C:\Users\user\Desktop\Micra.exeFile read: C:\Users\user\Desktop\Micra.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Micra.exe "C:\Users\user\Desktop\Micra.exe"
      Source: C:\Users\user\Desktop\Micra.exeProcess created: C:\Users\user\Desktop\Micra.exe "C:\Users\user\Desktop\Micra.exe"
      Source: C:\Users\user\Desktop\Micra.exeProcess created: C:\Users\user\Desktop\Micra.exe "C:\Users\user\Desktop\Micra.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\Micra.exeFile written: C:\Windows\Resources\nringsmiddelet.iniJump to behavior
      Source: Micra.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: wntdll.pdbUGP source: Micra.exe, 00000005.00000002.4039419079.0000000035730000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4039419079.00000000358CE000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974687432.00000000353C7000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3977470529.000000003557D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: Micra.exe, Micra.exe, 00000005.00000002.4039419079.0000000035730000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4039419079.00000000358CE000.00000040.00001000.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974687432.00000000353C7000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3977470529.000000003557D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.3421465563.000000000336C000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03197367 push 2C85D16Ah; ret 0_2_03197375
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031933D0 push ds; ret 0_2_031933F2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031943ED push ebp; ret 0_2_0319440D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319460A push es; ret 0_2_03194615
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03195630 pushad ; ret 0_2_03195632
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03195241 push esp; retf 0_2_0319526E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319427E push ss; ret 0_2_03194296
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03193272 push ds; ret 0_2_0319327C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03195A87 push esi; retf 0_2_03195AD7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031962BD push ss; ret 0_2_031962BE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031936BE push ds; ret 0_2_031936E1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031962A0 push ebx; ret 0_2_031962AF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03195AC3 push esi; retf 0_2_03195AD7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03194111 push eax; ret 0_2_03194189
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03193122 push ds; ret 0_2_03193123
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319314D pushfd ; iretd 0_2_0319316B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319357E push ds; ret 0_2_0319357F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03193961 push es; retf 0_2_03193962
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_031935A8 pushfd ; iretd 0_2_031935C6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_0319343D pushfd ; iretd 0_2_03193451
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_03193845 push ds; ret 0_2_03193846
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35731368 push eax; iretd 5_2_35731369
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35731FEC push eax; iretd 5_2_35731FED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3573225F pushad ; ret 5_2_357327F9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35734219 pushad ; retn 000Dh5_2_35734275
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357609AD push ecx; mov dword ptr [esp], ecx5_2_357609B6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35732851 push eax; iretd 5_2_35732858
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_01664111 push eax; ret 5_2_01664189
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_016643ED push ebp; ret 5_2_0166440D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_0166427E push ss; ret 5_2_01664296
      Source: C:\Users\user\Desktop\Micra.exeFile created: C:\Users\user\AppData\Local\Temp\nsb308A.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Micra.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\Micra.exeAPI/Special instruction interceptor: Address: 3BCC2A3
      Source: C:\Users\user\Desktop\Micra.exeAPI/Special instruction interceptor: Address: 209C2A3
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\Micra.exeRDTSC instruction interceptor: First address: 3BA1470 second address: 3BA1470 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F733C51F5F6h 0x00000006 test ebx, eax 0x00000008 inc ebp 0x00000009 cmp ah, ch 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Micra.exeRDTSC instruction interceptor: First address: 2071470 second address: 2071470 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F733D299B56h 0x00000006 test ebx, eax 0x00000008 inc ebp 0x00000009 cmp ah, ch 0x0000000b inc ebx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD1C0 rdtsc 5_2_357DD1C0
      Source: C:\Users\user\Desktop\Micra.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb308A.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\Micra.exeAPI coverage: 0.2 %
      Source: C:\Users\user\Desktop\Micra.exe TID: 3960Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_00406232 FindFirstFileA,FindClose,0_2_00406232
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004056F7 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_004056F7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004026F8 FindFirstFileA,0_2_004026F8
      Source: Micra.exe, 00000005.00000002.4015685670.00000000056BA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975020010.00000000056BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Micra.exe, 00000005.00000002.4015685670.00000000056BA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975020010.00000000056BA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\Micra.exeAPI call chain: ExitProcess graph end nodegraph_0-34600
      Source: C:\Users\user\Desktop\Micra.exeAPI call chain: ExitProcess graph end nodegraph_0-34604
      Source: C:\Users\user\Desktop\Micra.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD1C0 rdtsc 5_2_357DD1C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_00402D48 GetTempPathA,GetTickCount,GetModuleFileNameA,LdrInitializeThunk,GetFileSize,GlobalAlloc,SetFilePointer,0_2_00402D48
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579B570 mov eax, dword ptr fs:[00000030h]5_2_3579B570
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579B570 mov eax, dword ptr fs:[00000030h]5_2_3579B570
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B562 mov eax, dword ptr fs:[00000030h]5_2_3575B562
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358335B6 mov eax, dword ptr fs:[00000030h]5_2_358335B6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F5BE mov eax, dword ptr fs:[00000030h]5_2_3581F5BE
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576D534 mov eax, dword ptr fs:[00000030h]5_2_3576D534
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576D534 mov eax, dword ptr fs:[00000030h]5_2_3576D534
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576D534 mov eax, dword ptr fs:[00000030h]5_2_3576D534
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576D534 mov eax, dword ptr fs:[00000030h]5_2_3576D534
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576D534 mov eax, dword ptr fs:[00000030h]5_2_3576D534
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576D534 mov eax, dword ptr fs:[00000030h]5_2_3576D534
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579D530 mov eax, dword ptr fs:[00000030h]5_2_3579D530
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579D530 mov eax, dword ptr fs:[00000030h]5_2_3579D530
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358355C9 mov eax, dword ptr fs:[00000030h]5_2_358355C9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358335D7 mov eax, dword ptr fs:[00000030h]5_2_358335D7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358335D7 mov eax, dword ptr fs:[00000030h]5_2_358335D7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358335D7 mov eax, dword ptr fs:[00000030h]5_2_358335D7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35797505 mov eax, dword ptr fs:[00000030h]5_2_35797505
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35797505 mov ecx, dword ptr fs:[00000030h]5_2_35797505
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815F4 mov eax, dword ptr fs:[00000030h]5_2_357815F4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815F4 mov eax, dword ptr fs:[00000030h]5_2_357815F4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815F4 mov eax, dword ptr fs:[00000030h]5_2_357815F4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815F4 mov eax, dword ptr fs:[00000030h]5_2_357815F4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815F4 mov eax, dword ptr fs:[00000030h]5_2_357815F4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815F4 mov eax, dword ptr fs:[00000030h]5_2_357815F4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357895DA mov eax, dword ptr fs:[00000030h]5_2_357895DA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD5D0 mov eax, dword ptr fs:[00000030h]5_2_357DD5D0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD5D0 mov ecx, dword ptr fs:[00000030h]5_2_357DD5D0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581B52F mov eax, dword ptr fs:[00000030h]5_2_3581B52F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835537 mov eax, dword ptr fs:[00000030h]5_2_35835537
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357955C0 mov eax, dword ptr fs:[00000030h]5_2_357955C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F35BA mov eax, dword ptr fs:[00000030h]5_2_357F35BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F35BA mov eax, dword ptr fs:[00000030h]5_2_357F35BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F35BA mov eax, dword ptr fs:[00000030h]5_2_357F35BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F35BA mov eax, dword ptr fs:[00000030h]5_2_357F35BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357FD5B0 mov eax, dword ptr fs:[00000030h]5_2_357FD5B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357FD5B0 mov eax, dword ptr fs:[00000030h]5_2_357FD5B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B550 mov eax, dword ptr fs:[00000030h]5_2_3580B550
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B550 mov eax, dword ptr fs:[00000030h]5_2_3580B550
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B550 mov eax, dword ptr fs:[00000030h]5_2_3580B550
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815A9 mov eax, dword ptr fs:[00000030h]5_2_357815A9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815A9 mov eax, dword ptr fs:[00000030h]5_2_357815A9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815A9 mov eax, dword ptr fs:[00000030h]5_2_357815A9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815A9 mov eax, dword ptr fs:[00000030h]5_2_357815A9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357815A9 mov eax, dword ptr fs:[00000030h]5_2_357815A9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575758F mov eax, dword ptr fs:[00000030h]5_2_3575758F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575758F mov eax, dword ptr fs:[00000030h]5_2_3575758F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575758F mov eax, dword ptr fs:[00000030h]5_2_3575758F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761460 mov eax, dword ptr fs:[00000030h]5_2_35761460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761460 mov eax, dword ptr fs:[00000030h]5_2_35761460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761460 mov eax, dword ptr fs:[00000030h]5_2_35761460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761460 mov eax, dword ptr fs:[00000030h]5_2_35761460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761460 mov eax, dword ptr fs:[00000030h]5_2_35761460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F460 mov eax, dword ptr fs:[00000030h]5_2_3577F460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F460 mov eax, dword ptr fs:[00000030h]5_2_3577F460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F460 mov eax, dword ptr fs:[00000030h]5_2_3577F460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F460 mov eax, dword ptr fs:[00000030h]5_2_3577F460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F460 mov eax, dword ptr fs:[00000030h]5_2_3577F460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F460 mov eax, dword ptr fs:[00000030h]5_2_3577F460
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358074B0 mov eax, dword ptr fs:[00000030h]5_2_358074B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B440 mov eax, dword ptr fs:[00000030h]5_2_3576B440
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B440 mov eax, dword ptr fs:[00000030h]5_2_3576B440
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B440 mov eax, dword ptr fs:[00000030h]5_2_3576B440
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B440 mov eax, dword ptr fs:[00000030h]5_2_3576B440
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B440 mov eax, dword ptr fs:[00000030h]5_2_3576B440
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B440 mov eax, dword ptr fs:[00000030h]5_2_3576B440
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358354DB mov eax, dword ptr fs:[00000030h]5_2_358354DB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E7410 mov eax, dword ptr fs:[00000030h]5_2_357E7410
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578340D mov eax, dword ptr fs:[00000030h]5_2_3578340D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357574B0 mov eax, dword ptr fs:[00000030h]5_2_357574B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357574B0 mov eax, dword ptr fs:[00000030h]5_2_357574B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357934B0 mov eax, dword ptr fs:[00000030h]5_2_357934B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B450 mov eax, dword ptr fs:[00000030h]5_2_3580B450
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B450 mov eax, dword ptr fs:[00000030h]5_2_3580B450
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B450 mov eax, dword ptr fs:[00000030h]5_2_3580B450
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B450 mov eax, dword ptr fs:[00000030h]5_2_3580B450
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F453 mov eax, dword ptr fs:[00000030h]5_2_3581F453
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35769486 mov eax, dword ptr fs:[00000030h]5_2_35769486
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35769486 mov eax, dword ptr fs:[00000030h]5_2_35769486
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B480 mov eax, dword ptr fs:[00000030h]5_2_3575B480
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583547F mov eax, dword ptr fs:[00000030h]5_2_3583547F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F78A mov eax, dword ptr fs:[00000030h]5_2_3581F78A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B765 mov eax, dword ptr fs:[00000030h]5_2_3575B765
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B765 mov eax, dword ptr fs:[00000030h]5_2_3575B765
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B765 mov eax, dword ptr fs:[00000030h]5_2_3575B765
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B765 mov eax, dword ptr fs:[00000030h]5_2_3575B765
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581D7B0 mov eax, dword ptr fs:[00000030h]5_2_3581D7B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581D7B0 mov eax, dword ptr fs:[00000030h]5_2_3581D7B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358337B6 mov eax, dword ptr fs:[00000030h]5_2_358337B6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35773740 mov eax, dword ptr fs:[00000030h]5_2_35773740
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35773740 mov eax, dword ptr fs:[00000030h]5_2_35773740
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35773740 mov eax, dword ptr fs:[00000030h]5_2_35773740
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759730 mov eax, dword ptr fs:[00000030h]5_2_35759730
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759730 mov eax, dword ptr fs:[00000030h]5_2_35759730
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35795734 mov eax, dword ptr fs:[00000030h]5_2_35795734
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763720 mov eax, dword ptr fs:[00000030h]5_2_35763720
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F720 mov eax, dword ptr fs:[00000030h]5_2_3577F720
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F720 mov eax, dword ptr fs:[00000030h]5_2_3577F720
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577F720 mov eax, dword ptr fs:[00000030h]5_2_3577F720
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579F71F mov eax, dword ptr fs:[00000030h]5_2_3579F71F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579F71F mov eax, dword ptr fs:[00000030h]5_2_3579F71F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35765702 mov eax, dword ptr fs:[00000030h]5_2_35765702
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35765702 mov eax, dword ptr fs:[00000030h]5_2_35765702
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35767703 mov eax, dword ptr fs:[00000030h]5_2_35767703
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576D7E0 mov ecx, dword ptr fs:[00000030h]5_2_3576D7E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357617EC mov eax, dword ptr fs:[00000030h]5_2_357617EC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357617EC mov eax, dword ptr fs:[00000030h]5_2_357617EC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357617EC mov eax, dword ptr fs:[00000030h]5_2_357617EC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F72E mov eax, dword ptr fs:[00000030h]5_2_3581F72E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357657C0 mov eax, dword ptr fs:[00000030h]5_2_357657C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357657C0 mov eax, dword ptr fs:[00000030h]5_2_357657C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357657C0 mov eax, dword ptr fs:[00000030h]5_2_357657C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583B73C mov eax, dword ptr fs:[00000030h]5_2_3583B73C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583B73C mov eax, dword ptr fs:[00000030h]5_2_3583B73C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583B73C mov eax, dword ptr fs:[00000030h]5_2_3583B73C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583B73C mov eax, dword ptr fs:[00000030h]5_2_3583B73C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578D7B0 mov eax, dword ptr fs:[00000030h]5_2_3578D7B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35833749 mov eax, dword ptr fs:[00000030h]5_2_35833749
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575F7BA mov eax, dword ptr fs:[00000030h]5_2_3575F7BA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EF7AF mov eax, dword ptr fs:[00000030h]5_2_357EF7AF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EF7AF mov eax, dword ptr fs:[00000030h]5_2_357EF7AF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EF7AF mov eax, dword ptr fs:[00000030h]5_2_357EF7AF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EF7AF mov eax, dword ptr fs:[00000030h]5_2_357EF7AF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EF7AF mov eax, dword ptr fs:[00000030h]5_2_357EF7AF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E97A9 mov eax, dword ptr fs:[00000030h]5_2_357E97A9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580375F mov eax, dword ptr fs:[00000030h]5_2_3580375F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580375F mov eax, dword ptr fs:[00000030h]5_2_3580375F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580375F mov eax, dword ptr fs:[00000030h]5_2_3580375F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580375F mov eax, dword ptr fs:[00000030h]5_2_3580375F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580375F mov eax, dword ptr fs:[00000030h]5_2_3580375F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35799660 mov eax, dword ptr fs:[00000030h]5_2_35799660
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35799660 mov eax, dword ptr fs:[00000030h]5_2_35799660
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357FD660 mov eax, dword ptr fs:[00000030h]5_2_357FD660
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F6C7 mov eax, dword ptr fs:[00000030h]5_2_3581F6C7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358216CC mov eax, dword ptr fs:[00000030h]5_2_358216CC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358216CC mov eax, dword ptr fs:[00000030h]5_2_358216CC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358216CC mov eax, dword ptr fs:[00000030h]5_2_358216CC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358216CC mov eax, dword ptr fs:[00000030h]5_2_358216CC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763616 mov eax, dword ptr fs:[00000030h]5_2_35763616
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763616 mov eax, dword ptr fs:[00000030h]5_2_35763616
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581D6F0 mov eax, dword ptr fs:[00000030h]5_2_3581D6F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579F603 mov eax, dword ptr fs:[00000030h]5_2_3579F603
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35791607 mov eax, dword ptr fs:[00000030h]5_2_35791607
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578D6E0 mov eax, dword ptr fs:[00000030h]5_2_3578D6E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578D6E0 mov eax, dword ptr fs:[00000030h]5_2_3578D6E0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835636 mov eax, dword ptr fs:[00000030h]5_2_35835636
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357916CF mov eax, dword ptr fs:[00000030h]5_2_357916CF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B6C0 mov eax, dword ptr fs:[00000030h]5_2_3576B6C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B6C0 mov eax, dword ptr fs:[00000030h]5_2_3576B6C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B6C0 mov eax, dword ptr fs:[00000030h]5_2_3576B6C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B6C0 mov eax, dword ptr fs:[00000030h]5_2_3576B6C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B6C0 mov eax, dword ptr fs:[00000030h]5_2_3576B6C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576B6C0 mov eax, dword ptr fs:[00000030h]5_2_3576B6C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357576B2 mov eax, dword ptr fs:[00000030h]5_2_357576B2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357576B2 mov eax, dword ptr fs:[00000030h]5_2_357576B2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357576B2 mov eax, dword ptr fs:[00000030h]5_2_357576B2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575D6AA mov eax, dword ptr fs:[00000030h]5_2_3575D6AA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575D6AA mov eax, dword ptr fs:[00000030h]5_2_3575D6AA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35815180 mov eax, dword ptr fs:[00000030h]5_2_35815180
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35815180 mov eax, dword ptr fs:[00000030h]5_2_35815180
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F9179 mov eax, dword ptr fs:[00000030h]5_2_357F9179
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35767152 mov eax, dword ptr fs:[00000030h]5_2_35767152
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358111A4 mov eax, dword ptr fs:[00000030h]5_2_358111A4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358111A4 mov eax, dword ptr fs:[00000030h]5_2_358111A4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358111A4 mov eax, dword ptr fs:[00000030h]5_2_358111A4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358111A4 mov eax, dword ptr fs:[00000030h]5_2_358111A4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759148 mov eax, dword ptr fs:[00000030h]5_2_35759148
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759148 mov eax, dword ptr fs:[00000030h]5_2_35759148
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759148 mov eax, dword ptr fs:[00000030h]5_2_35759148
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759148 mov eax, dword ptr fs:[00000030h]5_2_35759148
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F3140 mov eax, dword ptr fs:[00000030h]5_2_357F3140
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F3140 mov eax, dword ptr fs:[00000030h]5_2_357F3140
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F3140 mov eax, dword ptr fs:[00000030h]5_2_357F3140
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B136 mov eax, dword ptr fs:[00000030h]5_2_3575B136
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B136 mov eax, dword ptr fs:[00000030h]5_2_3575B136
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B136 mov eax, dword ptr fs:[00000030h]5_2_3575B136
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B136 mov eax, dword ptr fs:[00000030h]5_2_3575B136
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358351CB mov eax, dword ptr fs:[00000030h]5_2_358351CB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358331E1 mov eax, dword ptr fs:[00000030h]5_2_358331E1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358071F9 mov esi, dword ptr fs:[00000030h]5_2_358071F9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357851EF mov eax, dword ptr fs:[00000030h]5_2_357851EF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357651ED mov eax, dword ptr fs:[00000030h]5_2_357651ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35837120 mov eax, dword ptr fs:[00000030h]5_2_35837120
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579D1D0 mov eax, dword ptr fs:[00000030h]5_2_3579D1D0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579D1D0 mov ecx, dword ptr fs:[00000030h]5_2_3579D1D0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577B1B0 mov eax, dword ptr fs:[00000030h]5_2_3577B1B0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835152 mov eax, dword ptr fs:[00000030h]5_2_35835152
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357B7190 mov eax, dword ptr fs:[00000030h]5_2_357B7190
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD070 mov ecx, dword ptr fs:[00000030h]5_2_357DD070
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E106E mov eax, dword ptr fs:[00000030h]5_2_357E106E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B052 mov eax, dword ptr fs:[00000030h]5_2_3578B052
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358350D9 mov eax, dword ptr fs:[00000030h]5_2_358350D9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357850E4 mov eax, dword ptr fs:[00000030h]5_2_357850E4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357850E4 mov ecx, dword ptr fs:[00000030h]5_2_357850E4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357890DB mov eax, dword ptr fs:[00000030h]5_2_357890DB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582903E mov eax, dword ptr fs:[00000030h]5_2_3582903E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582903E mov eax, dword ptr fs:[00000030h]5_2_3582903E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582903E mov eax, dword ptr fs:[00000030h]5_2_3582903E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582903E mov eax, dword ptr fs:[00000030h]5_2_3582903E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD0C0 mov eax, dword ptr fs:[00000030h]5_2_357DD0C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DD0C0 mov eax, dword ptr fs:[00000030h]5_2_357DD0C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35765096 mov eax, dword ptr fs:[00000030h]5_2_35765096
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835060 mov eax, dword ptr fs:[00000030h]5_2_35835060
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579909C mov eax, dword ptr fs:[00000030h]5_2_3579909C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578D090 mov eax, dword ptr fs:[00000030h]5_2_3578D090
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578D090 mov eax, dword ptr fs:[00000030h]5_2_3578D090
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357ED080 mov eax, dword ptr fs:[00000030h]5_2_357ED080
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357ED080 mov eax, dword ptr fs:[00000030h]5_2_357ED080
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35767370 mov eax, dword ptr fs:[00000030h]5_2_35767370
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35767370 mov eax, dword ptr fs:[00000030h]5_2_35767370
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35767370 mov eax, dword ptr fs:[00000030h]5_2_35767370
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583539D mov eax, dword ptr fs:[00000030h]5_2_3583539D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759353 mov eax, dword ptr fs:[00000030h]5_2_35759353
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759353 mov eax, dword ptr fs:[00000030h]5_2_35759353
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358013B9 mov eax, dword ptr fs:[00000030h]5_2_358013B9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358013B9 mov eax, dword ptr fs:[00000030h]5_2_358013B9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358013B9 mov eax, dword ptr fs:[00000030h]5_2_358013B9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35757330 mov eax, dword ptr fs:[00000030h]5_2_35757330
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581B3D0 mov ecx, dword ptr fs:[00000030h]5_2_3581B3D0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578F32A mov eax, dword ptr fs:[00000030h]5_2_3578F32A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F3E6 mov eax, dword ptr fs:[00000030h]5_2_3581F3E6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E930B mov eax, dword ptr fs:[00000030h]5_2_357E930B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E930B mov eax, dword ptr fs:[00000030h]5_2_357E930B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E930B mov eax, dword ptr fs:[00000030h]5_2_357E930B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358353FC mov eax, dword ptr fs:[00000030h]5_2_358353FC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582132D mov eax, dword ptr fs:[00000030h]5_2_3582132D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582132D mov eax, dword ptr fs:[00000030h]5_2_3582132D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835341 mov eax, dword ptr fs:[00000030h]5_2_35835341
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357933A0 mov eax, dword ptr fs:[00000030h]5_2_357933A0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357933A0 mov eax, dword ptr fs:[00000030h]5_2_357933A0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357833A5 mov eax, dword ptr fs:[00000030h]5_2_357833A5
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357B739A mov eax, dword ptr fs:[00000030h]5_2_357B739A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357B739A mov eax, dword ptr fs:[00000030h]5_2_357B739A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F367 mov eax, dword ptr fs:[00000030h]5_2_3581F367
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35803370 mov eax, dword ptr fs:[00000030h]5_2_35803370
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835283 mov eax, dword ptr fs:[00000030h]5_2_35835283
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A1270 mov eax, dword ptr fs:[00000030h]5_2_357A1270
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A1270 mov eax, dword ptr fs:[00000030h]5_2_357A1270
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35789274 mov eax, dword ptr fs:[00000030h]5_2_35789274
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579724D mov eax, dword ptr fs:[00000030h]5_2_3579724D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759240 mov eax, dword ptr fs:[00000030h]5_2_35759240
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759240 mov eax, dword ptr fs:[00000030h]5_2_35759240
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358352E2 mov eax, dword ptr fs:[00000030h]5_2_358352E2
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_358112ED mov eax, dword ptr fs:[00000030h]5_2_358112ED
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B2F0 mov eax, dword ptr fs:[00000030h]5_2_3580B2F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580B2F0 mov eax, dword ptr fs:[00000030h]5_2_3580B2F0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35797208 mov eax, dword ptr fs:[00000030h]5_2_35797208
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35797208 mov eax, dword ptr fs:[00000030h]5_2_35797208
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581F2F8 mov eax, dword ptr fs:[00000030h]5_2_3581F2F8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357592FF mov eax, dword ptr fs:[00000030h]5_2_357592FF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835227 mov eax, dword ptr fs:[00000030h]5_2_35835227
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B2D3 mov eax, dword ptr fs:[00000030h]5_2_3575B2D3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B2D3 mov eax, dword ptr fs:[00000030h]5_2_3575B2D3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575B2D3 mov eax, dword ptr fs:[00000030h]5_2_3575B2D3
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578F2D0 mov eax, dword ptr fs:[00000030h]5_2_3578F2D0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578F2D0 mov eax, dword ptr fs:[00000030h]5_2_3578F2D0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357692C5 mov eax, dword ptr fs:[00000030h]5_2_357692C5
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357692C5 mov eax, dword ptr fs:[00000030h]5_2_357692C5
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C0 mov eax, dword ptr fs:[00000030h]5_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C0 mov eax, dword ptr fs:[00000030h]5_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C0 mov eax, dword ptr fs:[00000030h]5_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C0 mov eax, dword ptr fs:[00000030h]5_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C0 mov eax, dword ptr fs:[00000030h]5_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C0 mov eax, dword ptr fs:[00000030h]5_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578B2C0 mov eax, dword ptr fs:[00000030h]5_2_3578B2C0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E92BC mov eax, dword ptr fs:[00000030h]5_2_357E92BC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E92BC mov eax, dword ptr fs:[00000030h]5_2_357E92BC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E92BC mov ecx, dword ptr fs:[00000030h]5_2_357E92BC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E92BC mov ecx, dword ptr fs:[00000030h]5_2_357E92BC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581B256 mov eax, dword ptr fs:[00000030h]5_2_3581B256
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581B256 mov eax, dword ptr fs:[00000030h]5_2_3581B256
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F72A0 mov eax, dword ptr fs:[00000030h]5_2_357F72A0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F72A0 mov eax, dword ptr fs:[00000030h]5_2_357F72A0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579329E mov eax, dword ptr fs:[00000030h]5_2_3579329E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579329E mov eax, dword ptr fs:[00000030h]5_2_3579329E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35767D75 mov eax, dword ptr fs:[00000030h]5_2_35767D75
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35767D75 mov eax, dword ptr fs:[00000030h]5_2_35767D75
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35757D41 mov eax, dword ptr fs:[00000030h]5_2_35757D41
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BD4E mov eax, dword ptr fs:[00000030h]5_2_3579BD4E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BD4E mov eax, dword ptr fs:[00000030h]5_2_3579BD4E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EDD47 mov eax, dword ptr fs:[00000030h]5_2_357EDD47
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582DDC6 mov eax, dword ptr fs:[00000030h]5_2_3582DDC6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581DDC7 mov eax, dword ptr fs:[00000030h]5_2_3581DDC7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EFD2A mov eax, dword ptr fs:[00000030h]5_2_357EFD2A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EFD2A mov eax, dword ptr fs:[00000030h]5_2_357EFD2A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35773D20 mov eax, dword ptr fs:[00000030h]5_2_35773D20
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35773D00 mov eax, dword ptr fs:[00000030h]5_2_35773D00
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763DD0 mov eax, dword ptr fs:[00000030h]5_2_35763DD0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763DD0 mov eax, dword ptr fs:[00000030h]5_2_35763DD0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EDDC0 mov eax, dword ptr fs:[00000030h]5_2_357EDDC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577DDB1 mov eax, dword ptr fs:[00000030h]5_2_3577DDB1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577DDB1 mov eax, dword ptr fs:[00000030h]5_2_3577DDB1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3577DDB1 mov eax, dword ptr fs:[00000030h]5_2_3577DDB1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EDDB1 mov eax, dword ptr fs:[00000030h]5_2_357EDDB1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835D50 mov eax, dword ptr fs:[00000030h]5_2_35835D50
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835D50 mov eax, dword ptr fs:[00000030h]5_2_35835D50
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35799DAF mov eax, dword ptr fs:[00000030h]5_2_35799DAF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35821D5A mov eax, dword ptr fs:[00000030h]5_2_35821D5A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35821D5A mov eax, dword ptr fs:[00000030h]5_2_35821D5A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35821D5A mov eax, dword ptr fs:[00000030h]5_2_35821D5A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35821D5A mov eax, dword ptr fs:[00000030h]5_2_35821D5A
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F5DA0 mov eax, dword ptr fs:[00000030h]5_2_357F5DA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F5DA0 mov eax, dword ptr fs:[00000030h]5_2_357F5DA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F5DA0 mov eax, dword ptr fs:[00000030h]5_2_357F5DA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357F5DA0 mov ecx, dword ptr fs:[00000030h]5_2_357F5DA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759D96 mov eax, dword ptr fs:[00000030h]5_2_35759D96
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759D96 mov eax, dword ptr fs:[00000030h]5_2_35759D96
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35759D96 mov ecx, dword ptr fs:[00000030h]5_2_35759D96
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35819D70 mov eax, dword ptr fs:[00000030h]5_2_35819D70
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35819D70 mov eax, dword ptr fs:[00000030h]5_2_35819D70
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575FD80 mov eax, dword ptr fs:[00000030h]5_2_3575FD80
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35791C7C mov eax, dword ptr fs:[00000030h]5_2_35791C7C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771C60 mov eax, dword ptr fs:[00000030h]5_2_35771C60
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FCAB mov eax, dword ptr fs:[00000030h]5_2_3581FCAB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35757C40 mov eax, dword ptr fs:[00000030h]5_2_35757C40
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35757C40 mov ecx, dword ptr fs:[00000030h]5_2_35757C40
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35757C40 mov eax, dword ptr fs:[00000030h]5_2_35757C40
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35757C40 mov eax, dword ptr fs:[00000030h]5_2_35757C40
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580FCDF mov eax, dword ptr fs:[00000030h]5_2_3580FCDF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580FCDF mov eax, dword ptr fs:[00000030h]5_2_3580FCDF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580FCDF mov eax, dword ptr fs:[00000030h]5_2_3580FCDF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EBC10 mov eax, dword ptr fs:[00000030h]5_2_357EBC10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EBC10 mov eax, dword ptr fs:[00000030h]5_2_357EBC10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EBC10 mov ecx, dword ptr fs:[00000030h]5_2_357EBC10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35801CF9 mov eax, dword ptr fs:[00000030h]5_2_35801CF9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35801CF9 mov eax, dword ptr fs:[00000030h]5_2_35801CF9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35801CF9 mov eax, dword ptr fs:[00000030h]5_2_35801CF9
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583BC01 mov eax, dword ptr fs:[00000030h]5_2_3583BC01
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3583BC01 mov eax, dword ptr fs:[00000030h]5_2_3583BC01
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582DC27 mov eax, dword ptr fs:[00000030h]5_2_3582DC27
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582DC27 mov eax, dword ptr fs:[00000030h]5_2_3582DC27
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582DC27 mov eax, dword ptr fs:[00000030h]5_2_3582DC27
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E3CDB mov eax, dword ptr fs:[00000030h]5_2_357E3CDB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E3CDB mov eax, dword ptr fs:[00000030h]5_2_357E3CDB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E3CDB mov eax, dword ptr fs:[00000030h]5_2_357E3CDB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771CC7 mov eax, dword ptr fs:[00000030h]5_2_35771CC7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771CC7 mov eax, dword ptr fs:[00000030h]5_2_35771CC7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35795CC0 mov eax, dword ptr fs:[00000030h]5_2_35795CC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35795CC0 mov eax, dword ptr fs:[00000030h]5_2_35795CC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35831C3C mov eax, dword ptr fs:[00000030h]5_2_35831C3C
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581FC4F mov eax, dword ptr fs:[00000030h]5_2_3581FC4F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575DCA0 mov eax, dword ptr fs:[00000030h]5_2_3575DCA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BCA0 mov eax, dword ptr fs:[00000030h]5_2_3579BCA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BCA0 mov eax, dword ptr fs:[00000030h]5_2_3579BCA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BCA0 mov ecx, dword ptr fs:[00000030h]5_2_3579BCA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BCA0 mov eax, dword ptr fs:[00000030h]5_2_3579BCA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763C84 mov eax, dword ptr fs:[00000030h]5_2_35763C84
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763C84 mov eax, dword ptr fs:[00000030h]5_2_35763C84
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763C84 mov eax, dword ptr fs:[00000030h]5_2_35763C84
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763C84 mov eax, dword ptr fs:[00000030h]5_2_35763C84
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35803F90 mov eax, dword ptr fs:[00000030h]5_2_35803F90
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35803F90 mov eax, dword ptr fs:[00000030h]5_2_35803F90
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578BF60 mov eax, dword ptr fs:[00000030h]5_2_3578BF60
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761F50 mov eax, dword ptr fs:[00000030h]5_2_35761F50
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35797F51 mov eax, dword ptr fs:[00000030h]5_2_35797F51
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357DFF42 mov eax, dword ptr fs:[00000030h]5_2_357DFF42
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581BFC0 mov ecx, dword ptr fs:[00000030h]5_2_3581BFC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581BFC0 mov eax, dword ptr fs:[00000030h]5_2_3581BFC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35833FC0 mov eax, dword ptr fs:[00000030h]5_2_35833FC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E1F13 mov eax, dword ptr fs:[00000030h]5_2_357E1F13
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EDF10 mov eax, dword ptr fs:[00000030h]5_2_357EDF10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BFEC mov eax, dword ptr fs:[00000030h]5_2_3579BFEC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BFEC mov eax, dword ptr fs:[00000030h]5_2_3579BFEC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BFEC mov eax, dword ptr fs:[00000030h]5_2_3579BFEC
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575BFD0 mov eax, dword ptr fs:[00000030h]5_2_3575BFD0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E3FD7 mov eax, dword ptr fs:[00000030h]5_2_357E3FD7
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581DF2F mov eax, dword ptr fs:[00000030h]5_2_3581DF2F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35791FCD mov eax, dword ptr fs:[00000030h]5_2_35791FCD
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35791FCD mov eax, dword ptr fs:[00000030h]5_2_35791FCD
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35791FCD mov eax, dword ptr fs:[00000030h]5_2_35791FCD
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763FC0 mov eax, dword ptr fs:[00000030h]5_2_35763FC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35807F3E mov eax, dword ptr fs:[00000030h]5_2_35807F3E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357A1FB8 mov eax, dword ptr fs:[00000030h]5_2_357A1FB8
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BFB0 mov eax, dword ptr fs:[00000030h]5_2_3579BFB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov eax, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov eax, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov eax, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov ecx, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35771F92 mov eax, dword ptr fs:[00000030h]5_2_35771F92
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575FF90 mov edi, dword ptr fs:[00000030h]5_2_3575FF90
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575BE78 mov ecx, dword ptr fs:[00000030h]5_2_3575BE78
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BE51 mov eax, dword ptr fs:[00000030h]5_2_3579BE51
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BE51 mov eax, dword ptr fs:[00000030h]5_2_3579BE51
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580DEB0 mov eax, dword ptr fs:[00000030h]5_2_3580DEB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580DEB0 mov ecx, dword ptr fs:[00000030h]5_2_3580DEB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580DEB0 mov eax, dword ptr fs:[00000030h]5_2_3580DEB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580DEB0 mov eax, dword ptr fs:[00000030h]5_2_3580DEB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3580DEB0 mov eax, dword ptr fs:[00000030h]5_2_3580DEB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581DEB0 mov eax, dword ptr fs:[00000030h]5_2_3581DEB0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35775E40 mov eax, dword ptr fs:[00000030h]5_2_35775E40
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761E30 mov eax, dword ptr fs:[00000030h]5_2_35761E30
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35761E30 mov eax, dword ptr fs:[00000030h]5_2_35761E30
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35819EDF mov eax, dword ptr fs:[00000030h]5_2_35819EDF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35819EDF mov eax, dword ptr fs:[00000030h]5_2_35819EDF
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582BEE6 mov eax, dword ptr fs:[00000030h]5_2_3582BEE6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582BEE6 mov eax, dword ptr fs:[00000030h]5_2_3582BEE6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582BEE6 mov eax, dword ptr fs:[00000030h]5_2_3582BEE6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3582BEE6 mov eax, dword ptr fs:[00000030h]5_2_3582BEE6
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575DE10 mov eax, dword ptr fs:[00000030h]5_2_3575DE10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579BE17 mov eax, dword ptr fs:[00000030h]5_2_3579BE17
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763EF4 mov eax, dword ptr fs:[00000030h]5_2_35763EF4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763EF4 mov eax, dword ptr fs:[00000030h]5_2_35763EF4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763EF4 mov eax, dword ptr fs:[00000030h]5_2_35763EF4
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35793EEB mov ecx, dword ptr fs:[00000030h]5_2_35793EEB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35793EEB mov eax, dword ptr fs:[00000030h]5_2_35793EEB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35793EEB mov eax, dword ptr fs:[00000030h]5_2_35793EEB
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35833E10 mov eax, dword ptr fs:[00000030h]5_2_35833E10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35833E10 mov eax, dword ptr fs:[00000030h]5_2_35833E10
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35763EE1 mov eax, dword ptr fs:[00000030h]5_2_35763EE1
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835E37 mov eax, dword ptr fs:[00000030h]5_2_35835E37
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835E37 mov eax, dword ptr fs:[00000030h]5_2_35835E37
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35835E37 mov eax, dword ptr fs:[00000030h]5_2_35835E37
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575BEC0 mov eax, dword ptr fs:[00000030h]5_2_3575BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575BEC0 mov eax, dword ptr fs:[00000030h]5_2_3575BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3576BEC0 mov eax, dword ptr fs:[00000030h]5_2_3576BEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578FEC0 mov eax, dword ptr fs:[00000030h]5_2_3578FEC0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EFEC5 mov eax, dword ptr fs:[00000030h]5_2_357EFEC5
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581DE46 mov eax, dword ptr fs:[00000030h]5_2_3581DE46
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575DEA5 mov eax, dword ptr fs:[00000030h]5_2_3575DEA5
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575DEA5 mov ecx, dword ptr fs:[00000030h]5_2_3575DEA5
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EDEAA mov eax, dword ptr fs:[00000030h]5_2_357EDEAA
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3575FEA0 mov eax, dword ptr fs:[00000030h]5_2_3575FEA0
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35809E56 mov ecx, dword ptr fs:[00000030h]5_2_35809E56
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EDE9B mov eax, dword ptr fs:[00000030h]5_2_357EDE9B
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35793E8F mov eax, dword ptr fs:[00000030h]5_2_35793E8F
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3578D978 mov eax, dword ptr fs:[00000030h]5_2_3578D978
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579B970 mov eax, dword ptr fs:[00000030h]5_2_3579B970
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579B970 mov eax, dword ptr fs:[00000030h]5_2_3579B970
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579B970 mov eax, dword ptr fs:[00000030h]5_2_3579B970
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581598D mov eax, dword ptr fs:[00000030h]5_2_3581598D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581598D mov eax, dword ptr fs:[00000030h]5_2_3581598D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3581598D mov eax, dword ptr fs:[00000030h]5_2_3581598D
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35757967 mov eax, dword ptr fs:[00000030h]5_2_35757967
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579196E mov eax, dword ptr fs:[00000030h]5_2_3579196E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_3579196E mov eax, dword ptr fs:[00000030h]5_2_3579196E
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35787962 mov eax, dword ptr fs:[00000030h]5_2_35787962
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357E5960 mov eax, dword ptr fs:[00000030h]5_2_357E5960
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35779950 mov eax, dword ptr fs:[00000030h]5_2_35779950
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_35779950 mov eax, dword ptr fs:[00000030h]5_2_35779950
      Source: C:\Users\user\Desktop\Micra.exeCode function: 5_2_357EB953 mov eax, dword ptr fs:[00000030h]5_2_357EB953
      Source: C:\Users\user\Desktop\Micra.exeProcess created: C:\Users\user\Desktop\Micra.exe "C:\Users\user\Desktop\Micra.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Micra.exeCode function: 0_2_004031BB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031BB

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		11
      Masquerading      		OS Credential Dumping221
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		2
      Virtualization/Sandbox Evasion      		LSASS Memory2
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		1
      Access Token Manipulation      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
      Process Injection      		NTDS3
      File and Directory Discovery      		Distributed Component Object ModelInput Capture13
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets23
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Micra.exe16%ReversingLabsWin32.Trojan.InjectorX
      Micra.exe100%AviraHEUR/AGEN.1361137

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsb308A.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://nsis.sf.net/NSIS_Error0%URL Reputationsafe
      https://apis.google.com0%URL Reputationsafe
      http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		142.250.184.206
      		truefalse
        		unknown
        drive.usercontent.google.com
        		142.250.185.65
        		truefalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdMicra.exe, 00000005.00000001.3420489258.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
            		unknown
            https://www.google.comMicra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              http://www.ftp.ftp://ftp.gopher.Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                		unknown
                https://drive.usercontent.google.com/Micra.exe, 00000005.00000003.3530333738.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974977352.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975134687.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975222724.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015767984.00000000056CD000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974880692.00000000056C8000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdMicra.exe, 00000005.00000001.3420489258.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                    		unknown
                    http://nsis.sf.net/NSIS_ErrorMicra.exefalse
                    • URL Reputation: safe
                    		unknown
                    https://apis.google.comMicra.exe, 00000005.00000003.3486956573.00000000056CE000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3486883007.00000000056CE000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://nsis.sf.net/NSIS_ErrorErrorMicra.exefalse
                    • URL Reputation: safe
                    		unknown
                    https://drive.google.com/Micra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://drive.google.com/sMicra.exe, 00000005.00000002.4015639022.000000000567D000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975329371.000000000567C000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975075122.000000000567C000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://drive.usercontent.google.com/vCpMicra.exe, 00000005.00000003.3530333738.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974977352.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975134687.00000000056C8000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3975222724.00000000056CA000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000002.4015767984.00000000056CD000.00000004.00000020.00020000.00000000.sdmp, Micra.exe, 00000005.00000003.3974880692.00000000056C8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Micra.exe, 00000005.00000001.3420489258.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            142.250.184.206
                            		drive.google.comUnited States
                            		15169GOOGLEUSfalse
                            142.250.185.65
                            		drive.usercontent.google.comUnited States
                            		15169GOOGLEUSfalse

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1545328
                            Start date and time:2024-10-30 12:39:05 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 9m 27s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:6
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:Micra.exe
                            Detection:MAL
                            Classification:mal92.troj.evad.winEXE@3/12@2/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 84%
                            • Number of executed functions: 53
                            • Number of non-executed functions: 63
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240s for sample files taking high CPU consumption

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: Micra.exe

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            07:43:48API Interceptor3x Sleep call for process: Micra.exe modified

                            Joe Sandbox View / Context

                            IPs

                            No context

                            Domains

                            No context

                            ASNs

                            No context

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            37f463bf4616ecd445d4a1937da06e19Viridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            Scan_20241030.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            • 142.250.184.206
                            • 142.250.185.65
                            Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                            • 142.250.184.206
                            • 142.250.185.65

                            Dropped Files

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            C:\Users\user\AppData\Local\Temp\nsb308A.tmp\System.dllViridine84.exeGet hashmaliciousFormBook, GuLoaderBrowse
                              Viridine84.exeGet hashmaliciousGuLoaderBrowse
                                rTransferenciarealizada451236.exeGet hashmaliciousGuLoaderBrowse
                                  BOQ-_AE200033.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                    BOQ-_AE200033.exeGet hashmaliciousGuLoaderBrowse
                                      onKJBaINbE.exeGet hashmaliciousGuLoaderBrowse
                                        onKJBaINbE.exeGet hashmaliciousGuLoaderBrowse
                                          l8DBc92n3x.exeGet hashmaliciousGuLoaderBrowse
                                            l8DBc92n3x.exeGet hashmaliciousGuLoaderBrowse
                                              jmQH1KPMfY.exeGet hashmaliciousGuLoaderBrowse

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Temp\nsb308A.tmp\System.dll

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                Category:dropped
                                                Size (bytes):11264
                                                Entropy (8bit):5.767999234165119
                                                Encrypted:false
                                                SSDEEP:192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa
                                                MD5:C9473CB90D79A374B2BA6040CA16E45C
                                                SHA1:AB95B54F12796DCE57210D65F05124A6ED81234A
                                                SHA-256:B80A5CBA69D1853ED5979B0CA0352437BF368A5CFB86CB4528EDADD410E11352
                                                SHA-512:EAFE7D5894622BC21F663BCA4DD594392EE0F5B29270B6B56B0187093D6A3A103545464FF6398AD32D2CF15DAB79B1F133218BA9BA337DDC01330B5ADA804D7B
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: Viridine84.exe, Detection: malicious, Browse
                                                • Filename: Viridine84.exe, Detection: malicious, Browse
                                                • Filename: rTransferenciarealizada451236.exe, Detection: malicious, Browse
                                                • Filename: BOQ-_AE200033.exe, Detection: malicious, Browse
                                                • Filename: BOQ-_AE200033.exe, Detection: malicious, Browse
                                                • Filename: onKJBaINbE.exe, Detection: malicious, Browse
                                                • Filename: onKJBaINbE.exe, Detection: malicious, Browse
                                                • Filename: l8DBc92n3x.exe, Detection: malicious, Browse
                                                • Filename: l8DBc92n3x.exe, Detection: malicious, Browse
                                                • Filename: jmQH1KPMfY.exe, Detection: malicious, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....uY...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..^....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\entomostraca\nonmissionary\Anklages.bod

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):429406
                                                Entropy (8bit):1.2536590133356693
                                                Encrypted:false
                                                SSDEEP:768:85nhJxzwEt9iIiklH+RybHpWf86+6Jl71/F4V/ay/b1kgPN0kfPvgJ95A9dqsFx/:7Et1jHF4h9exefjskVy6Ofnp44PcT+
                                                MD5:BEB0697FF747AFD61850CF6C4221D5BD
                                                SHA1:B36F5A97652154421DEDE2C9EFA27C5BC48F696B
                                                SHA-256:886B9AEA37A0D8F21E3A9DAEB974CFF48197A47FE17279130576779E43EA44D5
                                                SHA-512:A64ADB44F9EA5395C3712F84FAC6D124486F8589FD8F2F5E6AFABC741E603651F405954AEB753DA1AD67AF3A05B7C39CBC552334CDF4C075B032C58967089790
                                                Malicious:false
                                                Reputation:low
                                                Preview:..............=............................M.....9.....................f.........................".f.......................S.M..............................................*...........................u.........................u......|.................................................................................................U.&..............8.....................m............................................................................................G..................5.................................................<.........................................t...............................s........................................................Y....y.....m...........................a..I.........Z...s..........Ww......................................~...........................................................................................................................c.................w.......>.".................................0..............r.......................]..

                                                C:\Users\user\entomostraca\nonmissionary\Fuselfrie.Ana

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):228568
                                                Entropy (8bit):7.516314271137394
                                                Encrypted:false
                                                SSDEEP:3072:G7VK1UGg9mvrkplxGBPNfNJNPhVn4TJUCM5KPtvReD6ItqczXeC22fqAzAqw:GE29mvrkzxGBBN/vnyUiFYD6IM2p7W
                                                MD5:8F29858C4E5318A4116048E1CB83812C
                                                SHA1:5FB998C6DB44825881F7ED857632469EE74E27DD
                                                SHA-256:99D64DE556BD2EB2555A8A93B010944E1C56EF0A3EC859C0FA07EDFEFDD9F875
                                                SHA-512:98F1693B78113895B649067A6A399905B9CC8C3BE64666588F348F1E1CF9D92961419D219B523CEDA18DCC7942F0D39DA500BFFB76EEAAA47D5DC36669123875
                                                Malicious:false
                                                Reputation:low
                                                Preview:...6.........."...g.h.............^.................w..xx.}..>.J..w..........s.................................................]..................GG.m.........QQ.....^..f...............--...h.....s...................66..........$$................``...................@.....###....www..pp..................(............////.....j.x...````..;.......................5..AAA...............................GG.A.......%..............h.X.5........^...../.````........YY..................................77.................vvv....77....%%%.........................pppppppp..%.W...........>>>>>..LLLL........\\...g.....=.P.............>>>>...............................@......................................................<<.uuuuuu.............&...||||...Y..||.......2.................(...99....................................{{{.....L........77....OO.......M...........]]]]]......<...&&....999999.+........r.......................Y..........!!...&...**....//.....................nn........................

                                                C:\Users\user\entomostraca\nonmissionary\Procurable\phonetism.ham

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 8192.000000
                                                Category:dropped
                                                Size (bytes):221986
                                                Entropy (8bit):1.2553570110885655
                                                Encrypted:false
                                                SSDEEP:768:UEGD8pi+OnyGF8VOfpmIamQ+1r2xhgXPyxI+R/9d7jdr5oGEqsraoC8R55An+T7+:sy3E6xuqr5t3q4ls6
                                                MD5:5DC04B53C924A15C430DA960DB73AA27
                                                SHA1:D3367203E4F7EAC0D40EA08BD7434DB17CBFC2E8
                                                SHA-256:7EB2DCF0349AD2A17D56426054A123FF8DD0ECF60A74FBF59267D1E94FC86B78
                                                SHA-512:90C85BB1DA20E01F111FEF7270FF4827D268C86467DE338524EBD0E7736D1B77BF1BC9C3FA1FA1EE75A10CF3E9DF5680BABF49C4FD52E65E2A7F88C665EB3BF8
                                                Malicious:false
                                                Reputation:low
                                                Preview:.........................................<.;.....)...........................................^.......>.............................................h......i..........................s................................................................................m................................................................................................................................................D...........a.............c..............?.....................j...............'....~...................................................>...............w..................)...................................,...........V...V.................................n.........5........5................................................................................................................k...........T.......................t.........[............U.....U....*...................s........................................K..............|..........................q..............................

                                                C:\Users\user\entomostraca\nonmissionary\Procurable\skovtursstemningernes.and

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):279323
                                                Entropy (8bit):1.267147618148775
                                                Encrypted:false
                                                SSDEEP:768:r8/GPBxg6M7g7OzAqybt6Yan7KhA4wowv9w81X/W136VZ+iE8iTnqcfW/+YcM3kV:A6S6E+wB/Y1zzZ+K3dX
                                                MD5:A5DC7826AAD6E8F21B82862D3DCE5E19
                                                SHA1:DE1A5A38D84E7E89047D7CD75CE21476756569ED
                                                SHA-256:4E8B0FA52DC775D52F34528F17E40BC3C7B645DE8FCBD15A13E15C9D8C9343DE
                                                SHA-512:C44443A2C1E5738AF7FF276E80CCE08E6E830E1258252C43BD501AC8B3FA23FE72D801F9BF4EEE3BAF8075996FC89D2B276BDBE30AF421FAEBB0681922057DB7
                                                Malicious:false
                                                Reputation:low
                                                Preview:...........e.............................................................................................................q.....................................^.....................................................o...._..q........................n....................................g.........................................c..........S...............................................B..m...hu................$........................................D................O.............................5.......?.G............................................8.....................................4........r.................................................................................3........0U...................2........u..:...............p..........o..................................................7................................................................................................................}........._.............................n............................................>

                                                C:\Users\user\entomostraca\nonmissionary\Procurable\telcontar.txt

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):381
                                                Entropy (8bit):4.251186060474368
                                                Encrypted:false
                                                SSDEEP:6:MRMCcIWh0MEHOLzaaFwc2NFb6vLoRYk1IUBH/suCyG1EKDn3Ko3MLFMLmPJg/f2M:MRXWhTkOLzlFwcpTotFCt1EKD3DMxxgb
                                                MD5:6EF48E64E0432B3EEB16614315305EAB
                                                SHA1:7921FB890955694225EF254DAD564FF42EA888B9
                                                SHA-256:981C4F156A8D30AE7B40E6B611114707B46D0EF7BA61D6ECD813267B99B0A6FF
                                                SHA-512:D58F034E162B33134C21373B0E7E77ADFC5B4A1E6B193BACA8960F2C33828CE0349DFA2B415605877075C65730245E1AF80049AAFBF450A6E1906218E7574811
                                                Malicious:false
                                                Preview:ihrdigstes nocturns venomly friis trykluftborenes.antropologernes sporvognssljfers klyngehus emissionsgrnsevrdiernes meditationernes opslidningen..flammation afvejendes fljtetndernes uranospinite sot kondicykelens megalopinae.undiscreditable frydet praedialist.myositic afskedserklring tenors intermittencies fraseologiske formwork untumid,indlgs regnspovers purpures recognisable,

                                                C:\Users\user\entomostraca\nonmissionary\Septemvir\Bankboksene.Kra

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                Category:dropped
                                                Size (bytes):435884
                                                Entropy (8bit):2.6573035461117933
                                                Encrypted:false
                                                SSDEEP:3072:tYG0yyZaZSZ/hTywvIjBMpsGyigplsTXtEPHSqAAxf:CG0yKagZ5TywvUupTaplsjtEPHSAxf
                                                MD5:5DDC684272F5566E42C69889C49A4804
                                                SHA1:ED65BEC09ABA644AEBAD63A79A3F061359F47CE4
                                                SHA-256:95EFC8DDF7CEB582033C3F5489AD7C9CFED33FAC6B6FE67906411F475F341049
                                                SHA-512:3D4B9EAA248C5C2C48BB38EB085E3417A6F7B1789877C5F3B7BEE438B22575506B122C0680AE496F5FAD5E5FD91CE165A778E3E3EFC59E49F32C072E8E9A601D
                                                Malicious:false
                                                Preview:00001500000000BDBD000062000000EA0000005100313131310000363600008B0000EA000505007F7F7F7F00000000A9000000009E009900000E0E0E0E0E0E007373008800A50000003232000000001616000606060077000000C900000200000000ABABAB005252008B8B00E20098980000454545002F2F2F2F0000570000A60000002C2C00DA0000007F00B300000015000000006A6A6A00004000500000000030000078787878000000FDFDFDFDFD000000F300000000860000D3D3001C1C0000BC0024240060600000F7F7F7F7001700F9F9F9F9F9F9F9F9F9000000007000BABA00001B1B0000000017000000E9000000A6A60000B2006A0000000000E4E4E4E4E4E40000A2006E6E00006C6C6C000C0C00000000FB00CE00610011006D00000000120000575700000050000000C800828200000000006D6D006E005100000000000024000000000000AFAF000000F00000570000001100EE0000D5D500000000000000C6C600009E9E00222200DADADA00001818000000006B0000000000006F0000000000DB00CACA000049006E6E00000000DCDCDCDC00000000F50000500000DD00000000E3E3E3000068002400C70000A40000D300999900005E008787005050500000009B9B9B9B0000FC0000F1F10000000057000000999900005F002600000049490000000000A9000004040404

                                                C:\Users\user\entomostraca\nonmissionary\Septemvir\ankomsttidernes.obs

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 8637644800.000000
                                                Category:dropped
                                                Size (bytes):317856
                                                Entropy (8bit):1.2536722078272815
                                                Encrypted:false
                                                SSDEEP:1536:aSSMNripeTi8tcwZ5DxukXUgVOrokqGykfq:aWJThqSXUHyh
                                                MD5:E709E62365CAA58EF4BE2F1D9D635944
                                                SHA1:74C294CF4B723304883CF6812549E7584ED8CA44
                                                SHA-256:75C184E5697A25E1FDDB29321C1FE5670191041A26F7E5209264D4B948CDBDA5
                                                SHA-512:22F057ADD0FD2DC37F539B66E37E75AEDE5F59C255D878257B01ADCD22889B129778FD194F43822599C38619A515E1C07E38601257EC872CF6C2CF7BD597CE06
                                                Malicious:false
                                                Preview:....................................-...........q..h...............................................................................7.....................................................................C.....................................................................a..........................."..................................................c..........................................................................................:.{..............;..............U..........................................(........................................................................................................................................................................+...........q...0.....8...................h......`...........S......................:..................;.V....................^.................=...........................l..............N............................................................5........................5............|.........k.....t............

                                                C:\Users\user\entomostraca\nonmissionary\Septemvir\beggarliness.rab

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):433577
                                                Entropy (8bit):1.254581983664173
                                                Encrypted:false
                                                SSDEEP:1536:hnk5eUOtB6NJw8scQFwogPfCrb7iGRpPEG+sCLO6u:tktO8orbP/+su8
                                                MD5:5066398DACF47B0581CBAE543934824F
                                                SHA1:F17D4884D4F1743E99E9CC2ACB4927D3AAC3F87C
                                                SHA-256:E8A6C6CC2F29488EE76E0E5F5751C8345D8FCFA58AE162F98E07ECBABF8F58B5
                                                SHA-512:9B937A0D2A77DA03244B4ABEBE2B015A55FB3ACDF6E60587DEBDD5EFBE90D62EA0353D3EB0E77F7EB4A34FF0AFA6A85484A983B7C676E9AE821D6DC6A1559922
                                                Malicious:false
                                                Preview:.......................................3.....................w..........................................v.................0..............;...............................?......................................f.p........I..................................................r...................E...................................Z....u...........P................................................L........`............................<......................................(......................g..........................8......................h.....................)...........................~........P.................................................'..........................................................................................................-...................K............+.....<........................d.|.........................................n..........................9............................................o......../.....................e.............................

                                                C:\Users\user\entomostraca\nonmissionary\Septemvir\besindelse.del

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):478871
                                                Entropy (8bit):1.2462455290525662
                                                Encrypted:false
                                                SSDEEP:1536:oXoLe735oOOBiucAvUul/HY2/XtMWRHrRLhamiX:o4LuJNOBizS/HtFMWRLbam2
                                                MD5:BA84ECD8B2559ECBECBDE1432C367ECE
                                                SHA1:ABFFEADCFD7ED93B57D884A9437A62E19EB66D11
                                                SHA-256:9FAD11E966E65F071438182D65D5C366FDEC1B2E6E55B62FAC6D340ED6AF8E3D
                                                SHA-512:3EC3B59C9F7FC3039BFDF8F902A79F147F9D2F4D691BDAD62DF9EDC209061931469DC9857EAC0F22CA94FE3A33681520CFCD1953EBBAFE575BFFAB8263E6D52F
                                                Malicious:false
                                                Preview:.....................................\........................f.........................................<.............%...............................................;..........................................X....................................................................................................P...............................................................................................................................................................................................@...............................................................................................a.............................._...............,......................"......................&.................................:.a.........................t................,..................................................<.....................A.....................!.....................O...............S...........4.....J.....................................h......-...7..}..........................

                                                C:\Users\user\entomostraca\nonmissionary\Septemvir\bevidsthedsudvidelsen.und

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):221536
                                                Entropy (8bit):1.2443001674266274
                                                Encrypted:false
                                                SSDEEP:768:Sr45/U0agoHI2U/gRdeMgkZhDARzPafwGkOyRuI6WFTPj4c2ciLTSXfkgzIWN2CV:z/3POxDyCo6yjXH
                                                MD5:2A6FFC736E96E911CC777DF21DD9207C
                                                SHA1:41FE98C7AC97AC97F444383E8838F63899AC6A85
                                                SHA-256:ADC2099B40E08D64C7C12E43F0A4877F9C8B2593B86EDB6EB6381049093AAFEE
                                                SHA-512:B5C391F6106950D37110144968B899FE6F929DBB00257657BA8E63FB1FFB024AEBE3EB6B8C3F0E4C336B5D4156D9A1E88D882F14D04555006AFD66175B59E95A
                                                Malicious:false
                                                Preview:........X........7.....................1.............................................&......u...........V..h...............,..............................G................................................................................l........................7.........^..................................................................&.............................................o........[............................................................Q.....................................................................................................H......................w...............................p..\..................................................Q...............................................ief........4................................................'................................*..................{......Q................(........................................................................................'...........................................V..................

                                                C:\Windows\Resources\nringsmiddelet.ini

                                                Download File
                                                Process:C:\Users\user\Desktop\Micra.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):42
                                                Entropy (8bit):4.44923074481598
                                                Encrypted:false
                                                SSDEEP:3:VHPy2E5scHXhNK:Vvy2ElG
                                                MD5:3A6FE7C926FA502CA28AE72B7A40D387
                                                SHA1:14D4A78172BDBBB103C39406164F43473BD92177
                                                SHA-256:B966D39B1859A38999191B79064330621498C5E278A337B0CAACAE18BD87703F
                                                SHA-512:D276FC59FF1AFE300BA5523FEDC53E156B8D64A085D7DF22521527BD1C115B2D0F8E724002D84933A396418216AD10B94A0DA455EBB008668FF6D1CE3DF5E499
                                                Malicious:false
                                                Preview:[fabrics]..Skipperhistorier128=Behaendig..

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Entropy (8bit):7.623931163794707
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:Micra.exe
                                                File size:933'720 bytes
                                                MD5:1ad521dbfab2e258ac84aa46e82fb5c7
                                                SHA1:560a6c25f441e888a805b328f773969a82e2c4a3
                                                SHA256:5249ac3848e42ac5264815414a321bfa6a698970ff8ffea1dd1d0a4e070b0224
                                                SHA512:496065d4dae3b0da346b9847a84086bbe680c15a1ef63d20c42bee0c39f4e66bf116f716f6daf234d44c97467cdb623426459e80ee7055905da6ab6c57d05c40
                                                SSDEEP:24576:6x+rrDFMAYnCCoAzEqb1o68762HnQIQMOKOaeK:6x+vDFMAYZFzEQ1oI2HTzOKOw
                                                TLSH:CA15011F26D80209D5DAEFB0CDC152FA83659C257C76E08E22E6753ECBBA9F95603064
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...#.uY.................`.........

                                                File Icon

                                                Icon Hash:92808aba4ace58ba

                                                Static PE Info

                                                General

                                                Entrypoint:0x4031bb
                                                Entrypoint Section:.text
                                                Digitally signed:true
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x59759523 [Mon Jul 24 06:35:15 2017 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:3abe302b6d9a1256e6a915429af4ffd2

                                                Authenticode Signature

                                                Signature Valid:false
                                                Signature Issuer:CN=Overlove, L=Wittstock, C=DE
                                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                Error Number:-2146762487
                                                Not Before, Not After
                                                • 22/03/2024 02:17:38 22/03/2027 02:17:38
                                                Subject Chain
                                                • CN=Overlove, L=Wittstock, C=DE
                                                Version:3
                                                Thumbprint MD5:B502F9926205E85E5A4669B6D46A7CF6
                                                Thumbprint SHA-1:5B7CB905CBFC6104F911866910B64FE370803BCB
                                                Thumbprint SHA-256:ECE7C4FBBD4349FF3651BA83F3FF32302F26EA4C0953B91CD0639E761FC2C0AE
                                                Serial:6EC9244EE48495A163DFEFC9D08B075518B3ED59

                                                Entrypoint Preview

                                                Instruction
                                                sub esp, 00000184h
                                                push ebx
                                                push esi
                                                push edi
                                                xor ebx, ebx
                                                push 00008001h
                                                mov dword ptr [esp+18h], ebx
                                                mov dword ptr [esp+10h], 00409198h
                                                mov dword ptr [esp+20h], ebx
                                                mov byte ptr [esp+14h], 00000020h
                                                call dword ptr [004070A0h]
                                                call dword ptr [0040709Ch]
                                                and eax, BFFFFFFFh
                                                cmp ax, 00000006h
                                                mov dword ptr [0042370Ch], eax
                                                je 00007F733C8173E3h
                                                push ebx
                                                call 00007F733C81A49Ah
                                                cmp eax, ebx
                                                je 00007F733C8173D9h
                                                push 00000C00h
                                                call eax
                                                mov esi, 00407298h
                                                push esi
                                                call 00007F733C81A416h
                                                push esi
                                                call dword ptr [00407098h]
                                                lea esi, dword ptr [esi+eax+01h]
                                                cmp byte ptr [esi], bl
                                                jne 00007F733C8173BDh
                                                push 0000000Ah
                                                call 00007F733C81A46Eh
                                                push 00000008h
                                                call 00007F733C81A467h
                                                push 00000006h
                                                mov dword ptr [00423704h], eax
                                                call 00007F733C81A45Bh
                                                cmp eax, ebx
                                                je 00007F733C8173E1h
                                                push 0000001Eh
                                                call eax
                                                test eax, eax
                                                je 00007F733C8173D9h
                                                or byte ptr [0042370Fh], 00000040h
                                                push ebp
                                                call dword ptr [00407044h]
                                                push ebx
                                                call dword ptr [00407288h]
                                                mov dword ptr [004237D8h], eax
                                                push ebx
                                                lea eax, dword ptr [esp+38h]
                                                push 00000160h
                                                push eax
                                                push ebx
                                                push 0041ECC8h
                                                call dword ptr [00407178h]
                                                push 00409188h

                                                Rich Headers

                                                Programming Language:
                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x430000x2a348.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xe2dd80x1180
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x5ed20x60009112619c91f32f6f8e4096e108712ebeFalse0.6629638671875data6.442176588686321IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x70000x12480x14001c9a524313c13059919ecf8195d205beFalse0.4275390625data5.007650149182371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x90000x1a8180x400458aeaedc3eabb1f26ec1bbd666017aeFalse0.6396484375data5.13585559284969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .ndata0x240000x1f0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x430000x2a3480x2a400f70216fcc65579490c33a248bbf620b5False0.22636025332840237data4.211175627255611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                RT_ICON0x434480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.1427008162782444
                                                RT_ICON0x53c700x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.23523228925793568
                                                RT_ICON0x5d1180x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.2696395563770795
                                                RT_ICON0x625a00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.23264052905054322
                                                RT_ICON0x667c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.30809128630705396
                                                RT_ICON0x68d700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.34122889305816134
                                                RT_ICON0x69e180xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.49307036247334757
                                                RT_ICON0x6acc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5509927797833934
                                                RT_ICON0x6b5680x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.32926829268292684
                                                RT_ICON0x6bbd00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3930635838150289
                                                RT_ICON0x6c1380x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.4601063829787234
                                                RT_ICON0x6c5a00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.4099462365591398
                                                RT_ICON0x6c8880x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5337837837837838
                                                RT_DIALOG0x6c9b00x120dataEnglishUnited States0.5138888888888888
                                                RT_DIALOG0x6cad00x11cdataEnglishUnited States0.6056338028169014
                                                RT_DIALOG0x6cbf00xc4dataEnglishUnited States0.5918367346938775
                                                RT_DIALOG0x6ccb80x60dataEnglishUnited States0.7291666666666666
                                                RT_GROUP_ICON0x6cd180xbcdataEnglishUnited States0.648936170212766
                                                RT_VERSION0x6cdd80x144dataEnglishUnited States0.5895061728395061
                                                RT_MANIFEST0x6cf200x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                Imports

                                                DLLImport
                                                KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2024-10-30T12:42:58.760192+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.450002142.250.184.206443TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 30, 2024 12:42:57.413652897 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:57.413738966 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:57.413825035 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:57.423866034 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:57.423904896 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.314969063 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.315094948 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.315613985 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.315680027 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.368700981 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.368763924 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.369040966 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.369108915 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.372854948 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.419327021 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.760236025 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.760369062 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.760412931 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.760611057 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.760715961 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.760797024 CET44350002142.250.184.206192.168.2.4
                                                Oct 30, 2024 12:42:58.760905027 CET50002443192.168.2.4142.250.184.206
                                                Oct 30, 2024 12:42:58.789961100 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:42:58.789988041 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:42:58.790057898 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:42:58.790296078 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:42:58.790311098 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:42:59.646951914 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:42:59.647078037 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:42:59.663706064 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:42:59.663733959 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:42:59.664597988 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:42:59.664665937 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:42:59.664971113 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:42:59.711376905 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.589211941 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.589301109 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.597136974 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.597208977 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.717770100 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.717859030 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.717874050 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.717931986 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.717977047 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.718036890 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.718112946 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.718169928 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.718213081 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.718260050 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.718323946 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.718377113 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.718415022 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.718461037 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.718502998 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.718549013 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.720814943 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.720880032 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.721136093 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.721187115 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.729691029 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.729747057 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.729775906 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.729830027 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.738466978 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.738545895 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.738560915 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.738616943 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.747807980 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.747976065 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.747982979 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.748034954 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.755956888 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.756012917 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.756042004 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.756098986 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.769176006 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.769330978 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.769339085 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.769390106 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.834521055 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.834639072 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.834657907 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.834724903 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.834748983 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.834808111 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.834858894 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.834913969 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.835366011 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.835422993 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.835457087 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.835511923 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.835787058 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.835839033 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.835869074 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.835920095 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.835973978 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.836025000 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.836054087 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.836102962 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.836623907 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.836678028 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.836738110 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.836790085 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.836826086 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.836879969 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.836915016 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.836966038 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.837553978 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.837606907 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.837640047 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.837691069 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.837909937 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.837960958 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.837999105 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.838048935 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.838092089 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.838145018 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.842809916 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.842861891 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.842919111 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.843175888 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.848686934 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.848748922 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.848771095 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.848825932 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.854070902 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.854126930 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.854182005 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.854237080 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.859879017 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.859935045 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.859966040 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.860022068 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.865533113 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.865587950 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.865633011 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.865686893 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.871157885 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.871212959 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.871236086 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.871289968 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.876704931 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.876785994 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.876806021 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.876878023 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.882378101 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.882440090 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.882464886 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.882522106 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.888206959 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.888279915 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.888297081 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.888351917 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.893687010 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.893861055 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.893877029 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.893932104 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.899564981 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.899626017 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.899652004 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.899707079 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.951524019 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.951606035 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.951628923 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.951693058 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.951720953 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.951782942 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.951811075 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.951868057 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.951909065 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.951967001 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.952002048 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.952054024 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.952090025 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.952143908 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.952181101 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.952236891 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.952267885 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.952320099 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.952852964 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.952902079 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.952939034 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.952992916 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.953030109 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.953094959 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.953131914 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.953187943 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.953216076 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.953270912 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.953775883 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.953831911 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.953867912 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.953918934 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.953958988 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.954010010 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.954040051 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.954094887 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.954833984 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.954883099 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.954924107 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.954972029 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.955013037 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.955064058 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.958276033 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.958333969 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.958390951 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.958446980 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.961424112 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.961483955 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.961513996 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.961566925 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.964400053 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.964456081 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.964513063 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.964654922 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.967484951 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.967555046 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.967565060 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.967622042 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.970479965 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.970540047 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.970588923 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.970648050 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.973439932 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.973496914 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.973524094 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.973578930 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.976285934 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.976342916 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.976382017 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.976440907 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.979245901 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.979301929 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.979351997 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.979406118 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.982208967 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.982268095 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.982311964 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.982372999 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.984947920 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.985002041 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.985052109 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.985213041 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.987941027 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.988002062 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.988028049 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.988080978 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.990765095 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.990820885 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.990864992 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.990921021 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.993402958 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.993489027 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.993516922 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.993591070 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.996171951 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.996253014 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.996280909 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.996413946 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.998999119 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.999089003 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:02.999095917 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:02.999166012 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.001652956 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.001738071 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.001756907 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.001830101 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.004323959 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.004412889 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.004436016 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.004512072 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.007080078 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.007164955 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.007174015 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.007239103 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.009777069 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.009869099 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.009886980 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.009957075 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.014122009 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.014209986 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.014216900 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.014283895 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.014720917 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.014811039 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.014847040 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.014925957 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.017335892 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.017420053 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.017426968 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.017493963 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.019860983 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.019944906 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.019973040 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.020041943 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.022396088 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.022480965 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.022486925 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.022557974 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.024890900 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.024974108 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.024993896 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.025064945 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.027395964 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.027484894 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.027491093 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.027559042 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.029771090 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.029869080 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.029875040 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.029958010 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.029963970 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.030046940 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.032216072 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.032303095 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.032309055 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.032392025 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.034627914 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.034718037 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.034733057 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.034800053 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.037292004 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.037374973 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.037391901 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.037461996 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.068633080 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.068784952 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.068790913 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.068896055 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.068960905 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.068969011 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.068979979 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.069068909 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.069124937 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.069133043 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.069253922 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.069255114 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.069283962 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.069367886 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.069375038 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.069453001 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.069783926 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.069845915 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.069883108 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.069936037 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.069992065 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.070046902 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.070070982 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.070116997 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.070157051 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.070215940 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.070730925 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.070781946 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.070843935 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.070897102 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.070926905 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.070967913 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.071012020 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.071063995 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.071100950 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.071144104 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.071183920 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.071237087 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.071711063 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.071764946 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.071825981 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.071872950 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.071913004 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.071954966 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.072001934 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.072053909 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.072082043 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.072125912 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.072715044 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.072771072 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.072803974 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.072849035 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.072889090 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.072938919 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.073168993 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.073221922 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.073271990 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.073323011 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.073637962 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.073692083 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.073724031 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.073771000 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.078541040 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.078607082 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.078643084 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.078695059 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.079713106 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.079777956 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.079814911 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.079866886 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.081554890 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.081620932 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.081671000 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.081720114 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.083368063 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.083431959 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.083455086 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.083503008 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.085319042 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.085378885 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.085416079 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.085472107 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.087184906 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.087249041 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.087290049 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.087343931 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.089039087 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.089099884 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.089152098 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.089200974 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.091041088 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.091099024 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.091126919 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.091177940 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.092860937 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.092911005 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.092967033 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.093009949 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.094880104 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.094944954 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.094958067 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.095011950 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.096581936 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.096643925 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.096687078 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.096734047 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.098422050 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.098473072 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.098521948 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.098570108 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.100240946 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.100291014 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.100348949 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.100409031 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.102075100 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.102128029 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.102179050 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.102232933 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.103821039 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.103873968 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.103905916 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.103959084 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.103996992 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.104048014 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.104078054 CET50003443192.168.2.4142.250.185.65
                                                Oct 30, 2024 12:43:03.104147911 CET44350003142.250.185.65192.168.2.4
                                                Oct 30, 2024 12:43:03.104208946 CET50003443192.168.2.4142.250.185.65

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Oct 30, 2024 12:42:57.401375055 CET5561653192.168.2.41.1.1.1
                                                Oct 30, 2024 12:42:57.408756018 CET53556161.1.1.1192.168.2.4
                                                Oct 30, 2024 12:42:58.781368971 CET6465853192.168.2.41.1.1.1
                                                Oct 30, 2024 12:42:58.789247990 CET53646581.1.1.1192.168.2.4

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Oct 30, 2024 12:42:57.401375055 CET192.168.2.41.1.1.10xddaaStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                Oct 30, 2024 12:42:58.781368971 CET192.168.2.41.1.1.10x1e9bStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Oct 30, 2024 12:42:57.408756018 CET1.1.1.1192.168.2.40xddaaNo error (0)drive.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                Oct 30, 2024 12:42:58.789247990 CET1.1.1.1192.168.2.40x1e9bNo error (0)drive.usercontent.google.com142.250.185.65A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • drive.google.com
                                                • drive.usercontent.google.com

                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.450002142.250.184.2064432024C:\Users\user\Desktop\Micra.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-30 11:42:58 UTC216OUTGET /uc?export=download&id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Host: drive.google.com
                                                Cache-Control: no-cache
                                                2024-10-30 11:42:58 UTC1610INHTTP/1.1 303 See Other
                                                Content-Type: application/binary
                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                Pragma: no-cache
                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                Date: Wed, 30 Oct 2024 11:42:58 GMT
                                                Location: https://drive.usercontent.google.com/download?id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS&export=download
                                                Strict-Transport-Security: max-age=31536000
                                                Cross-Origin-Opener-Policy: same-origin
                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                Content-Security-Policy: script-src 'nonce-GudHj13UcBQrHVMsgmsVCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                Server: ESF
                                                Content-Length: 0
                                                X-XSS-Protection: 0
                                                X-Frame-Options: SAMEORIGIN
                                                X-Content-Type-Options: nosniff
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close


                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                1192.168.2.450003142.250.185.654432024C:\Users\user\Desktop\Micra.exe
                                                TimestampBytes transferredDirectionData
                                                2024-10-30 11:42:59 UTC258OUTGET /download?id=1oy1LR6ySauupAi9qDWRVXnDK8AVMnjaS&export=download HTTP/1.1
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                Cache-Control: no-cache
                                                Host: drive.usercontent.google.com
                                                Connection: Keep-Alive
                                                2024-10-30 11:43:02 UTC4917INHTTP/1.1 200 OK
                                                Content-Type: application/octet-stream
                                                Content-Security-Policy: sandbox
                                                Content-Security-Policy: default-src 'none'
                                                Content-Security-Policy: frame-ancestors 'none'
                                                X-Content-Security-Policy: sandbox
                                                Cross-Origin-Opener-Policy: same-origin
                                                Cross-Origin-Embedder-Policy: require-corp
                                                Cross-Origin-Resource-Policy: same-site
                                                X-Content-Type-Options: nosniff
                                                Content-Disposition: attachment; filename="FodnoSSA107.bin"
                                                Access-Control-Allow-Origin: *
                                                Access-Control-Allow-Credentials: false
                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                Accept-Ranges: bytes
                                                Content-Length: 286272
                                                Last-Modified: Wed, 30 Oct 2024 05:44:12 GMT
                                                X-GUploader-UploadID: AHmUCY2Fl2aEqqL1_BwBYTgldgYzSKO9DLBPkqumZpe67HQLKC8Rc7KYBk-q3X4-zMQvEPRrklPTobVaaA
                                                Date: Wed, 30 Oct 2024 11:43:02 GMT
                                                Expires: Wed, 30 Oct 2024 11:43:02 GMT
                                                Cache-Control: private, max-age=0
                                                X-Goog-Hash: crc32c=1+F9fw==
                                                Server: UploadServer
                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                Connection: close
                                                2024-10-30 11:43:02 UTC4917INData Raw: 16 1c c0 b6 20 80 c7 78 83 7a e0 2e a2 0c 47 a3 47 5b b3 da 7c aa a9 d1 73 44 7b 2c ab 6b 0e 2a 6f f8 09 04 8e d5 a5 9d 6b 96 ca 3c cb 9b 62 8d e8 1f 95 b9 f8 18 86 5c ce 81 39 67 01 75 57 0c 90 a7 6e f6 df 53 40 33 90 cf 98 c3 64 ec 3d ef 3e fc f5 c1 bf 85 0b f1 5a 37 01 07 2d f9 44 7c f9 53 62 77 5f 12 61 66 59 98 52 47 b8 b5 8d c7 5b 93 a5 c6 32 54 15 5f a8 14 34 66 12 25 02 bd ef b0 7c 16 06 26 3f cd 67 c5 8e 3f 13 67 37 24 02 44 bf 66 30 3e f7 fb 67 93 1a ae ce b5 99 e8 5a 50 0f 78 42 51 bb c1 ed 66 d3 cd cd 9b fc 26 a7 05 b5 0c e3 d0 44 6f 36 29 bb 94 2c 57 58 f1 11 1d c6 d9 67 8d 5a 89 33 9c 2a 29 02 bf 70 6b 95 d2 da b0 25 89 01 54 f5 15 ff b7 a3 f3 f5 e5 a2 48 c2 74 4c e7 da 93 b5 cc e9 fd a5 5f 21 33 89 59 51 fe 49 54 f4 31 15 ee 61 0d c8 d5 79
                                                Data Ascii: xz.GG[|sD{,k*ok<b\9guWnS@3d=>Z7-D|Sbw_afYRG[2T_4f%|&?g?g7$Df0>gZPxBQf&Do6),WXgZ3*)pk%THtL_!3YQIT1ay
                                                2024-10-30 11:43:02 UTC4867INData Raw: 99 62 c5 44 e7 a3 9a dc 72 5e 22 04 85 d6 b9 1e 04 84 73 ca 17 d3 d7 38 46 cd c4 07 f7 11 c1 f2 c9 41 dc fa 11 51 e4 0a 04 f2 e3 04 a2 ba 37 7e 16 22 37 95 cc b4 36 c3 f6 c0 3d 7d a9 9d b4 be c9 3d 4a 2b bc ef 9e c4 a2 4f 3a ab 08 00 a0 70 8f 14 81 12 bd bd 49 32 5f d0 4c 94 ce d4 ba a6 30 5f 76 e1 7b e2 c5 a5 6e cd 53 a7 65 63 b8 6c 08 66 d1 14 17 08 01 fe 53 a6 a2 96 74 ac 5c e9 dd 30 19 8f 24 aa 09 af fe 0b 48 f1 d9 7d d3 09 c2 0c 21 ee 64 4c 38 be d7 db 50 d8 93 e2 11 d7 a0 e3 c8 d2 05 1f 83 fa 73 e0 4d df 66 db 18 89 5e b2 bb cf ea 46 7e 34 6c 47 f7 a8 4e c2 e1 e3 a8 56 5b 47 7e 5f 8c 3e a1 6b 6c 7f 27 7d 20 54 b1 d7 56 77 fc 15 0e ab cd 3e 9a 4a 39 89 5d db d3 a2 9c 31 96 5e 77 2f ae 2a 2d 0c 84 aa a6 32 8c 95 a7 c7 9b 3c 0f 0f 18 da 16 a0 f0 7c b7
                                                Data Ascii: bDr^"s8FAQ7~"76=}=J+O:pI2_L0_v{nSeclfSt\0$H}!dL8PsMf^F~4lGNV[G~_>kl'} TVw>J9]1^w/*-2<|
                                                2024-10-30 11:43:02 UTC1320INData Raw: b5 29 c8 fa b4 a5 6b 23 e6 de a8 cc c5 c5 ae 1c ee 69 87 c9 6f 84 60 e7 1a d8 91 98 3f f8 c2 ca 59 51 44 23 40 f4 31 fe 9d 61 0d 84 57 80 83 17 34 0b 12 72 45 90 b5 65 0a 39 b5 ec ec 93 af 5d 99 17 9f 9d 90 f7 14 67 a4 92 68 70 f2 91 3e c8 d1 d1 a3 e8 e2 87 46 f9 50 48 97 b8 1e 70 6c 7e 9e 95 bf dd e0 42 fb 6d b1 c5 c9 c0 9c b6 ea b0 0d e5 a6 66 c2 c8 86 e2 b9 b6 40 9e 8a 7a c5 dd f0 e0 9e 7c e7 66 60 8d 58 4e 41 e3 48 2a 9c b4 cc 1a 88 f4 e2 cb 0f a5 62 b3 10 27 5b 98 d9 6c f7 b8 e2 ee f6 ad 25 64 5e 58 68 54 5e f8 44 68 fa 19 0b 46 ff 9e 3d e5 15 8e 0e fc a7 da ab de 0a 04 87 55 8f fe 3d 16 a5 77 8a c9 49 25 f4 30 b7 5e 5f 71 2a 74 df 70 bb 7a 7f 03 39 11 2d 1b e1 68 8f b9 b8 c7 47 b4 3e 68 c0 90 08 7c c0 81 96 5a 28 f5 ca 4d 4d 5a 1e 88 8e 82 d7 cf 8f
                                                Data Ascii: )k#io`?YQD#@1aW4rEe9]ghp>FPHpl~Bmf@z|f`XNAH*b'[l%d^XhT^DhF=U=wI%0^_q*tpz9-hG>h|Z(MMZ
                                                2024-10-30 11:43:02 UTC1378INData Raw: ce 91 75 3a e6 c3 7b 48 2b 6d e7 17 2c 2c fb d9 fe 27 12 39 ef 63 ca 50 6f be be c6 97 f0 b8 22 28 48 50 f3 bf 75 46 10 6b c5 67 85 01 8e fd dc c4 ff c3 39 92 00 a8 35 ca 43 9f 0b 15 66 ee 3d a9 64 43 f7 e9 97 ed 3f 9c 25 bd bb 1d 2f 4f c1 3b c2 a7 58 b6 b7 17 0f 86 91 e1 60 9d d9 85 eb de bb 76 32 a4 2d e7 93 0c 1b cf 7d 56 9e 6a 18 18 48 98 85 55 43 cc fd 62 c8 47 57 b8 d2 ca dd b5 04 96 28 21 49 67 1c 6a 81 11 2d 18 85 dc 60 6a b7 1b 41 6e ba fc 7e 52 5d d9 2c c7 6e dd 8d 92 ac 86 05 52 ba a3 8d 5b 03 3d 5c 66 7a f9 1c 67 da a2 d6 ee 2a e2 7f 97 d6 11 ff b3 52 b6 68 9b 8d 28 b3 9d 87 76 9e 03 71 39 0c 8d 28 22 23 dd 25 10 8f 7e 18 80 ad 06 6b b1 36 8c 0b ad 72 4b 75 a1 69 00 5c b1 43 0f a0 2d 9d e4 79 ce 32 69 6a 35 07 0b 20 30 42 91 4a 51 7b 60 f1 94
                                                Data Ascii: u:{H+m,,'9cPo"(HPuFkg95Cf=dC?%/O;X`v2-}VjHUCbGW(!Igj-`jAn~R],nR[=\fzg*Rh(vq9("#%~k6rKui\C-y2ij5 0BJQ{`
                                                2024-10-30 11:43:02 UTC1378INData Raw: 7f 1c c2 22 66 72 3b 7e d9 e9 d9 33 a4 9b 0b f6 36 e4 74 08 69 64 25 79 9c 7e 2d 55 26 a5 f5 0d 28 62 a5 86 0d b9 23 35 94 67 e3 c4 a8 55 0a d7 d2 2f c2 8c 68 2e 9c ef 1f 21 fd fd 9f 8c c2 24 6c 5a ac 80 4a 58 5d 2f 4f 7f 85 cf 03 ac 24 63 a4 a8 59 96 f7 bc a3 7c e7 1d 24 04 b3 35 67 5d 42 41 03 32 47 d6 80 78 5a e3 f9 3c d3 21 40 eb 60 82 6b 50 16 3f 50 46 0e 2b 4b 40 3e 27 4d 1f 02 d4 49 fe 1d 53 12 a1 03 ca b8 31 21 01 3d b8 a4 c2 4c a9 79 71 ab a4 70 9d 30 65 26 7e 8e c9 3d ba a4 44 4f 89 0d 49 a8 ba 6d 37 99 c1 04 f3 f5 87 ad b1 0a ba 88 8b 4f 3a 67 b2 b9 08 e9 55 5e c7 fe 62 e3 c5 49 21 40 23 44 50 2a fa 28 63 50 c6 47 dd 4f d9 b2 6e 5a 59 a2 3e f5 64 97 e1 91 30 af 9a 96 ed da 30 ab 3a 75 4f 22 4b bb 5f 8f 1a 22 da 9c a2 70 89 e2 cd 9d 67 45 f3 1c
                                                Data Ascii: "fr;~36tid%y~-U&(b#5gU/h.!$lZJX]/O$cY|$5g]BA2GxZ<!@`kP?PF+K@>'MIS1!=Lyqp0e&~=DOIm7O:gU^bI!@#DP*(cPGOnZY>d00:uO"K_"pgE
                                                2024-10-30 11:43:02 UTC1378INData Raw: 04 52 36 2f 0a c7 cc cf b1 b9 8b b2 4e a6 cf 6b df 83 c6 23 22 de b7 f3 d7 0d 22 95 37 c8 2f e9 46 33 3c 1b 03 1d 7e 16 3c 01 1e ca 50 71 43 52 34 d4 cb 28 02 65 36 76 c2 63 02 1e b9 62 57 fa 48 e2 ff fa c9 b2 cc 58 6a 0c fb a8 e1 72 1c 93 9f 4e f0 cc c6 e5 5b 77 6e b7 16 63 88 3a f9 07 88 de 95 d8 a2 d9 48 03 11 2b 04 8a 13 61 02 86 f2 17 47 91 ea e0 b5 99 4c f8 42 44 a4 59 c3 0a cd a9 bd f7 94 d8 4f 3f 0d e3 4d f8 6c e4 62 d5 5a 66 36 f4 2a 1a 1c 9d 35 29 57 aa 9c 4a 7c a5 f6 d6 53 3e f5 83 e7 54 d1 68 a6 9b ba b8 6b ca 1b 65 1b 78 65 f6 07 e8 76 d9 a7 70 c2 74 fb 29 46 bb 58 cb 84 f5 c0 e6 79 cc 29 34 9e 24 ac 43 18 9a d7 9e ad 12 ce ce 09 57 8a 11 52 74 32 10 ac de 28 53 a6 e8 59 10 70 b1 12 bf 05 5a 1b 2c be c4 ba fb 4f 34 ac b8 d7 29 81 ed 50 41 66
                                                Data Ascii: R6/Nk#""7/F3<~<PqCR4(e6vcbWHXjrN[wnc:H+aGLBDYO?MlbZf6*5)WJ|S>Thkexevpt)FXy)4$CWRt2(SYpZ,O4)PAf
                                                2024-10-30 11:43:02 UTC1378INData Raw: db 29 e9 ce 5b 82 26 a1 85 c4 11 33 3d 8e 36 5f 26 ba b6 99 bb 0d d2 6a 36 5d 7a 33 1b e4 a7 43 21 77 12 e2 37 c3 ec f3 92 da 08 26 f1 09 ca 42 f0 5c 01 65 3f 05 02 52 28 52 05 5a 88 c3 f6 60 c0 c8 af e0 88 b5 27 98 30 50 fe ca 94 cf 6d bc 83 ac c9 68 b8 74 1e 50 92 3c 0f b3 7c 0b e8 47 8d 41 51 aa 3b 63 cc ba d9 5f 4d a2 5c d3 b9 bb 2f f0 f0 fe 85 c5 56 34 05 e2 a3 58 b0 ed d3 d2 03 0e d9 74 29 11 46 30 1d b7 b4 5b 06 f8 83 07 85 bc 18 51 18 47 c7 9e d3 0d 09 e6 ea a9 dc e0 7c 64 85 3c 92 04 70 7b 97 3b a6 60 c0 4d 72 40 e4 7b 86 cb 96 9e a4 ce 0d 50 13 0f 46 a5 e1 92 b2 e6 52 ab c0 44 8c 06 e0 aa ce da 96 6e bd c8 6f a6 4b 4a c6 0d 13 6e 37 31 93 d9 98 96 7a f2 42 f6 9c ea 66 48 76 00 e2 07 d5 3d 32 78 d2 d1 2a 4a 23 87 64 6f 5a d8 18 ae 2e a2 64 42 65
                                                Data Ascii: )[&3=6_&j6]z3C!w7&B\e?R(RZ`'0PmhtP<|GAQ;c_M\/V4Xt)F0[QG|d<p{;`Mr@{PFRDnoKJn71zBfHv=2x*J#doZ.dBe
                                                2024-10-30 11:43:02 UTC1378INData Raw: 36 f0 9b d2 36 35 6c 46 62 2b d8 fa 56 a3 b4 66 3f 75 fc 58 9f 8e 4b b0 c1 fb da dd d0 b3 32 e1 8d ef 32 dd 3e 6e f6 03 b3 c1 da 84 ce d9 85 78 fd 4c 50 d6 8d f6 df 6e 53 2d 6b a9 c2 d6 b7 9d 1c 4e 57 1c 27 45 91 73 d3 2a f8 10 57 63 94 ec 6b 34 96 26 1b bf f6 17 b1 83 7e 71 c8 1e ca 24 66 24 33 dd 8f 30 78 61 00 a3 32 15 af 97 71 a5 f2 d6 5f 4b 02 9e cd 91 f1 63 e0 46 8d 9e 33 4f e9 ee 2f f5 2c 2f 04 c1 bf 8e 3f d3 c5 16 0b f2 de 45 61 bf 40 9b 66 d1 5f 6f 27 13 76 74 88 4f 83 19 dc 6d c0 4e 5c ac 94 4d bb b1 f5 81 76 9e 6c 97 22 b2 e8 72 9e af 47 e0 c9 70 bc 26 79 c8 c2 b8 d7 4f 22 ea f8 6e 1b 40 b5 f7 fb 96 b2 aa dd cf 1d d8 5c 34 0d 19 bd 3b 1a 4a 4d 2b aa fc a6 31 2d d3 18 aa 7f d7 18 c3 8d d1 77 a0 9e 95 51 c8 40 42 0a b2 72 c3 2b 16 25 7a 44 72 b1
                                                Data Ascii: 665lFb+Vf?uXK22>nxLPnS-kNW'Es*Wck4&~q$f$30xa2q_KcF3O/,/?Ea@f_o'vtOmN\Mvl"rGp&yO"n@\4;JM+1-wQ@Br+%zDr
                                                2024-10-30 11:43:02 UTC1378INData Raw: 72 82 e5 8d b6 fb 01 73 e5 5a 0e 70 fe 43 2d 16 04 c6 32 33 37 b7 56 70 54 2e 00 ab e4 02 4c 7f 23 dd 56 cf 6c 32 e6 f9 1e 92 ba 8a 16 f2 aa 72 eb 5c 18 02 c2 2c bb 1a b4 16 01 bb a7 ee 34 11 61 24 dd e2 66 57 03 38 58 c6 63 3e e5 a9 d0 8b 7a 48 54 74 f7 51 e5 66 9a 89 34 e4 cd ee 82 2b bc 9d 15 94 45 44 28 68 73 d9 ed 07 14 b2 8d ac 74 93 31 bb be b5 99 8e 9d 2d 39 3f 6a 8f e9 de 56 5a 67 f5 8a 0c ab d2 ea 43 a7 d5 aa ca 65 7e b2 47 72 ac 6f dc 2f 6d 2d fb a3 e7 dd 61 9c b2 c5 14 1b 0b 85 36 7a a7 c0 4d 76 db 76 23 55 ca 3e da 4d 39 da 62 b7 4e 7f e0 47 46 d4 73 5e b9 4f 95 64 a1 ae a2 be 58 16 d5 a6 d7 87 90 76 8e 38 dd c2 40 b9 01 1c f1 73 04 12 84 c7 8d a4 21 b4 86 d9 b2 84 32 53 cd 7a 90 67 49 ba 0d 18 fa d3 ba ba 89 21 b4 c5 92 99 f7 6d f3 0e 1a 91
                                                Data Ascii: rsZpC-237VpT.L#Vl2r\,4a$fW8Xc>zHTtQf4+ED(hst1-9?jVZgCe~Gro/m-a6zMvv#U>M9bNGFs^OdXv8@s!2SzgI!m
                                                2024-10-30 11:43:02 UTC1378INData Raw: b7 ba 3c 67 95 b7 92 8e 93 fe 88 2d b0 27 61 06 7e e4 ed df 93 01 87 fc 26 b7 87 2b 4b 79 12 a4 1f 3c 45 79 40 b3 a7 1b e8 c9 0f 4c 1d 0b 93 b9 88 5a 42 ff a6 b2 b0 f5 cf 9a 42 92 9c bc 20 66 58 b9 b0 83 5a fc 89 53 22 8c 65 d5 07 09 36 b9 9c 49 3a 95 ce 84 7a 95 85 76 7f a7 5e 93 1a fe 76 37 aa ea a2 77 a1 d1 19 ea 52 db 86 80 45 0d 18 ec fb 61 2d b6 c4 5d 7e ab 31 8e 58 09 c7 42 58 a5 36 d8 40 04 8f f5 d4 3b d5 4e 08 8e 10 7c 1b c0 67 ca 57 2f c1 73 d2 1b 3a 4b b8 38 12 5a 71 5e 1c 67 eb e5 21 58 07 10 e3 22 75 22 72 1d 17 02 aa 02 e0 f4 ca 71 84 e9 17 8e 48 3c 7e 07 48 00 02 7c a0 70 39 7d 64 92 45 fa 29 4c 0a 9e 5d 57 fc 9e e4 d1 e3 6b de 99 2c ee 5c 2b cf 99 7c 5e 4c bc 77 b5 d9 09 f1 b4 3f fa 39 79 50 92 4e da 27 79 cc 88 d6 f8 7e 58 c0 46 96 f4 a4
                                                Data Ascii: <g-'a~&+Ky<Ey@LZBB fXZS"e6I:zv^v7wREa-]~1XBX6@;N|gW/s:K8Zq^g!X"u"rqH<~H|p9}dE)L]Wk,\+|^Lw?9yPN'y~XF


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:07:39:54
                                                Start date:30/10/2024
                                                Path:C:\Users\user\Desktop\Micra.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\Micra.exe"
                                                Imagebase:0x400000
                                                File size:933'720 bytes
                                                MD5 hash:1AD521DBFAB2E258AC84AA46E82FB5C7
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.3421465563.000000000336C000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:5
                                                Start time:07:42:51
                                                Start date:30/10/2024
                                                Path:C:\Users\user\Desktop\Micra.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\Micra.exe"
                                                Imagebase:0x400000
                                                File size:933'720 bytes
                                                MD5 hash:1AD521DBFAB2E258AC84AA46E82FB5C7
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4039386089.00000000353C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                Reputation:low
                                                Has exited:true

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:1.1%
                                                  Dynamic/Decrypted Code Coverage:12.9%
                                                  Signature Coverage:21.9%
                                                  Total number of Nodes:695
                                                  Total number of Limit Nodes:31
                                                  execution_graph 34111 402682 34112 402689 34111->34112 34114 4028fe 34111->34114 34119 402a9f 34112->34119 34115 402690 34116 40269f SetFilePointer 34115->34116 34116->34114 34117 4026af 34116->34117 34122 405e8d wsprintfA 34117->34122 34123 405f51 34119->34123 34121 402ab4 34121->34115 34122->34114 34135 405f5e 34123->34135 34124 406180 34125 406195 34124->34125 34156 405f2f lstrcpynA 34124->34156 34125->34121 34127 40615a lstrlenA 34127->34135 34130 405f51 10 API calls 34130->34127 34132 406076 GetSystemDirectoryA 34132->34135 34133 406089 GetWindowsDirectoryA 34133->34135 34135->34124 34135->34127 34135->34130 34135->34132 34135->34133 34136 4060bd SHGetSpecialFolderLocation 34135->34136 34137 405f51 10 API calls 34135->34137 34138 406103 lstrcatA 34135->34138 34140 405e16 34135->34140 34145 406199 34135->34145 34154 405e8d wsprintfA 34135->34154 34155 405f2f lstrcpynA 34135->34155 34136->34135 34139 4060d5 SHGetPathFromIDListA CoTaskMemFree 34136->34139 34137->34135 34138->34135 34139->34135 34157 405db5 34140->34157 34143 405e79 34143->34135 34144 405e4a RegQueryValueExA RegCloseKey 34144->34143 34152 4061a5 34145->34152 34146 406211 CharPrevA 34149 40620d 34146->34149 34147 406202 CharNextA 34147->34149 34147->34152 34149->34146 34150 40622c 34149->34150 34150->34135 34151 4061f0 CharNextA 34151->34152 34152->34147 34152->34149 34152->34151 34153 4061fd CharNextA 34152->34153 34161 4058f2 34152->34161 34153->34147 34154->34135 34155->34135 34156->34125 34158 405dc4 34157->34158 34159 405dc8 34158->34159 34160 405dcd RegOpenKeyExA 34158->34160 34159->34143 34159->34144 34160->34159 34162 4058f8 34161->34162 34163 40590b 34162->34163 34164 4058fe CharNextA 34162->34164 34163->34152 34164->34162 34165 4025c4 34166 402a9f 17 API calls 34165->34166 34169 4025ce 34166->34169 34168 40263e 34176 405e8d wsprintfA 34168->34176 34169->34168 34170 40264e 34169->34170 34172 40263c 34169->34172 34174 405b40 ReadFile 34169->34174 34170->34172 34173 402664 SetFilePointer 34170->34173 34173->34172 34175 405b5e 34174->34175 34175->34169 34176->34172 34177 401c04 34178 402a9f 17 API calls 34177->34178 34179 401c0b 34178->34179 34180 402a9f 17 API calls 34179->34180 34181 401c18 34180->34181 34182 401c2d 34181->34182 34183 402ac1 17 API calls 34181->34183 34184 402ac1 17 API calls 34182->34184 34187 401c3d 34182->34187 34183->34182 34184->34187 34185 401c94 34199 402ac1 34185->34199 34186 401c48 34188 402a9f 17 API calls 34186->34188 34187->34185 34187->34186 34191 401c4d 34188->34191 34193 402a9f 17 API calls 34191->34193 34192 402ac1 17 API calls 34194 401ca2 FindWindowExA 34192->34194 34195 401c59 34193->34195 34198 401cc0 34194->34198 34196 401c84 SendMessageA 34195->34196 34197 401c66 SendMessageTimeoutA 34195->34197 34196->34198 34197->34198 34200 402acd 34199->34200 34201 405f51 17 API calls 34200->34201 34202 402aee 34201->34202 34203 401c99 34202->34203 34204 406199 5 API calls 34202->34204 34203->34192 34204->34203 34205 401e25 34206 402a9f 17 API calls 34205->34206 34207 401e2b 34206->34207 34208 402a9f 17 API calls 34207->34208 34209 401e37 34208->34209 34210 401e43 ShowWindow 34209->34210 34211 401e4e EnableWindow 34209->34211 34212 402951 34210->34212 34211->34212 34213 401746 34214 402ac1 17 API calls 34213->34214 34215 40174d 34214->34215 34219 405af7 34215->34219 34217 401754 34218 405af7 2 API calls 34217->34218 34218->34217 34220 405b02 GetTickCount GetTempFileNameA 34219->34220 34221 405b33 34220->34221 34222 405b2f 34220->34222 34221->34217 34222->34220 34222->34221 34223 10002709 34224 10002759 34223->34224 34225 10002719 VirtualProtect 34223->34225 34225->34224 34226 401389 34228 401390 34226->34228 34227 4013fe 34228->34227 34229 4013cb MulDiv SendMessageA 34228->34229 34229->34228 34230 40246d 34241 402b01 34230->34241 34233 402ac1 17 API calls 34234 402480 34233->34234 34235 402716 34234->34235 34236 40248a RegQueryValueExA 34234->34236 34237 4024aa 34236->34237 34240 4024b0 RegCloseKey 34236->34240 34237->34240 34246 405e8d wsprintfA 34237->34246 34240->34235 34242 402ac1 17 API calls 34241->34242 34243 402b18 34242->34243 34244 405db5 RegOpenKeyExA 34243->34244 34245 402477 34244->34245 34245->34233 34246->34240 34247 4023d0 34248 402ac1 17 API calls 34247->34248 34249 4023e2 34248->34249 34250 402ac1 17 API calls 34249->34250 34251 4023ec 34250->34251 34264 402b51 34251->34264 34254 402951 34255 402ac1 17 API calls 34260 40241a lstrlenA 34255->34260 34256 402421 34257 40242d 34256->34257 34258 402a9f 17 API calls 34256->34258 34259 40244c RegSetValueExA 34257->34259 34268 402f81 34257->34268 34258->34257 34262 402462 RegCloseKey 34259->34262 34260->34256 34262->34254 34265 402b6c 34264->34265 34289 405de3 34265->34289 34270 402f97 34268->34270 34269 402fc2 34293 40315d 34269->34293 34270->34269 34306 403173 SetFilePointer 34270->34306 34274 4030e7 34274->34259 34275 4030fd 34277 403101 34275->34277 34281 403119 34275->34281 34276 402fdf GetTickCount 34284 402ff2 34276->34284 34278 40315d ReadFile 34277->34278 34278->34274 34279 40315d ReadFile 34279->34281 34280 40315d ReadFile 34280->34284 34281->34274 34281->34279 34282 405b6f WriteFile 34281->34282 34282->34281 34284->34274 34284->34280 34285 403058 GetTickCount 34284->34285 34286 403081 MulDiv wsprintfA 34284->34286 34296 40640c 34284->34296 34304 405b6f WriteFile 34284->34304 34285->34284 34307 405056 34286->34307 34290 405df2 34289->34290 34291 4023fc 34290->34291 34292 405dfd RegCreateKeyExA 34290->34292 34291->34254 34291->34255 34291->34256 34292->34291 34294 405b40 ReadFile 34293->34294 34295 402fcd 34294->34295 34295->34274 34295->34275 34295->34276 34297 406431 34296->34297 34300 406439 34296->34300 34297->34284 34298 4064c0 GlobalFree 34299 4064c9 GlobalAlloc 34298->34299 34299->34297 34301 4064dd 34299->34301 34300->34297 34300->34298 34300->34299 34302 406540 GlobalAlloc 34300->34302 34303 406537 GlobalFree 34300->34303 34301->34300 34302->34297 34302->34300 34303->34302 34305 405b8d 34304->34305 34305->34284 34306->34269 34308 405071 34307->34308 34317 405114 34307->34317 34309 40508e lstrlenA 34308->34309 34312 405f51 17 API calls 34308->34312 34310 4050b7 34309->34310 34311 40509c lstrlenA 34309->34311 34314 4050ca 34310->34314 34315 4050bd SetWindowTextA 34310->34315 34313 4050ae lstrcatA 34311->34313 34311->34317 34312->34309 34313->34310 34316 4050d0 SendMessageA SendMessageA SendMessageA 34314->34316 34314->34317 34315->34314 34316->34317 34317->34284 34318 401932 34319 401934 34318->34319 34320 402ac1 17 API calls 34319->34320 34321 401939 34320->34321 34324 4056f7 34321->34324 34364 4059b5 34324->34364 34327 405736 34331 405864 34327->34331 34378 405f2f lstrcpynA 34327->34378 34328 40571f DeleteFileA 34332 401942 34328->34332 34330 40575c 34333 405762 lstrcatA 34330->34333 34334 40576f 34330->34334 34331->34332 34386 406232 FindFirstFileA 34331->34386 34336 405775 34333->34336 34379 40590e lstrlenA 34334->34379 34339 405783 lstrcatA 34336->34339 34341 40578e lstrlenA FindFirstFileA 34336->34341 34339->34341 34340 40588c 34389 4058c7 lstrlenA CharPrevA 34340->34389 34341->34331 34346 4057b2 34341->34346 34344 4058f2 CharNextA 34344->34346 34346->34344 34351 405843 FindNextFileA 34346->34351 34360 405804 34346->34360 34383 405f2f lstrcpynA 34346->34383 34347 40589e 34348 4058a2 34347->34348 34349 4058b8 34347->34349 34348->34332 34354 405056 24 API calls 34348->34354 34350 405056 24 API calls 34349->34350 34350->34332 34351->34346 34353 40585b FindClose 34351->34353 34353->34331 34355 4058af 34354->34355 34393 405d0e 36 API calls 34355->34393 34358 4056f7 60 API calls 34358->34360 34359 4058b6 34359->34332 34360->34351 34360->34358 34361 405056 24 API calls 34360->34361 34362 405056 24 API calls 34360->34362 34384 4056af RemoveDirectoryA DeleteFileA SetFileAttributesA GetFileAttributesA SetFileAttributesA 34360->34384 34385 405d0e 36 API calls 34360->34385 34361->34351 34362->34360 34394 405f2f lstrcpynA 34364->34394 34366 4059c6 34395 405960 CharNextA CharNextA 34366->34395 34368 405717 34368->34327 34368->34328 34370 406199 5 API calls 34376 4059dc 34370->34376 34371 405a07 lstrlenA 34372 405a12 34371->34372 34371->34376 34374 4058c7 3 API calls 34372->34374 34373 406232 2 API calls 34373->34376 34375 405a17 GetFileAttributesA 34374->34375 34375->34368 34376->34368 34376->34371 34376->34373 34377 40590e 2 API calls 34376->34377 34377->34371 34378->34330 34380 40591b 34379->34380 34381 405920 CharPrevA 34380->34381 34382 40592c 34380->34382 34381->34380 34381->34382 34382->34336 34383->34346 34384->34360 34385->34360 34387 405888 34386->34387 34388 406248 FindClose 34386->34388 34387->34332 34387->34340 34388->34387 34390 4058e1 lstrcatA 34389->34390 34391 405892 34389->34391 34390->34391 34392 4056af RemoveDirectoryA DeleteFileA SetFileAttributesA GetFileAttributesA SetFileAttributesA 34391->34392 34392->34347 34393->34359 34394->34366 34396 40597b 34395->34396 34400 40598b 34395->34400 34398 405986 CharNextA 34396->34398 34396->34400 34397 4059ab 34397->34368 34397->34370 34398->34397 34399 4058f2 CharNextA 34399->34400 34400->34397 34400->34399 34401 401d95 GetDC 34402 402a9f 17 API calls 34401->34402 34403 401da7 GetDeviceCaps MulDiv ReleaseDC 34402->34403 34404 402a9f 17 API calls 34403->34404 34405 401dd8 34404->34405 34406 405f51 17 API calls 34405->34406 34407 401e15 CreateFontIndirectA 34406->34407 34408 402577 34407->34408 34409 4014d6 34410 402a9f 17 API calls 34409->34410 34411 4014dc Sleep 34410->34411 34413 402951 34411->34413 34414 4022f6 34415 402304 34414->34415 34416 4022fe 34414->34416 34418 402314 34415->34418 34420 402ac1 17 API calls 34415->34420 34417 402ac1 17 API calls 34416->34417 34417->34415 34419 402322 34418->34419 34421 402ac1 17 API calls 34418->34421 34422 402ac1 17 API calls 34419->34422 34420->34418 34421->34419 34423 40232b WritePrivateProfileStringA 34422->34423 34424 401759 34425 402ac1 17 API calls 34424->34425 34426 401760 34425->34426 34427 401786 34426->34427 34428 40177e 34426->34428 34465 405f2f lstrcpynA 34427->34465 34464 405f2f lstrcpynA 34428->34464 34431 401784 34435 406199 5 API calls 34431->34435 34432 401791 34433 4058c7 3 API calls 34432->34433 34434 401797 lstrcatA 34433->34434 34434->34431 34460 4017a3 34435->34460 34436 406232 2 API calls 34436->34460 34437 4017e4 34466 405aa3 GetFileAttributesA SetFileAttributesA 34437->34466 34440 4017ba CompareFileTime 34440->34460 34441 40187e 34442 405056 24 API calls 34441->34442 34444 401888 34442->34444 34443 401855 34445 405056 24 API calls 34443->34445 34461 40186a 34443->34461 34446 402f81 35 API calls 34444->34446 34445->34461 34447 40189b 34446->34447 34449 4018af SetFileTime 34447->34449 34451 4018c1 CloseHandle 34447->34451 34448 405f2f lstrcpynA 34448->34460 34449->34451 34450 405f51 17 API calls 34450->34460 34452 4018d2 34451->34452 34451->34461 34453 4018d7 34452->34453 34454 4018ea 34452->34454 34455 405f51 17 API calls 34453->34455 34456 405f51 17 API calls 34454->34456 34458 4018df lstrcatA 34455->34458 34459 4018f2 34456->34459 34458->34459 34459->34461 34468 40564b MessageBoxIndirectA 34459->34468 34460->34436 34460->34437 34460->34440 34460->34441 34460->34443 34460->34448 34460->34450 34463 405ac8 GetFileAttributesA CreateFileA 34460->34463 34467 40564b MessageBoxIndirectA 34460->34467 34463->34460 34464->34431 34465->34432 34466->34460 34467->34460 34468->34461 34469 40233a 34470 402ac1 17 API calls 34469->34470 34471 40234b 34470->34471 34472 402ac1 17 API calls 34471->34472 34473 402354 34472->34473 34474 402ac1 17 API calls 34473->34474 34475 40235e GetPrivateProfileStringA 34474->34475 34476 401edb 34477 402ac1 17 API calls 34476->34477 34478 401ee1 34477->34478 34479 405056 24 API calls 34478->34479 34480 401eeb 34479->34480 34491 4055ce CreateProcessA 34480->34491 34483 401f12 CloseHandle 34486 402716 34483->34486 34487 401f06 34488 401f14 34487->34488 34489 401f0b 34487->34489 34488->34483 34495 405e8d wsprintfA 34489->34495 34492 405601 CloseHandle 34491->34492 34493 401ef1 34491->34493 34492->34493 34493->34483 34493->34486 34494 40633c DispatchMessageA PeekMessageA WaitForSingleObject WaitForSingleObject GetExitCodeProcess 34493->34494 34494->34487 34495->34483 34496 40237b 34497 402382 34496->34497 34498 4023ad 34496->34498 34500 402b01 17 API calls 34497->34500 34499 402ac1 17 API calls 34498->34499 34502 4023b4 34499->34502 34501 402389 34500->34501 34503 402393 34501->34503 34506 4023c1 34501->34506 34508 402b7f 10 API calls 34502->34508 34505 402ac1 17 API calls 34503->34505 34507 40239a RegDeleteValueA RegCloseKey 34505->34507 34507->34506 34508->34506 34509 4015bb 34510 402ac1 17 API calls 34509->34510 34511 4015c2 34510->34511 34512 405960 4 API calls 34511->34512 34524 4015ca 34512->34524 34513 401624 34514 401652 34513->34514 34515 401629 34513->34515 34518 401423 24 API calls 34514->34518 34536 401423 34515->34536 34516 4058f2 CharNextA 34516->34524 34525 40164a 34518->34525 34523 40163b SetCurrentDirectoryA 34523->34525 34524->34513 34524->34516 34526 40160c GetFileAttributesA 34524->34526 34528 4055b6 34524->34528 34531 40551c CreateDirectoryA 34524->34531 34540 405599 CreateDirectoryA 34524->34540 34526->34524 34543 4062c7 GetModuleHandleA 34528->34543 34532 405569 34531->34532 34533 40556d GetLastError 34531->34533 34532->34524 34533->34532 34534 40557c SetFileSecurityA 34533->34534 34534->34532 34535 405592 GetLastError 34534->34535 34535->34532 34537 405056 24 API calls 34536->34537 34538 401431 34537->34538 34539 405f2f lstrcpynA 34538->34539 34539->34523 34541 4055a9 34540->34541 34542 4055ad GetLastError 34540->34542 34541->34524 34542->34541 34544 4062e3 34543->34544 34545 4062ed GetProcAddress 34543->34545 34549 406259 GetSystemDirectoryA 34544->34549 34547 4055bd 34545->34547 34547->34524 34548 4062e9 34548->34545 34548->34547 34550 40627b wsprintfA LoadLibraryExA 34549->34550 34550->34548 34552 4031bb SetErrorMode GetVersion 34553 4031fc 34552->34553 34554 403202 34552->34554 34555 4062c7 5 API calls 34553->34555 34556 406259 3 API calls 34554->34556 34555->34554 34557 403218 lstrlenA 34556->34557 34557->34554 34558 403227 34557->34558 34559 4062c7 5 API calls 34558->34559 34560 40322e 34559->34560 34561 4062c7 5 API calls 34560->34561 34562 403235 34561->34562 34563 4062c7 5 API calls 34562->34563 34564 403241 #17 OleInitialize SHGetFileInfoA 34563->34564 34643 405f2f lstrcpynA 34564->34643 34567 40328d GetCommandLineA 34644 405f2f lstrcpynA 34567->34644 34569 40329f GetModuleHandleA 34570 4032b6 34569->34570 34571 4058f2 CharNextA 34570->34571 34572 4032ca CharNextA 34571->34572 34580 4032da 34572->34580 34573 4033a4 34574 4033b7 GetTempPathA 34573->34574 34645 40318a 34574->34645 34576 4033cf 34577 4033d3 GetWindowsDirectoryA lstrcatA 34576->34577 34578 403429 DeleteFileA 34576->34578 34581 40318a 12 API calls 34577->34581 34655 402d48 GetTickCount GetModuleFileNameA 34578->34655 34579 4058f2 CharNextA 34579->34580 34580->34573 34580->34579 34584 4033a6 34580->34584 34583 4033ef 34581->34583 34583->34578 34587 4033f3 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 34583->34587 34740 405f2f lstrcpynA 34584->34740 34585 40343d 34588 4034c3 34585->34588 34592 4058f2 CharNextA 34585->34592 34638 4034d3 34585->34638 34590 40318a 12 API calls 34587->34590 34683 40377f 34588->34683 34594 403421 34590->34594 34595 403458 34592->34595 34593 4034dc OleUninitialize 34596 40360b 34593->34596 34597 4034ed 34593->34597 34594->34578 34594->34638 34602 403503 34595->34602 34603 40349e 34595->34603 34599 403613 GetCurrentProcess OpenProcessToken 34596->34599 34600 40368d ExitProcess 34596->34600 34744 40564b MessageBoxIndirectA 34597->34744 34605 40365e 34599->34605 34606 40362e LookupPrivilegeValueA AdjustTokenPrivileges 34599->34606 34608 4055b6 5 API calls 34602->34608 34607 4059b5 18 API calls 34603->34607 34604 4034fb ExitProcess 34609 4062c7 5 API calls 34605->34609 34606->34605 34610 4034a9 34607->34610 34611 403508 lstrcatA 34608->34611 34612 403665 34609->34612 34610->34638 34741 405f2f lstrcpynA 34610->34741 34614 403524 lstrcatA lstrcmpiA 34611->34614 34615 403519 lstrcatA 34611->34615 34613 40367a ExitWindowsEx 34612->34613 34616 403686 34612->34616 34613->34600 34613->34616 34618 403540 34614->34618 34614->34638 34615->34614 34749 40140b MulDiv SendMessageA 34616->34749 34621 403545 34618->34621 34622 40354c 34618->34622 34620 4034b8 34742 405f2f lstrcpynA 34620->34742 34623 40551c 4 API calls 34621->34623 34624 405599 2 API calls 34622->34624 34626 40354a 34623->34626 34627 403551 SetCurrentDirectoryA 34624->34627 34626->34627 34628 403560 34627->34628 34629 40356b 34627->34629 34745 405f2f lstrcpynA 34628->34745 34746 405f2f lstrcpynA 34629->34746 34632 405f51 17 API calls 34633 4035aa DeleteFileA 34632->34633 34634 4035b7 CopyFileA 34633->34634 34640 403579 34633->34640 34634->34640 34635 4035ff 34748 405d0e 36 API calls 34635->34748 34743 4036a5 70 API calls 34638->34743 34639 405f51 17 API calls 34639->34640 34640->34632 34640->34635 34640->34639 34641 4055ce 2 API calls 34640->34641 34642 4035eb CloseHandle 34640->34642 34747 405d0e 36 API calls 34640->34747 34641->34640 34642->34640 34643->34567 34644->34569 34646 406199 5 API calls 34645->34646 34648 403196 34646->34648 34647 4031a0 34647->34576 34648->34647 34649 4058c7 3 API calls 34648->34649 34650 4031a8 34649->34650 34651 405599 2 API calls 34650->34651 34652 4031ae 34651->34652 34653 405af7 2 API calls 34652->34653 34654 4031b9 34653->34654 34654->34576 34750 405ac8 GetFileAttributesA CreateFileA 34655->34750 34657 402d88 34658 402d98 34657->34658 34751 405f2f lstrcpynA 34657->34751 34658->34585 34660 402dae 34661 40590e 2 API calls 34660->34661 34662 402db4 34661->34662 34752 405f2f lstrcpynA 34662->34752 34664 402dbf GetFileSize 34665 402dd6 34664->34665 34680 402ebb 34664->34680 34665->34658 34668 40315d ReadFile 34665->34668 34671 402f27 34665->34671 34679 402ce4 6 API calls 34665->34679 34665->34680 34667 402ec4 34667->34658 34669 402ef4 GlobalAlloc 34667->34669 34765 403173 SetFilePointer 34667->34765 34668->34665 34764 403173 SetFilePointer 34669->34764 34675 402ce4 6 API calls 34671->34675 34673 402edd 34676 40315d ReadFile 34673->34676 34674 402f0f 34677 402f81 35 API calls 34674->34677 34675->34658 34678 402ee8 34676->34678 34681 402f1b 34677->34681 34678->34658 34678->34669 34679->34665 34753 402ce4 34680->34753 34681->34658 34681->34681 34682 402f58 SetFilePointer 34681->34682 34682->34658 34684 4062c7 5 API calls 34683->34684 34685 403793 34684->34685 34686 403799 34685->34686 34687 4037ab 34685->34687 34775 405e8d wsprintfA 34686->34775 34688 405e16 3 API calls 34687->34688 34689 4037d6 34688->34689 34690 4037f4 lstrcatA 34689->34690 34692 405e16 3 API calls 34689->34692 34693 4037a9 34690->34693 34692->34690 34767 403a44 34693->34767 34696 4059b5 18 API calls 34697 403826 34696->34697 34698 4038af 34697->34698 34700 405e16 3 API calls 34697->34700 34699 4059b5 18 API calls 34698->34699 34701 4038b5 34699->34701 34703 403852 34700->34703 34702 4038c5 LoadImageA 34701->34702 34704 405f51 17 API calls 34701->34704 34705 40396b 34702->34705 34706 4038ec RegisterClassA 34702->34706 34703->34698 34707 40386e lstrlenA 34703->34707 34711 4058f2 CharNextA 34703->34711 34704->34702 34777 40140b MulDiv SendMessageA 34705->34777 34708 403922 SystemParametersInfoA CreateWindowExA 34706->34708 34709 403975 34706->34709 34712 4038a2 34707->34712 34713 40387c lstrcmpiA 34707->34713 34708->34705 34709->34638 34715 40386c 34711->34715 34717 4058c7 3 API calls 34712->34717 34713->34712 34716 40388c GetFileAttributesA 34713->34716 34714 403971 34714->34709 34719 403a44 18 API calls 34714->34719 34715->34707 34718 403898 34716->34718 34720 4038a8 34717->34720 34718->34712 34721 40590e 2 API calls 34718->34721 34722 403982 34719->34722 34776 405f2f lstrcpynA 34720->34776 34721->34712 34724 403a11 34722->34724 34725 40398e ShowWindow 34722->34725 34779 405128 MulDiv SendMessageA SendMessageA OleInitialize OleUninitialize 34724->34779 34727 406259 3 API calls 34725->34727 34729 4039a6 34727->34729 34728 403a17 34730 403a33 34728->34730 34731 403a1b 34728->34731 34732 4039b4 GetClassInfoA 34729->34732 34734 406259 3 API calls 34729->34734 34781 40140b MulDiv SendMessageA 34730->34781 34731->34709 34780 40140b MulDiv SendMessageA 34731->34780 34735 4039c8 GetClassInfoA RegisterClassA 34732->34735 34736 4039de DialogBoxParamA 34732->34736 34734->34732 34735->34736 34778 40140b MulDiv SendMessageA 34736->34778 34739 403a06 34739->34709 34740->34574 34741->34620 34742->34588 34743->34593 34744->34604 34745->34629 34746->34640 34747->34640 34748->34638 34749->34600 34750->34657 34751->34660 34752->34664 34754 402d05 34753->34754 34755 402ced 34753->34755 34758 402d15 GetTickCount 34754->34758 34759 402d0d 34754->34759 34756 402cf6 DestroyWindow 34755->34756 34757 402cfd 34755->34757 34756->34757 34757->34667 34760 402d23 CreateDialogParamA ShowWindow 34758->34760 34761 402d46 34758->34761 34766 406303 DispatchMessageA PeekMessageA 34759->34766 34760->34761 34761->34667 34763 402d13 34763->34667 34764->34674 34765->34673 34766->34763 34768 403a58 34767->34768 34782 405e8d wsprintfA 34768->34782 34770 403ac9 34783 403afd 34770->34783 34772 403804 34772->34696 34773 403ace 34773->34772 34774 405f51 17 API calls 34773->34774 34774->34773 34775->34693 34776->34698 34777->34714 34778->34739 34779->34728 34780->34709 34781->34709 34782->34770 34784 405f51 17 API calls 34783->34784 34785 403b0b SetWindowTextA 34784->34785 34785->34773 34786 401ffd 34787 40200f 34786->34787 34797 4020bd 34786->34797 34788 402ac1 17 API calls 34787->34788 34790 402016 34788->34790 34789 401423 24 API calls 34793 40223c 34789->34793 34791 402ac1 17 API calls 34790->34791 34792 40201f 34791->34792 34794 402034 LoadLibraryExA 34792->34794 34795 402027 GetModuleHandleA 34792->34795 34796 402044 GetProcAddress 34794->34796 34794->34797 34795->34794 34795->34796 34798 402090 34796->34798 34799 402053 34796->34799 34797->34789 34802 405056 24 API calls 34798->34802 34800 402072 34799->34800 34801 40205b 34799->34801 34807 100016bd 34800->34807 34803 401423 24 API calls 34801->34803 34804 402063 34802->34804 34803->34804 34804->34793 34805 4020b1 FreeLibrary 34804->34805 34805->34793 34808 100016ed 34807->34808 34849 10001a5d 34808->34849 34810 100016f4 34811 1000180a 34810->34811 34812 10001705 34810->34812 34813 1000170c 34810->34813 34811->34804 34898 100021b0 GlobalAlloc 34812->34898 34881 100021fa 34813->34881 34816 1000170b 34816->34813 34818 10001770 34822 100017b2 34818->34822 34823 10001776 34818->34823 34819 10001752 34901 100023d8 11 API calls 34819->34901 34820 10001722 34825 10001728 34820->34825 34830 10001733 34820->34830 34821 1000173b 34836 10001731 34821->34836 34900 10002a9f GlobalFree 34821->34900 34906 100023d8 11 API calls 34822->34906 34904 10001559 GlobalAlloc lstrcpyA wsprintfA 34823->34904 34825->34836 34892 100027e4 34825->34892 34829 10001758 34902 10001559 GlobalAlloc lstrcpyA wsprintfA 34829->34902 34899 10002587 GlobalAlloc GlobalSize 34830->34899 34833 1000178c 34905 100023d8 11 API calls 34833->34905 34834 100017a4 34848 100017f9 34834->34848 34907 1000239e GlobalFree 34834->34907 34836->34818 34836->34819 34837 10001739 34837->34836 34839 1000175e 34903 10001266 GlobalAlloc lstrcpynA 34839->34903 34841 10001803 GlobalFree 34841->34811 34843 10001764 GlobalFree 34843->34834 34844 100017c5 34845 100017e5 34844->34845 34847 100017de FreeLibrary 34844->34847 34845->34848 34908 100014e2 GlobalAlloc lstrcpynA wsprintfA 34845->34908 34847->34845 34848->34811 34848->34841 34909 10001215 GlobalAlloc 34849->34909 34851 10001a81 34910 10001215 GlobalAlloc 34851->34910 34853 10001cbb GlobalFree GlobalFree GlobalFree 34854 10001cd8 34853->34854 34865 10001d22 34853->34865 34855 1000201a 34854->34855 34864 10001ced 34854->34864 34854->34865 34858 1000203c GetModuleHandleA 34855->34858 34855->34865 34856 10001b60 GlobalAlloc 34857 10001a8c 34856->34857 34857->34853 34857->34856 34861 10001bab lstrcpyA 34857->34861 34862 10001bc9 GlobalFree 34857->34862 34857->34865 34866 10001bb5 lstrcpyA 34857->34866 34868 10001f7a 34857->34868 34874 10001e75 GlobalFree 34857->34874 34879 10001c07 34857->34879 34913 10001215 GlobalAlloc 34857->34913 34914 10001224 GlobalAlloc lstrcpynA 34857->34914 34859 10002062 34858->34859 34860 1000204d LoadLibraryA 34858->34860 34915 100015a4 GetProcAddress 34859->34915 34860->34859 34860->34865 34861->34866 34862->34857 34864->34865 34912 10001224 GlobalAlloc lstrcpynA 34864->34912 34865->34810 34866->34857 34867 100020b3 34867->34865 34869 100020c0 lstrlenA 34867->34869 34868->34865 34873 10001fbe lstrcpyA 34868->34873 34916 100015a4 GetProcAddress 34869->34916 34873->34865 34874->34857 34875 10002074 34875->34867 34880 1000209d GetProcAddress 34875->34880 34876 100020d9 34876->34865 34879->34857 34911 10001534 GlobalSize GlobalAlloc 34879->34911 34880->34867 34882 10002212 34881->34882 34884 10002347 GlobalFree 34882->34884 34885 100022bb GlobalAlloc MultiByteToWideChar 34882->34885 34887 10001224 GlobalAlloc lstrcpynA 34882->34887 34889 10002306 34882->34889 34917 100012ad GlobalAlloc lstrcpynA 34882->34917 34884->34882 34886 10001712 34884->34886 34888 100022e5 GlobalAlloc 34885->34888 34885->34889 34886->34820 34886->34821 34886->34836 34887->34882 34890 100022fd GlobalFree 34888->34890 34889->34884 34918 1000251b VirtualAlloc 34889->34918 34890->34884 34894 100027f6 34892->34894 34893 1000289b VirtualAllocEx 34895 100028b9 34893->34895 34894->34893 34896 100029b5 34895->34896 34897 100029aa GetLastError 34895->34897 34896->34836 34897->34896 34898->34816 34899->34837 34901->34829 34902->34839 34903->34843 34904->34833 34905->34834 34906->34834 34907->34844 34908->34848 34909->34851 34910->34857 34911->34879 34912->34865 34913->34857 34914->34857 34915->34875 34916->34876 34917->34882 34918->34889 34919 40159d 34920 402ac1 17 API calls 34919->34920 34921 4015a4 SetFileAttributesA 34920->34921 34922 4015b6 34921->34922 34923 401a1e 34924 402ac1 17 API calls 34923->34924 34925 401a27 ExpandEnvironmentStringsA 34924->34925 34926 401a3b 34925->34926 34928 401a4e 34925->34928 34927 401a40 lstrcmpA 34926->34927 34926->34928 34927->34928 34929 4024df 34930 402b01 17 API calls 34929->34930 34931 4024e9 34930->34931 34932 402a9f 17 API calls 34931->34932 34933 4024f2 34932->34933 34934 402500 34933->34934 34939 402716 34933->34939 34935 402519 RegEnumValueA 34934->34935 34936 40250d RegEnumKeyA 34934->34936 34937 402535 RegCloseKey 34935->34937 34938 40252e 34935->34938 34936->34937 34937->34939 34938->34937

                                                  Executed Functions

                                                  Function 004031BB Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 368stringcomfileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 4031bb-4031fa SetErrorMode GetVersion 1 4031fc-403204 call 4062c7 0->1 2 40320d 0->2 1->2 7 403206 1->7 4 403212-403225 call 406259 lstrlenA 2->4 9 403227-403243 call 4062c7 * 3 4->9 7->2 16 403254-4032b4 #17 OleInitialize SHGetFileInfoA call 405f2f GetCommandLineA call 405f2f GetModuleHandleA 9->16 17 403245-40324b 9->17 24 4032c0-4032d5 call 4058f2 CharNextA 16->24 25 4032b6-4032bb 16->25 17->16 21 40324d 17->21 21->16 28 40339a-40339e 24->28 25->24 29 4033a4 28->29 30 4032da-4032dd 28->30 31 4033b7-4033d1 GetTempPathA call 40318a 29->31 32 4032e5-4032ed 30->32 33 4032df-4032e3 30->33 42 4033d3-4033f1 GetWindowsDirectoryA lstrcatA call 40318a 31->42 43 403429-403443 DeleteFileA call 402d48 31->43 34 4032f5-4032f8 32->34 35 4032ef-4032f0 32->35 33->32 33->33 37 40338a-403397 call 4058f2 34->37 38 4032fe-403302 34->38 35->34 37->28 57 403399 37->57 40 403304-40330a 38->40 41 40331a-403347 38->41 45 403310 40->45 46 40330c-40330e 40->46 47 403349-40334f 41->47 48 40335a-403388 41->48 42->43 61 4033f3-403423 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40318a 42->61 58 4034d7-4034e7 call 4036a5 OleUninitialize 43->58 59 403449-40344f 43->59 45->41 46->41 46->45 52 403351-403353 47->52 53 403355 47->53 48->37 55 4033a6-4033b2 call 405f2f 48->55 52->48 52->53 53->48 55->31 57->28 72 40360b-403611 58->72 73 4034ed-4034fd call 40564b ExitProcess 58->73 62 403451-40345c call 4058f2 59->62 63 4034c7-4034ce call 40377f 59->63 61->43 61->58 74 403492-40349c 62->74 75 40345e-403487 62->75 70 4034d3 63->70 70->58 77 403613-40362c GetCurrentProcess OpenProcessToken 72->77 78 40368d-403695 72->78 82 403503-403517 call 4055b6 lstrcatA 74->82 83 40349e-4034ab call 4059b5 74->83 79 403489-40348b 75->79 85 40365e-40366c call 4062c7 77->85 86 40362e-403658 LookupPrivilegeValueA AdjustTokenPrivileges 77->86 80 403697 78->80 81 40369b-40369f ExitProcess 78->81 79->74 87 40348d-403490 79->87 80->81 97 403524-40353e lstrcatA lstrcmpiA 82->97 98 403519-40351f lstrcatA 82->98 83->58 96 4034ad-4034c3 call 405f2f * 2 83->96 94 40367a-403684 ExitWindowsEx 85->94 95 40366e-403678 85->95 86->85 87->74 87->79 94->78 99 403686-403688 call 40140b 94->99 95->94 95->99 96->63 97->58 101 403540-403543 97->101 98->97 99->78 105 403545-40354a call 40551c 101->105 106 40354c call 405599 101->106 111 403551-40355e SetCurrentDirectoryA 105->111 106->111 113 403560-403566 call 405f2f 111->113 114 40356b-403593 call 405f2f 111->114 113->114 118 403599-4035b5 call 405f51 DeleteFileA 114->118 121 4035f6-4035fd 118->121 122 4035b7-4035c7 CopyFileA 118->122 121->118 123 4035ff-403606 call 405d0e 121->123 122->121 124 4035c9-4035e9 call 405d0e call 405f51 call 4055ce 122->124 123->58 124->121 133 4035eb-4035f2 CloseHandle 124->133 133->121
                                                  APIs
                                                  • SetErrorMode.KERNELBASE ref: 004031E0
                                                  • GetVersion.KERNEL32 ref: 004031E6
                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403219
                                                  • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403255
                                                  • OleInitialize.OLE32(00000000), ref: 0040325C
                                                  • SHGetFileInfoA.SHELL32(0041ECC8,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 00403278
                                                  • GetCommandLineA.KERNEL32(00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 0040328D
                                                  • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Micra.exe",00000000,?,00000006,00000008,0000000A), ref: 004032A0
                                                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Micra.exe",00000020,?,00000006,00000008,0000000A), ref: 004032CB
                                                  • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000006,00000008,0000000A), ref: 004033C8
                                                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004033D9
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004033E5
                                                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004033F9
                                                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403401
                                                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403412
                                                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040341A
                                                  • DeleteFileA.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 0040342E
                                                    • Part of subcall function 004062C7: GetModuleHandleA.KERNEL32(?,?,?,0040322E,0000000A), ref: 004062D9
                                                    • Part of subcall function 004062C7: GetProcAddress.KERNEL32(00000000,?), ref: 004062F4
                                                    • Part of subcall function 00405F2F: lstrcpynA.KERNEL32(?,?,00000400,0040328D,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F3C
                                                    • Part of subcall function 0040377F: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\entomostraca\nonmissionary,1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410), ref: 0040386F
                                                    • Part of subcall function 0040377F: lstrcmpiA.KERNEL32(?,.exe), ref: 00403882
                                                    • Part of subcall function 0040377F: GetFileAttributesA.KERNEL32(Call), ref: 0040388D
                                                    • Part of subcall function 0040377F: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\entomostraca\nonmissionary), ref: 004038D6
                                                    • Part of subcall function 0040377F: RegisterClassA.USER32(00422EA0), ref: 00403913
                                                    • Part of subcall function 004036A5: CloseHandle.KERNEL32(000002CC,004034DC,?,?,00000006,00000008,0000000A), ref: 004036B0
                                                  • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 004034DC
                                                  • ExitProcess.KERNEL32 ref: 004034FD
                                                  • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 0040361A
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403621
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403639
                                                  • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403658
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 0040367C
                                                  • ExitProcess.KERNEL32 ref: 0040369F
                                                    • Part of subcall function 0040564B: MessageBoxIndirectA.USER32(00409218), ref: 004056A6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Process$ExitFileHandle$EnvironmentModulePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpilstrcpyn
                                                  • String ID: "$"C:\Users\user\Desktop\Micra.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Micra.exe$C:\Users\user\entomostraca\nonmissionary$C:\Users\user\entomostraca\nonmissionary$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`Kt$~nsu
                                                  • API String ID: 3855923921-3551660640
                                                  • Opcode ID: 41a2d84af2d5407adc1c32c5249e47afef491bae6f079a6a4bd1fd594076673a
                                                  • Instruction ID: af4360d81dc256b8c9424dc56f1358f7fe08c6a718ebf40f6c8df5272bc15683
                                                  • Opcode Fuzzy Hash: 41a2d84af2d5407adc1c32c5249e47afef491bae6f079a6a4bd1fd594076673a
                                                  • Instruction Fuzzy Hash: 14C1F5706086427AE7217F719D49B2B3EACEB85306F04457FF541B62E2C77C9A058B2E
                                                  Function 00402D48 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 208 402d48-402d96 GetTickCount GetModuleFileNameA call 405ac8 211 402da2-402dd0 call 405f2f call 40590e call 405f2f GetFileSize 208->211 212 402d98-402d9d 208->212 220 402dd6 211->220 221 402ebd-402ecb call 402ce4 211->221 213 402f7a-402f7e 212->213 222 402ddb-402df2 220->222 227 402f20-402f25 221->227 228 402ecd-402ed0 221->228 225 402df4 222->225 226 402df6-402dff call 40315d 222->226 225->226 234 402e05-402e0c 226->234 235 402f27-402f2f call 402ce4 226->235 227->213 230 402ed2-402eea call 403173 call 40315d 228->230 231 402ef4-402f1e GlobalAlloc call 403173 call 402f81 228->231 230->227 254 402eec-402ef2 230->254 231->227 259 402f31-402f42 231->259 238 402e88-402e8c 234->238 239 402e0e-402e22 call 405a83 234->239 235->227 244 402e96-402e9c 238->244 245 402e8e-402e95 call 402ce4 238->245 239->244 257 402e24-402e2b 239->257 250 402eab-402eb5 244->250 251 402e9e-402ea8 call 40637e 244->251 245->244 250->222 258 402ebb 250->258 251->250 254->227 254->231 257->244 263 402e2d-402e34 257->263 258->221 260 402f44 259->260 261 402f4a-402f4f 259->261 260->261 264 402f50-402f56 261->264 263->244 265 402e36-402e3d 263->265 264->264 266 402f58-402f73 SetFilePointer call 405a83 264->266 265->244 267 402e3f-402e46 265->267 271 402f78 266->271 267->244 269 402e48-402e68 267->269 269->227 270 402e6e-402e72 269->270 272 402e74-402e78 270->272 273 402e7a-402e82 270->273 271->213 272->258 272->273 273->244 274 402e84-402e86 273->274 274->244
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00402D59
                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Micra.exe,00000400), ref: 00402D75
                                                    • Part of subcall function 00405AC8: GetFileAttributesA.KERNELBASE(?,00402D88,C:\Users\user\Desktop\Micra.exe,80000000,?), ref: 00405ACC
                                                    • Part of subcall function 00405AC8: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AEE
                                                  • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Micra.exe,C:\Users\user\Desktop\Micra.exe,80000000,?), ref: 00402DC1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                  • String ID: "C:\Users\user\Desktop\Micra.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Micra.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                  • API String ID: 4283519449-3930613125
                                                  • Opcode ID: 9cf78e836df077268a8f392ddbbc0cddc733458901816a9142e16d675eec763f
                                                  • Instruction ID: ef8309496f7f1060f742aea9483ad6a943d4cc908664d4bedc23fec409a9c2f2
                                                  • Opcode Fuzzy Hash: 9cf78e836df077268a8f392ddbbc0cddc733458901816a9142e16d675eec763f
                                                  • Instruction Fuzzy Hash: F251D5B1A40215ABDF209F65DE89B9E7AB8FB04355F10413BE900B62D1C7BC9E418B9D
                                                  Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                  • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                                  • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                  • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                  • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                  • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                  • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                  • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                  • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                  • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$lstrcpy$Alloc
                                                  • String ID:
                                                  • API String ID: 4227406936-0
                                                  • Opcode ID: 4cb5dc2aea9cf7ab25a3b1e4be44dc9197e12157622a09bbe3f88e709afef852
                                                  • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                  • Opcode Fuzzy Hash: 4cb5dc2aea9cf7ab25a3b1e4be44dc9197e12157622a09bbe3f88e709afef852
                                                  • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                  Function 004056F7 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 537 4056f7-40571d call 4059b5 540 405736-40573d 537->540 541 40571f-405731 DeleteFileA 537->541 543 405750-405760 call 405f2f 540->543 544 40573f-405741 540->544 542 4058c0-4058c4 541->542 552 405762-40576d lstrcatA 543->552 553 40576f-405770 call 40590e 543->553 545 405747-40574a 544->545 546 40586e-405873 544->546 545->543 545->546 546->542 549 405875-405878 546->549 550 405882-40588a call 406232 549->550 551 40587a-405880 549->551 550->542 560 40588c-4058a0 call 4058c7 call 4056af 550->560 551->542 555 405775-405778 552->555 553->555 558 405783-405789 lstrcatA 555->558 559 40577a-405781 555->559 561 40578e-4057ac lstrlenA FindFirstFileA 558->561 559->558 559->561 576 4058a2-4058a5 560->576 577 4058b8-4058bb call 405056 560->577 563 4057b2-4057c9 call 4058f2 561->563 564 405864-405868 561->564 570 4057d4-4057d7 563->570 571 4057cb-4057cf 563->571 564->546 566 40586a 564->566 566->546 574 4057d9-4057de 570->574 575 4057ea-4057f8 call 405f2f 570->575 571->570 573 4057d1 571->573 573->570 579 4057e0-4057e2 574->579 580 405843-405855 FindNextFileA 574->580 587 4057fa-405802 575->587 588 40580f-40581a call 4056af 575->588 576->551 582 4058a7-4058b6 call 405056 call 405d0e 576->582 577->542 579->575 583 4057e4-4057e8 579->583 580->563 585 40585b-40585e FindClose 580->585 582->542 583->575 583->580 585->564 587->580 590 405804-40580d call 4056f7 587->590 596 40583b-40583e call 405056 588->596 597 40581c-40581f 588->597 590->580 596->580 599 405821-405831 call 405056 call 405d0e 597->599 600 405833-405839 597->600 599->580 600->580
                                                  APIs
                                                  • DeleteFileA.KERNELBASE(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405720
                                                  • lstrcatA.KERNEL32(00420D10,\*.*,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405768
                                                  • lstrcatA.KERNEL32(?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405789
                                                  • lstrlenA.KERNEL32(?,?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040578F
                                                  • FindFirstFileA.KERNELBASE(00420D10,?,?,?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004057A0
                                                  • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040584D
                                                  • FindClose.KERNEL32(00000000), ref: 0040585E
                                                  Strings
                                                  • "C:\Users\user\Desktop\Micra.exe", xrefs: 004056F7
                                                  • \*.*, xrefs: 00405762
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405704
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: "C:\Users\user\Desktop\Micra.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                  • API String ID: 2035342205-1325337831
                                                  • Opcode ID: e000b3a5de225f2f8b08f8ac0f3545d1e84fc9896e5a7d05d742c6501ffd0423
                                                  • Instruction ID: 5202cdaf7196988d1da3935d2d892696f3640e5f60657e92f8c59f35d89726bd
                                                  • Opcode Fuzzy Hash: e000b3a5de225f2f8b08f8ac0f3545d1e84fc9896e5a7d05d742c6501ffd0423
                                                  • Instruction Fuzzy Hash: 02519F32800A04BADB217B618C45BAF7B78DF42754F14847BF851761D2D73C8A92DEAE
                                                  Function 004065BB Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 32e752b298fae306bc4e8e2fa827520659811e589a0f8e200775ab13b43d47c9
                                                  • Instruction ID: 82117b2ed1b037f842d7e8ec4a077ce5a2ba4b06f200654bc1e2ca7552b06de8
                                                  • Opcode Fuzzy Hash: 32e752b298fae306bc4e8e2fa827520659811e589a0f8e200775ab13b43d47c9
                                                  • Instruction Fuzzy Hash: BCF16474D00229CBDF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7385A96CF44
                                                  Function 00406232 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileA.KERNELBASE(74DF3410,00421558,Esophagostenosis199.Dok14,004059F8,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,00000000,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\), ref: 0040623D
                                                  • FindClose.KERNELBASE(00000000), ref: 00406249
                                                  Strings
                                                  • Esophagostenosis199.Dok14, xrefs: 00406232
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID: Esophagostenosis199.Dok14
                                                  • API String ID: 2295610775-3722586252
                                                  • Opcode ID: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
                                                  • Instruction ID: 7cf403c7a0a34fa6c1bdd97e039e734b9fb45dc45bcdba9fead32da54c1b9644
                                                  • Opcode Fuzzy Hash: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
                                                  • Instruction Fuzzy Hash: 19D0C9329090206BC3106628AC0C84B6A599B953717118A76B56AF12E0D238986286A9
                                                  Function 0040377F Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 134 40377f-403797 call 4062c7 137 403799-4037a9 call 405e8d 134->137 138 4037ab-4037dc call 405e16 134->138 146 4037ff-403828 call 403a44 call 4059b5 137->146 142 4037f4-4037fa lstrcatA 138->142 143 4037de-4037ef call 405e16 138->143 142->146 143->142 152 40382e-403833 146->152 153 4038af-4038b7 call 4059b5 146->153 152->153 154 403835-403859 call 405e16 152->154 158 4038c5-4038ea LoadImageA 153->158 159 4038b9-4038c0 call 405f51 153->159 154->153 164 40385b-40385d 154->164 162 40396b-403973 call 40140b 158->162 163 4038ec-40391c RegisterClassA 158->163 159->158 177 403975-403978 162->177 178 40397d-403988 call 403a44 162->178 167 403922-403966 SystemParametersInfoA CreateWindowExA 163->167 168 403a3a 163->168 165 40386e-40387a lstrlenA 164->165 166 40385f-40386c call 4058f2 164->166 172 4038a2-4038aa call 4058c7 call 405f2f 165->172 173 40387c-40388a lstrcmpiA 165->173 166->165 167->162 171 403a3c-403a43 168->171 172->153 173->172 176 40388c-403896 GetFileAttributesA 173->176 180 403898-40389a 176->180 181 40389c-40389d call 40590e 176->181 177->171 187 403a11-403a19 call 405128 178->187 188 40398e-4039a8 ShowWindow call 406259 178->188 180->172 180->181 181->172 193 403a33-403a35 call 40140b 187->193 194 403a1b-403a21 187->194 195 4039b4-4039c6 GetClassInfoA 188->195 196 4039aa-4039af call 406259 188->196 193->168 194->177 201 403a27-403a2e call 40140b 194->201 199 4039c8-4039d8 GetClassInfoA RegisterClassA 195->199 200 4039de-403a0f DialogBoxParamA call 40140b call 4036cf 195->200 196->195 199->200 200->171 201->177
                                                  APIs
                                                    • Part of subcall function 004062C7: GetModuleHandleA.KERNEL32(?,?,?,0040322E,0000000A), ref: 004062D9
                                                    • Part of subcall function 004062C7: GetProcAddress.KERNEL32(00000000,?), ref: 004062F4
                                                  • lstrcatA.KERNEL32(1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Micra.exe",00000000), ref: 004037FA
                                                  • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\entomostraca\nonmissionary,1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410), ref: 0040386F
                                                  • lstrcmpiA.KERNEL32(?,.exe), ref: 00403882
                                                  • GetFileAttributesA.KERNEL32(Call), ref: 0040388D
                                                  • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\entomostraca\nonmissionary), ref: 004038D6
                                                    • Part of subcall function 00405E8D: wsprintfA.USER32 ref: 00405E9A
                                                  • RegisterClassA.USER32(00422EA0), ref: 00403913
                                                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040392B
                                                  • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403960
                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403996
                                                  • GetClassInfoA.USER32(00000000,RichEdit20A,00422EA0), ref: 004039C2
                                                  • GetClassInfoA.USER32(00000000,RichEdit,00422EA0), ref: 004039CF
                                                  • RegisterClassA.USER32(00422EA0), ref: 004039D8
                                                  • DialogBoxParamA.USER32(?,00000000,00403B1C,00000000), ref: 004039F7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: "C:\Users\user\Desktop\Micra.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\entomostraca\nonmissionary$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                  • API String ID: 1975747703-1351417438
                                                  • Opcode ID: 0f0f9529c3c60786d72211f980a5a8b1144e6e1ba4f9bbe45dc6703203a272d1
                                                  • Instruction ID: d12dedd32edb2aff813830401e41f02ecd086126c72271397d80de36ce2b18ee
                                                  • Opcode Fuzzy Hash: 0f0f9529c3c60786d72211f980a5a8b1144e6e1ba4f9bbe45dc6703203a272d1
                                                  • Instruction Fuzzy Hash: 1E61C6B1744240BEE620BF669D45F373AACEB84759F40447EF940B22E2D77C9D029A2D
                                                  Function 00405F51 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 475 405f51-405f5c 476 405f5e-405f6d 475->476 477 405f6f-405f85 475->477 476->477 478 406176-40617a 477->478 479 405f8b-405f96 477->479 480 406180-40618a 478->480 481 405fa8-405fb2 478->481 479->478 482 405f9c-405fa3 479->482 483 406195-406196 480->483 484 40618c-406190 call 405f2f 480->484 481->480 485 405fb8-405fbf 481->485 482->478 484->483 487 405fc5-405ff9 485->487 488 406169 485->488 489 406116-406119 487->489 490 405fff-406009 487->490 491 406173-406175 488->491 492 40616b-406171 488->492 493 406149-40614c 489->493 494 40611b-40611e 489->494 495 406023 490->495 496 40600b-40600f 490->496 491->478 492->478 500 40615a-406167 lstrlenA 493->500 501 40614e-406155 call 405f51 493->501 497 406120-40612c call 405e8d 494->497 498 40612e-40613a call 405f2f 494->498 499 40602a-406031 495->499 496->495 502 406011-406015 496->502 513 40613f-406145 497->513 498->513 505 406033-406035 499->505 506 406036-406038 499->506 500->478 501->500 502->495 503 406017-40601b 502->503 503->495 509 40601d-406021 503->509 505->506 511 406071-406074 506->511 512 40603a-406055 call 405e16 506->512 509->499 516 406084-406087 511->516 517 406076-406082 GetSystemDirectoryA 511->517 518 40605a-40605d 512->518 513->500 515 406147 513->515 519 40610e-406114 call 406199 515->519 521 4060f4-4060f6 516->521 522 406089-406097 GetWindowsDirectoryA 516->522 520 4060f8-4060fb 517->520 523 406063-40606c call 405f51 518->523 524 4060fd-406101 518->524 519->500 520->519 520->524 521->520 525 406099-4060a3 521->525 522->521 523->520 524->519 530 406103-406109 lstrcatA 524->530 527 4060a5-4060a8 525->527 528 4060bd-4060d3 SHGetSpecialFolderLocation 525->528 527->528 532 4060aa-4060b1 527->532 533 4060f1 528->533 534 4060d5-4060ef SHGetPathFromIDListA CoTaskMemFree 528->534 530->519 536 4060b9-4060bb 532->536 533->521 534->520 534->533 536->520 536->528
                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 0040607C
                                                  • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0041F4E8,00000000,0040508E,0041F4E8,00000000), ref: 0040608F
                                                  • SHGetSpecialFolderLocation.SHELL32(0040508E,00000000,?,0041F4E8,00000000,0040508E,0041F4E8,00000000), ref: 004060CB
                                                  • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 004060D9
                                                  • CoTaskMemFree.OLE32(00000000), ref: 004060E5
                                                  • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406109
                                                  • lstrlenA.KERNEL32(Call,?,0041F4E8,00000000,0040508E,0041F4E8,00000000,00000000,0040E8C0,00000000), ref: 0040615B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                  • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                  • API String ID: 717251189-1230650788
                                                  • Opcode ID: 4b83501bff14d3d4afc94545923638de13eab7723713207b83caa633bdf47479
                                                  • Instruction ID: ad9c483c4d11e0ac1e74b91e3c17e9742ad78b5bc63621c1ce792900c2eda604
                                                  • Opcode Fuzzy Hash: 4b83501bff14d3d4afc94545923638de13eab7723713207b83caa633bdf47479
                                                  • Instruction Fuzzy Hash: 5361D0B1A00115ABDF209F64CD81BBA7BB4DB45304F15813FEA03BA2D2D27C4962DB5E
                                                  Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 606 401759-40177c call 402ac1 call 405934 611 401786-401798 call 405f2f call 4058c7 lstrcatA 606->611 612 40177e-401784 call 405f2f 606->612 617 40179d-4017a3 call 406199 611->617 612->617 622 4017a8-4017ac 617->622 623 4017ae-4017b8 call 406232 622->623 624 4017df-4017e2 622->624 631 4017ca-4017dc 623->631 632 4017ba-4017c8 CompareFileTime 623->632 626 4017e4-4017e5 call 405aa3 624->626 627 4017ea-401806 call 405ac8 624->627 626->627 634 401808-40180b 627->634 635 40187e-4018a7 call 405056 call 402f81 627->635 631->624 632->631 637 401860-40186a call 405056 634->637 638 40180d-40184f call 405f2f * 2 call 405f51 call 405f2f call 40564b 634->638 648 4018a9-4018ad 635->648 649 4018af-4018bb SetFileTime 635->649 650 401873-401879 637->650 638->622 669 401855-401856 638->669 648->649 652 4018c1-4018cc CloseHandle 648->652 649->652 653 40295a 650->653 655 402951-402954 652->655 656 4018d2-4018d5 652->656 657 40295c-402960 653->657 655->653 659 4018d7-4018e8 call 405f51 lstrcatA 656->659 660 4018ea-4018ed call 405f51 656->660 666 4018f2-4022dc 659->666 660->666 670 4022e1-4022e6 666->670 671 4022dc call 40564b 666->671 669->650 672 401858-401859 669->672 670->657 671->670 672->637
                                                  APIs
                                                  • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\entomostraca\nonmissionary,00000000,00000000,00000031), ref: 00401798
                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\entomostraca\nonmissionary,00000000,00000000,00000031), ref: 004017C2
                                                    • Part of subcall function 00405F2F: lstrcpynA.KERNEL32(?,?,00000400,0040328D,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F3C
                                                    • Part of subcall function 00405056: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000,?), ref: 0040508F
                                                    • Part of subcall function 00405056: lstrlenA.KERNEL32(004030B1,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000), ref: 0040509F
                                                    • Part of subcall function 00405056: lstrcatA.KERNEL32(0041F4E8,004030B1,004030B1,0041F4E8,00000000,0040E8C0,00000000), ref: 004050B2
                                                    • Part of subcall function 00405056: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 004050C4
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050EA
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405104
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405112
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb308A.tmp$C:\Users\user\AppData\Local\Temp\nsb308A.tmp\System.dll$C:\Users\user\entomostraca\nonmissionary$Call
                                                  • API String ID: 1941528284-2846610998
                                                  • Opcode ID: b7839a92209b7c6b3c8202a481ff6992844c1a0f6516a3d4c6bbc740c4310d88
                                                  • Instruction ID: 5e97bff851cc073dc2a03fd3a0d2357d8c44b4856d4f0a7a75adeada814ade30
                                                  • Opcode Fuzzy Hash: b7839a92209b7c6b3c8202a481ff6992844c1a0f6516a3d4c6bbc740c4310d88
                                                  • Instruction Fuzzy Hash: 7A41E771A10516BACF107BA5DC86DAF3A78DF45369B20823BF525F11E1C63C8A418E6D
                                                  Function 0040551C Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 673 40551c-405567 CreateDirectoryA 674 405569-40556b 673->674 675 40556d-40557a GetLastError 673->675 676 405594-405596 674->676 675->676 677 40557c-405590 SetFileSecurityA 675->677 677->674 678 405592 GetLastError 677->678 678->676
                                                  APIs
                                                  • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040555F
                                                  • GetLastError.KERNEL32 ref: 00405573
                                                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405588
                                                  • GetLastError.KERNEL32 ref: 00405592
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                  • API String ID: 3449924974-3946084282
                                                  • Opcode ID: 96d3186a9d907c4a04f4d560a3e7b71f397f10da171c1ba48397c58d76b22fd5
                                                  • Instruction ID: 8a370a5fbdfdad71dc8e0bfd81c54348e454926cd11c3a1ff2f48966e6f5c6f5
                                                  • Opcode Fuzzy Hash: 96d3186a9d907c4a04f4d560a3e7b71f397f10da171c1ba48397c58d76b22fd5
                                                  • Instruction Fuzzy Hash: D0010871D04259EAEF01DBA1CC447EFBBB9EB04354F00857AD904B6290E378A604CFAA
                                                  Function 00401D95 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetDC.USER32(?), ref: 00401D98
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB2
                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401DBA
                                                  • ReleaseDC.USER32(?,00000000), ref: 00401DCB
                                                  • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401E1A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                  • String ID: Tahoma
                                                  • API String ID: 3808545654-3580928618
                                                  • Opcode ID: 5a929b086c2214fe81328bccccd3592f410a32eb723e9816faecc0aebfec5a22
                                                  • Instruction ID: 962fd9b87f23d05f09829d6e62e81eb88b122f60c97e2af10dcf53a19e6500d2
                                                  • Opcode Fuzzy Hash: 5a929b086c2214fe81328bccccd3592f410a32eb723e9816faecc0aebfec5a22
                                                  • Instruction Fuzzy Hash: B0015272948340AFE7006BB0AE49F997FF4A715305F108479F241B62E2C67954569F3E
                                                  Function 00406259 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 688 406259-406279 GetSystemDirectoryA 689 40627b 688->689 690 40627d-40627f 688->690 689->690 691 406281-406289 690->691 692 40628f-406291 690->692 691->692 693 40628b-40628d 691->693 694 406292-4062c4 wsprintfA LoadLibraryExA 692->694 693->694
                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406270
                                                  • wsprintfA.USER32 ref: 004062A9
                                                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004062BD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%s.dll$UXTHEME$\
                                                  • API String ID: 2200240437-4240819195
                                                  • Opcode ID: c1c6f81e5f0925475fc46656834228b64d6aad10adaabf52e6c46f27d1be3297
                                                  • Instruction ID: 482dcefc063d93e198aa1db7e000bfd15e9281d4181d763578a6ff71fc22a1d9
                                                  • Opcode Fuzzy Hash: c1c6f81e5f0925475fc46656834228b64d6aad10adaabf52e6c46f27d1be3297
                                                  • Instruction Fuzzy Hash: EAF0F630A10109AEDF14ABA4DD0DFFB375CAB08304F1405BAB64AE11D2E678E9248B69
                                                  Function 00402F81 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 695 402f81-402f95 696 402f97 695->696 697 402f9e-402fa6 695->697 696->697 698 402fa8 697->698 699 402fad-402fb2 697->699 698->699 700 402fc2-402fcf call 40315d 699->700 701 402fb4-402fbd call 403173 699->701 705 403114 700->705 706 402fd5-402fd9 700->706 701->700 709 403116-403117 705->709 707 4030fd-4030ff 706->707 708 402fdf-402fff GetTickCount call 4063ec 706->708 710 403101-403104 707->710 711 403148-40314c 707->711 719 403153 708->719 721 403005-40300d 708->721 713 403156-40315a 709->713 714 403106 710->714 715 403109-403112 call 40315d 710->715 716 403119-40311f 711->716 717 40314e 711->717 714->715 715->705 729 403150 715->729 722 403121 716->722 723 403124-403132 call 40315d 716->723 717->719 719->713 726 403012-403020 call 40315d 721->726 727 40300f 721->727 722->723 723->705 731 403134-403140 call 405b6f 723->731 726->705 734 403026-40302f 726->734 727->726 729->719 738 403142-403145 731->738 739 4030f9-4030fb 731->739 736 403035-403052 call 40640c 734->736 741 4030f5-4030f7 736->741 742 403058-40306f GetTickCount 736->742 738->711 739->709 741->709 743 403071-403079 742->743 744 4030b4-4030b6 742->744 745 403081-4030b1 MulDiv wsprintfA call 405056 743->745 746 40307b-40307f 743->746 747 4030b8-4030bc 744->747 748 4030e9-4030ed 744->748 745->744 746->744 746->745 751 4030d1-4030d7 747->751 752 4030be-4030c3 call 405b6f 747->752 748->721 749 4030f3 748->749 749->719 755 4030dd-4030e1 751->755 757 4030c8-4030ca 752->757 755->736 756 4030e7 755->756 756->719 757->739 758 4030cc-4030cf 757->758 758->755
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CountTick$wsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 551687249-2449383134
                                                  • Opcode ID: 167b5ca0bfb3e57695ff9e62e4c69d0835ce9269e9eafab78b1523a358312806
                                                  • Instruction ID: 60d675f18a734e15d0b5dd350d1cecbd4da5e6a0cde0341d3a53a3cb480860e8
                                                  • Opcode Fuzzy Hash: 167b5ca0bfb3e57695ff9e62e4c69d0835ce9269e9eafab78b1523a358312806
                                                  • Instruction Fuzzy Hash: FA519F71901219DBCB10EF65D9046AF7BB8AB04756F14413BF811B72C1C7789E51CBAA
                                                  Function 00405AF7 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 759 405af7-405b01 760 405b02-405b2d GetTickCount GetTempFileNameA 759->760 761 405b3c-405b3e 760->761 762 405b2f-405b31 760->762 764 405b36-405b39 761->764 762->760 763 405b33 762->763 763->764
                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 00405B0B
                                                  • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405B25
                                                  Strings
                                                  • "C:\Users\user\Desktop\Micra.exe", xrefs: 00405AF7
                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405AFA
                                                  • nsa, xrefs: 00405B02
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: "C:\Users\user\Desktop\Micra.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                  • API String ID: 1716503409-1578125324
                                                  • Opcode ID: 4f71c4811bd2189c67125445424a5cfd250d6f6759894b34be1bee502b12972b
                                                  • Instruction ID: d7521d4eade0cbd7120b41c29d2b11454b957a1e542ceee7a25420a70a1b98fd
                                                  • Opcode Fuzzy Hash: 4f71c4811bd2189c67125445424a5cfd250d6f6759894b34be1bee502b12972b
                                                  • Instruction Fuzzy Hash: CFF082367082047BDB108F56DC04B9B7FA8DF91750F10803BFA08AA291D6B4B9558B69
                                                  Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 765 100016bd-100016f9 call 10001a5d 769 1000180a-1000180c 765->769 770 100016ff-10001703 765->770 771 10001705-1000170b call 100021b0 770->771 772 1000170c-10001719 call 100021fa 770->772 771->772 777 10001749-10001750 772->777 778 1000171b-10001720 772->778 779 10001770-10001774 777->779 780 10001752-1000176e call 100023d8 call 10001559 call 10001266 GlobalFree 777->780 781 10001722-10001723 778->781 782 1000173b-1000173e 778->782 783 100017b2-100017b8 call 100023d8 779->783 784 10001776-100017b0 call 10001559 call 100023d8 779->784 805 100017b9-100017bd 780->805 787 10001725-10001726 781->787 788 1000172b-1000172c call 100027e4 781->788 782->777 785 10001740-10001741 call 10002a9f 782->785 783->805 784->805 798 10001746 785->798 793 10001733-10001739 call 10002587 787->793 794 10001728-10001729 787->794 801 10001731 788->801 804 10001748 793->804 794->777 794->788 798->804 801->798 804->777 808 100017fa-10001801 805->808 809 100017bf-100017cd call 1000239e 805->809 808->769 811 10001803-10001804 GlobalFree 808->811 815 100017e5-100017ec 809->815 816 100017cf-100017d2 809->816 811->769 815->808 817 100017ee-100017f9 call 100014e2 815->817 816->815 818 100017d4-100017dc 816->818 817->808 818->815 820 100017de-100017df FreeLibrary 818->820 820->815
                                                  APIs
                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                    • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                  • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                  • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                  • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                    • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                    • Part of subcall function 10002587: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025F9
                                                    • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc$Librarylstrcpy
                                                  • String ID:
                                                  • API String ID: 1791698881-3916222277
                                                  • Opcode ID: 87444a894296e8d40cc63a4c2e1c416a7af340e3bff12e61cd27f34ad68e5005
                                                  • Instruction ID: 474564f2ddd1a30fda7ef2e88bb39d7445f8f4f5c00c78564696995dcbc9c57a
                                                  • Opcode Fuzzy Hash: 87444a894296e8d40cc63a4c2e1c416a7af340e3bff12e61cd27f34ad68e5005
                                                  • Instruction Fuzzy Hash: C4319E79408205DAFB41DF649CC5BCA37ECFB042D5F118465FA0A9A09EDF78A8858B60
                                                  Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 822 401c04-401c24 call 402a9f * 2 827 401c30-401c34 822->827 828 401c26-401c2d call 402ac1 822->828 830 401c40-401c46 827->830 831 401c36-401c3d call 402ac1 827->831 828->827 834 401c94-401cba call 402ac1 * 2 FindWindowExA 830->834 835 401c48-401c64 call 402a9f * 2 830->835 831->830 845 401cc0 834->845 846 401c84-401c92 SendMessageA 835->846 847 401c66-401c82 SendMessageTimeoutA 835->847 848 401cc3-401cc6 845->848 846->845 847->848 849 402951-402960 848->849 850 401ccc 848->850 850->849
                                                  APIs
                                                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C74
                                                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C8C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: 756893ed4847bb0bd72a5117efa2a57ba430928b3e2712cee879890b773371fc
                                                  • Instruction ID: 91203bd525acade81736f390ad8a27fd027b74ba1091a33c19100adfebe27d64
                                                  • Opcode Fuzzy Hash: 756893ed4847bb0bd72a5117efa2a57ba430928b3e2712cee879890b773371fc
                                                  • Instruction Fuzzy Hash: 6C218E71E44209BEEB159FA5D946AAD7BB0EB84304F14803EF505F61D1DA788A408F28
                                                  Function 004023D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 853 4023d0-4023f7 call 402ac1 * 2 call 402b51 859 4023fc-402401 853->859 860 402951-402960 859->860 861 402407-402411 859->861 863 402421-402424 861->863 864 402413-402420 call 402ac1 lstrlenA 861->864 867 402426-402437 call 402a9f 863->867 868 402438-40243b 863->868 864->863 867->868 870 40244c-402460 RegSetValueExA 868->870 871 40243d-402447 call 402f81 868->871 875 402462 870->875 876 402465-402542 RegCloseKey 870->876 871->870 875->876 876->860
                                                  APIs
                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb308A.tmp,00000023,00000011,00000002), ref: 0040241B
                                                  • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsb308A.tmp,00000000,00000011,00000002), ref: 00402458
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb308A.tmp,00000000,00000011,00000002), ref: 0040253C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CloseValuelstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb308A.tmp
                                                  • API String ID: 2655323295-72882985
                                                  • Opcode ID: 92402a25989933958cde62f5f4c9b52c1ec49fe5de432524af3fa63fefbfe55f
                                                  • Instruction ID: 28bb7349c914475f87156df35d792e00a89fe725c314cf9248e6016116a520b3
                                                  • Opcode Fuzzy Hash: 92402a25989933958cde62f5f4c9b52c1ec49fe5de432524af3fa63fefbfe55f
                                                  • Instruction Fuzzy Hash: 81115171E00115BEDF10EFA5EE89AAEBA74EB54714F20403BF908F61D1C6B85D419B29
                                                  Function 004059B5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 878 4059b5-4059d0 call 405f2f call 405960 883 4059d2-4059d4 878->883 884 4059d6-4059e3 call 406199 878->884 886 405a28-405a2a 883->886 888 4059e5-4059e9 884->888 889 4059ef-4059f1 884->889 888->883 890 4059eb-4059ed 888->890 891 405a07-405a10 lstrlenA 889->891 890->883 890->889 892 405a12-405a26 call 4058c7 GetFileAttributesA 891->892 893 4059f3-4059fa call 406232 891->893 892->886 898 405a01-405a02 call 40590e 893->898 899 4059fc-4059ff 893->899 898->891 899->883 899->898
                                                  APIs
                                                    • Part of subcall function 00405F2F: lstrcpynA.KERNEL32(?,?,00000400,0040328D,00422F00,NSIS Error,?,00000006,00000008,0000000A), ref: 00405F3C
                                                    • Part of subcall function 00405960: CharNextA.USER32(?,?,Esophagostenosis199.Dok14,?,004059CC,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040596E
                                                    • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405973
                                                    • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405987
                                                  • lstrlenA.KERNEL32(Esophagostenosis199.Dok14,00000000,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405A08
                                                  • GetFileAttributesA.KERNELBASE(Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,00000000,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\), ref: 00405A18
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                  • String ID: C:\Users\user\AppData\Local\Temp\$Esophagostenosis199.Dok14
                                                  • API String ID: 3248276644-3026383727
                                                  • Opcode ID: 1798501a893aa51cf33724b967df125bb5b79cc73e901e6a487cbcc52799f4ac
                                                  • Instruction ID: 1994e1ad2c5e9883225bba15f0e05bd5e2410f9dbe362fa4db8952c1f9a8588a
                                                  • Opcode Fuzzy Hash: 1798501a893aa51cf33724b967df125bb5b79cc73e901e6a487cbcc52799f4ac
                                                  • Instruction Fuzzy Hash: B3F04CB6205D5296C622333A1C066EF2A55CE86334719463FF891B13D2DB3C8913DD7E
                                                  Function 00401FFD Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00402028
                                                    • Part of subcall function 00405056: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000,?), ref: 0040508F
                                                    • Part of subcall function 00405056: lstrlenA.KERNEL32(004030B1,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000), ref: 0040509F
                                                    • Part of subcall function 00405056: lstrcatA.KERNEL32(0041F4E8,004030B1,004030B1,0041F4E8,00000000,0040E8C0,00000000), ref: 004050B2
                                                    • Part of subcall function 00405056: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 004050C4
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050EA
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405104
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405112
                                                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402038
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00402048
                                                  • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                  • String ID:
                                                  • API String ID: 2987980305-0
                                                  • Opcode ID: 3ec78819d622ed86bae178855df993612b78117d9056a0a9d79db71722311b1c
                                                  • Instruction ID: 772c7401ca61f63a6a86f526de26f8a62e510dd82d200dd974b96084c7de1680
                                                  • Opcode Fuzzy Hash: 3ec78819d622ed86bae178855df993612b78117d9056a0a9d79db71722311b1c
                                                  • Instruction Fuzzy Hash: 7F21DB71B04225B7CF207FA48E49B6E7A70AB44358F20413BFB15B22D0D7BD8942D65E
                                                  Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00405960: CharNextA.USER32(?,?,Esophagostenosis199.Dok14,?,004059CC,Esophagostenosis199.Dok14,Esophagostenosis199.Dok14,74DF3410,?,C:\Users\user\AppData\Local\Temp\,00405717,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040596E
                                                    • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405973
                                                    • Part of subcall function 00405960: CharNextA.USER32(00000000), ref: 00405987
                                                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                    • Part of subcall function 0040551C: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040555F
                                                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\entomostraca\nonmissionary,00000000,00000000,000000F0), ref: 0040163C
                                                  Strings
                                                  • C:\Users\user\entomostraca\nonmissionary, xrefs: 00401631
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                  • String ID: C:\Users\user\entomostraca\nonmissionary
                                                  • API String ID: 1892508949-2042944658
                                                  • Opcode ID: c3dc61fa4864d68a63a0ff324977f2f4971824b7823c1438af4a242a8e85a59c
                                                  • Instruction ID: a466de0d3f6f2377f24be2a4188d25ee0cffe6e715a209702fc6e54bc549958f
                                                  • Opcode Fuzzy Hash: c3dc61fa4864d68a63a0ff324977f2f4971824b7823c1438af4a242a8e85a59c
                                                  • Instruction Fuzzy Hash: 78112731608151EBCF217FB54C415BF2AB0DA96324B28053FE8D1B22E2D63D4D429A3F
                                                  Function 00405E16 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExA.KERNELBASE(?,?,00000000,?,?,00000400,Call,0041F4E8,?,?,?,00000002,Call,?,0040605A,80000002), ref: 00405E5C
                                                  • RegCloseKey.KERNELBASE(?,?,0040605A,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0041F4E8), ref: 00405E67
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CloseQueryValue
                                                  • String ID: Call
                                                  • API String ID: 3356406503-1824292864
                                                  • Opcode ID: 7b6985f489d275b5e18cb7da4513705b49726bce843ff3f436f22320446d3563
                                                  • Instruction ID: 33be00f72f12327029ad1653fb2bc99e6b823e337a66ede3503504709cbc349d
                                                  • Opcode Fuzzy Hash: 7b6985f489d275b5e18cb7da4513705b49726bce843ff3f436f22320446d3563
                                                  • Instruction Fuzzy Hash: 31015A72504209AEDF228F61CC09FEB3BA8EF55364F008426FE59A2190D778DA54CFA4
                                                  Function 004055CE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 004055F7
                                                  • CloseHandle.KERNEL32(?), ref: 00405604
                                                  Strings
                                                  • Error launching installer, xrefs: 004055E1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID: Error launching installer
                                                  • API String ID: 3712363035-66219284
                                                  • Opcode ID: 0a67d81f0dbc2c48957f366610cafbe47269508c26dde6c53db592e432081f5d
                                                  • Instruction ID: f1ce92c91028e46d95f0eda4fe37c0312dcd0371124bcb88e834d1219d8c4f53
                                                  • Opcode Fuzzy Hash: 0a67d81f0dbc2c48957f366610cafbe47269508c26dde6c53db592e432081f5d
                                                  • Instruction Fuzzy Hash: 5BE04FF0A00209BFEB009B60EC05F7B7ABCEB00748F404961BD11F31A0E374A9108A79
                                                  Function 004069F0 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55cd16da708e23aec6a838b73e901bfe03af6665630861bb5c569519520454bd
                                                  • Instruction ID: c387c58543e41996c7b199f294dd4e3f2d8ae9e2c90db5b1f56269fb3149e58b
                                                  • Opcode Fuzzy Hash: 55cd16da708e23aec6a838b73e901bfe03af6665630861bb5c569519520454bd
                                                  • Instruction Fuzzy Hash: 32A14271E00229CBDF28CFA8C8587ADBBB1FF44305F15806AD856BB281D7785A96DF44
                                                  Function 00406BF1 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 320ecdc90cbab0b9bf19e530f323a115307d17d478260d9a41c0a63678b5b88a
                                                  • Instruction ID: c0a55b7bb8cda596ca91e270a613f9aea3b485865d608933a43e484043593474
                                                  • Opcode Fuzzy Hash: 320ecdc90cbab0b9bf19e530f323a115307d17d478260d9a41c0a63678b5b88a
                                                  • Instruction Fuzzy Hash: 45913374D00229CBDF28CF98C8587ADBBB1FF44305F15812AD816BB291C7785996DF48
                                                  Function 00406907 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4092221e86ab5222082a79c128cb789b468c9c6112b2c9e1203115320ceab273
                                                  • Instruction ID: 33bdc002aa07cba8751fe1bb89261eb1bbd9089b315c8d097eab8488b12144ec
                                                  • Opcode Fuzzy Hash: 4092221e86ab5222082a79c128cb789b468c9c6112b2c9e1203115320ceab273
                                                  • Instruction Fuzzy Hash: 19814575D04228DFDF24CFA8C8847ADBBB1FB44305F25816AD816BB291C7389A96DF44
                                                  Function 0040640C Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a9b85a074dbd17559818524a47274955f7f908a271802c30195d609476ec7543
                                                  • Instruction ID: 368e1e7272001cfb6f2dd5e39cf93d71f7d9f1f25059b380f60c2813f7b9aa4b
                                                  • Opcode Fuzzy Hash: a9b85a074dbd17559818524a47274955f7f908a271802c30195d609476ec7543
                                                  • Instruction Fuzzy Hash: 00818735D04228DBDF28CFA8C8447ADBBB1FB44305F21816AD856BB2C1D7785A96DF48
                                                  Function 0040685A Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 05e0991df275fe04e69e24ab9d87d2bf1db0f1f681a575424d6ee50318c34d6b
                                                  • Instruction ID: 563e9c7bfc12ab1e5735381274df4cd9413df1207b4ba467b436c4b8586dcceb
                                                  • Opcode Fuzzy Hash: 05e0991df275fe04e69e24ab9d87d2bf1db0f1f681a575424d6ee50318c34d6b
                                                  • Instruction Fuzzy Hash: C9713471D04228DFDF28CFA8C884BADBBB1FB44305F15806AD816B7291D7389996DF58
                                                  Function 00406978 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 51e8a78d7989ecdb0a9d35429efa0a8906fb135c8ca24dc2c1ed10a6651990fe
                                                  • Instruction ID: 7154c5ac750784d404653f653373d782701dde13a8780768b6f209b569f9d9aa
                                                  • Opcode Fuzzy Hash: 51e8a78d7989ecdb0a9d35429efa0a8906fb135c8ca24dc2c1ed10a6651990fe
                                                  • Instruction Fuzzy Hash: 61714471D04228DBDF28CFA8C894BADBBB1FB44305F15806AD816BB291C7385996DF48
                                                  Function 004068C4 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c27dc6e5a0a86cb3c75e96e92f3c4bfdd7bca547c1c201786b56e13d92a68def
                                                  • Instruction ID: 6d4e519aaefd354d35621c14bbf49efb9ee6a20a3da98f77445617ba41e869e3
                                                  • Opcode Fuzzy Hash: c27dc6e5a0a86cb3c75e96e92f3c4bfdd7bca547c1c201786b56e13d92a68def
                                                  • Instruction Fuzzy Hash: 64715771D04229DBEF28CF98C844BADBBB1FF44305F15806AD816B7291C7389996DF48
                                                  Function 004024DF Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402511
                                                  • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 00402524
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb308A.tmp,00000000,00000011,00000002), ref: 0040253C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Enum$CloseValue
                                                  • String ID:
                                                  • API String ID: 397863658-0
                                                  • Opcode ID: fcc7478efac8790cb65f2fc2ac921ec431ecf4c8fc47680fcb9af08646fc554f
                                                  • Instruction ID: ef6c1c8de93ba874c4c9f78a8b9be625a776c1f18011becf49e8381ad91f8e57
                                                  • Opcode Fuzzy Hash: fcc7478efac8790cb65f2fc2ac921ec431ecf4c8fc47680fcb9af08646fc554f
                                                  • Instruction Fuzzy Hash: CC01B1B1A04105BFE7159F699D9CABF7ABCDF40348F10403EF405A61C0D6B85E419769
                                                  Function 100027E4 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(00000000), ref: 100028A3
                                                  • GetLastError.KERNEL32 ref: 100029AA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: AllocErrorLastVirtual
                                                  • String ID:
                                                  • API String ID: 497505419-0
                                                  • Opcode ID: 06dad9edf242867fa2d433b3a0ae819eccaab9780a225514c3bf782f990559be
                                                  • Instruction ID: 7088a7f0c219bdfd589eed4d744adbaf06b55c7882bf085a68ef70f7e309f44b
                                                  • Opcode Fuzzy Hash: 06dad9edf242867fa2d433b3a0ae819eccaab9780a225514c3bf782f990559be
                                                  • Instruction Fuzzy Hash: 385194BA908215DFF711EF60D9C575937A8EB443E0F21842AEA08E721DDF34A9818B55
                                                  Function 0040246D Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 0040249D
                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb308A.tmp,00000000,00000011,00000002), ref: 0040253C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CloseQueryValue
                                                  • String ID:
                                                  • API String ID: 3356406503-0
                                                  • Opcode ID: 3fa1dbed21761f6266f2340716bee5225554f786235ea4fcaf6e96b41bfef97b
                                                  • Instruction ID: 63a70339494f01f517971b4c744e8c56bc188a86961079fa301cce11f67856c5
                                                  • Opcode Fuzzy Hash: 3fa1dbed21761f6266f2340716bee5225554f786235ea4fcaf6e96b41bfef97b
                                                  • Instruction Fuzzy Hash: E211C471A05205FEDB15CF64DA885BF7AB4DF04344F20407FE546B62C0D2B88A42DB69
                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                  • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 3be8b2c82b9d5296ba031bde5fc3ac6967fc1ef6e00b1cb2986e69e81292ed92
                                                  • Instruction ID: 2eeecbca978bd34a3a2c87f0a48c5f542c226d41099ae67583a71d3d142e8862
                                                  • Opcode Fuzzy Hash: 3be8b2c82b9d5296ba031bde5fc3ac6967fc1ef6e00b1cb2986e69e81292ed92
                                                  • Instruction Fuzzy Hash: 80012831724210ABE7294B389D04B6A369CE710328F11823BF811F72F1D6B8DC42DB4D
                                                  Function 0040237B Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 0040239C
                                                  • RegCloseKey.ADVAPI32(00000000), ref: 004023A5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CloseDeleteValue
                                                  • String ID:
                                                  • API String ID: 2831762973-0
                                                  • Opcode ID: 8900394cafd5be30545282fb353c935dfe98617efc2bb455426e9afa9d5f6f5c
                                                  • Instruction ID: 657cac93a74d736290c89acfa7952abe2352d4aaae982d756939229d69902e79
                                                  • Opcode Fuzzy Hash: 8900394cafd5be30545282fb353c935dfe98617efc2bb455426e9afa9d5f6f5c
                                                  • Instruction Fuzzy Hash: 07F09672B04111ABD710AFB89A8EABE76A89B80354F25003FFA05B71C1D5FC5D02476D
                                                  Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A31
                                                  • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A44
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentExpandStringslstrcmp
                                                  • String ID:
                                                  • API String ID: 1938659011-0
                                                  • Opcode ID: 90ac17a84bebba3ece330ba16aed20dba6a3657c2d2ef54ac2288f1ddebe0ac5
                                                  • Instruction ID: d418ee74975318b4df07fc170813555c2b4b21205ce6e7ea257dd7ae4b230a47
                                                  • Opcode Fuzzy Hash: 90ac17a84bebba3ece330ba16aed20dba6a3657c2d2ef54ac2288f1ddebe0ac5
                                                  • Instruction Fuzzy Hash: 78F0A771B09241FBCF20DF659D48A9B7FE8EF91354B10803BE549F6290D2388901CB6D
                                                  Function 00401E25 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401E43
                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401E4E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Window$EnableShow
                                                  • String ID:
                                                  • API String ID: 1136574915-0
                                                  • Opcode ID: 4b7b4c043660e1c59b921f720d882921bddbf86ae9cc818ffa22fb1dfc7ebc4e
                                                  • Instruction ID: 809d843a260572306a8a1f4cab9c35c5b8aac9fdd72294bdbb1c41639dd67a74
                                                  • Opcode Fuzzy Hash: 4b7b4c043660e1c59b921f720d882921bddbf86ae9cc818ffa22fb1dfc7ebc4e
                                                  • Instruction Fuzzy Hash: 19E012B2F08211AFDB14EBB5A9495AD77B4EB40315B10403BE415F11D1DA7898419F59
                                                  Function 004062C7 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?,?,?,0040322E,0000000A), ref: 004062D9
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 004062F4
                                                    • Part of subcall function 00406259: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406270
                                                    • Part of subcall function 00406259: wsprintfA.USER32 ref: 004062A9
                                                    • Part of subcall function 00406259: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004062BD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID:
                                                  • API String ID: 2547128583-0
                                                  • Opcode ID: a3d13027c8eccd2d0cc6aa0f1dea92ffe2580633c4132c5b9e113a6e73deba4a
                                                  • Instruction ID: 3d2559cad02f3f2c9522d4b64a0f21e72dff4147d54ae6b068db265a7fe850db
                                                  • Opcode Fuzzy Hash: a3d13027c8eccd2d0cc6aa0f1dea92ffe2580633c4132c5b9e113a6e73deba4a
                                                  • Instruction Fuzzy Hash: 10E08C32A08111ABD3217B749D0493B77A89F8470030208BEF90AF2190D738EC61A6AD
                                                  Function 00405AC8 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesA.KERNELBASE(?,00402D88,C:\Users\user\Desktop\Micra.exe,80000000,?), ref: 00405ACC
                                                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AEE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: 3bf94be8ffed2da7c2b8ff60cd5efa52f63dfdc5f5010c3a9122643b4e997265
                                                  • Instruction ID: 2f873e3f3c43f12a3908621a4267836d753c9203ad123c8b10a06e7f93ada197
                                                  • Opcode Fuzzy Hash: 3bf94be8ffed2da7c2b8ff60cd5efa52f63dfdc5f5010c3a9122643b4e997265
                                                  • Instruction Fuzzy Hash: C7D09E31658201EFEF098F20DD16F2EBBA2EB84B00F10962CB642944E0D6715815AB16
                                                  Function 00405599 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateDirectoryA.KERNELBASE(?,00000000,004031AE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004033CF,?,00000006,00000008,0000000A), ref: 0040559F
                                                  • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 004055AD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID:
                                                  • API String ID: 1375471231-0
                                                  • Opcode ID: 6853200a5fdab59dd982fbc96a9ce2e8b021ac935e945b0af5f1b11de4538164
                                                  • Instruction ID: 609e72d12c2576d63fea847a2789036c648b4b30b0b2df40a2479a0d359059ce
                                                  • Opcode Fuzzy Hash: 6853200a5fdab59dd982fbc96a9ce2e8b021ac935e945b0af5f1b11de4538164
                                                  • Instruction Fuzzy Hash: 80C04C70609502EAEA515B319E08B177A66AB50741F1189356106F41F4D6349551D93F
                                                  Function 004025C4 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: wsprintf
                                                  • String ID:
                                                  • API String ID: 2111968516-0
                                                  • Opcode ID: 74ca39bbbd804aa602646999ba882f39cb878d7c957e83237b80ad80dd69cedf
                                                  • Instruction ID: 956fa7c1ac5fd2fee95ffccb562befede2bee6639ec42e1b74788dc4a807bfe2
                                                  • Opcode Fuzzy Hash: 74ca39bbbd804aa602646999ba882f39cb878d7c957e83237b80ad80dd69cedf
                                                  • Instruction Fuzzy Hash: 9921F970D04299BEDF318B699948ABEBF749F01304F0445BBE4D0B62D1C6BE8A81CF19
                                                  Function 00402682 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004026A0
                                                    • Part of subcall function 00405E8D: wsprintfA.USER32 ref: 00405E9A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: FilePointerwsprintf
                                                  • String ID:
                                                  • API String ID: 327478801-0
                                                  • Opcode ID: 6c434308d603cb3992d4ff97e514362f23aa1c186b2c62f117e7b07f80617c86
                                                  • Instruction ID: 438a0968cd1424e10632e90f23a7a7bc90142d0226bb2e82878b66939b610ca6
                                                  • Opcode Fuzzy Hash: 6c434308d603cb3992d4ff97e514362f23aa1c186b2c62f117e7b07f80617c86
                                                  • Instruction Fuzzy Hash: C8E0EDB2B08116BFD701ABA5AA499BFABA8DB40315F10443BF545F10D1C67D89029B6E
                                                  Function 004022F6 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040232F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileStringWrite
                                                  • String ID:
                                                  • API String ID: 390214022-0
                                                  • Opcode ID: 5d83d1b84d62c8bd7723ac6f7ea7449579613f64caaa87e0b821643eb94ca284
                                                  • Instruction ID: b7879796e9067cc525d509484cb071c64809edfbcf7d7ae807fdf492fc310909
                                                  • Opcode Fuzzy Hash: 5d83d1b84d62c8bd7723ac6f7ea7449579613f64caaa87e0b821643eb94ca284
                                                  • Instruction Fuzzy Hash: 68E04F31B801246BDB207AF10ECE97F14989BC4744B39053ABE05B62C3DDBC4C414AB9
                                                  Function 00405DE3 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402B72,00000000,?,?), ref: 00405E0C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: c5562a190e42d8950a0f575b3a357be24d756bd6a7e1ac790deddfd4386432da
                                                  • Instruction ID: 886b7c25128ca983ce55bdf5257722b65075f69f9ffcdf2890c0b7a146ab9abd
                                                  • Opcode Fuzzy Hash: c5562a190e42d8950a0f575b3a357be24d756bd6a7e1ac790deddfd4386432da
                                                  • Instruction Fuzzy Hash: 33E0BF72110109BFDF095F51DD0AD7B361DEB04314F00492EFA05D4051E6B5A9206A65
                                                  Function 00405B40 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403170,00000000,00000000,00402FCD,000000FF,00000004,00000000,00000000,00000000), ref: 00405B54
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 1302354f14da4ac18fdfad316f10263800e98e90a47707ba9ec6b51f8bbd6d6c
                                                  • Instruction ID: 4179e0c76098f610a2fd9102cb0c328980851925f4446f1dd22fc868df860445
                                                  • Opcode Fuzzy Hash: 1302354f14da4ac18fdfad316f10263800e98e90a47707ba9ec6b51f8bbd6d6c
                                                  • Instruction Fuzzy Hash: 8CE0EC32A1425EABDF109E659C00EEB7BBCEB05760F048432FD15E3150D235F921DBA9
                                                  Function 00405B6F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000020,?,0040313E,00000000,0040A8C0,00000020,0040A8C0,00000020,000000FF,00000004,00000000), ref: 00405B83
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: c136fe23a15198738cdde8d9ae5bd390bad499becbb6fab094427491a2b8e812
                                                  • Instruction ID: af6d97e9b78343fe008ce3e7999d984a763d513ea29e4df05d500f045cbeb3ca
                                                  • Opcode Fuzzy Hash: c136fe23a15198738cdde8d9ae5bd390bad499becbb6fab094427491a2b8e812
                                                  • Instruction Fuzzy Hash: B2E0EC3262425AABDF509E559C00AEB7BACEB05360F008436FD15E2151D635F8219FA5
                                                  Function 10002709 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002727
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                  • Instruction ID: e09dfa788fffc30199ef0a9f627684cb70e95bce5f527532b7ad3e980fb418b3
                                                  • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                  • Instruction Fuzzy Hash: 67F09BF19092A0DEF360DF688CC47063FE4E3983D5B03852AE358F6269EB7441448B19
                                                  Function 0040233A Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040236D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: PrivateProfileString
                                                  • String ID:
                                                  • API String ID: 1096422788-0
                                                  • Opcode ID: 87ca484cdc6c73c1e829813bfd27d2dcf7183703ec879ee6fec4fd922c601bed
                                                  • Instruction ID: 67da2805f158e0035f602913fcdc533986be1668159f44229c4ea465ce316489
                                                  • Opcode Fuzzy Hash: 87ca484cdc6c73c1e829813bfd27d2dcf7183703ec879ee6fec4fd922c601bed
                                                  • Instruction Fuzzy Hash: FCE08634F44204BADF10AFA19D49EAD3678AF41710F14403AFD547B0E2EAB844419B2D
                                                  Function 00405DB5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,0041F4E8,?,?,00405E43,0041F4E8,?,?,?,00000002,Call), ref: 00405DD9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Open
                                                  • String ID:
                                                  • API String ID: 71445658-0
                                                  • Opcode ID: 688c0e3dac6200a4dcf5f70578aed2939ff3afbafb421f65443b8838c7a2b092
                                                  • Instruction ID: 1bb1e450acb1cec7aaebab1a7e88d6b79e3e17733f6ed9cfc6e3f6d6de5b0954
                                                  • Opcode Fuzzy Hash: 688c0e3dac6200a4dcf5f70578aed2939ff3afbafb421f65443b8838c7a2b092
                                                  • Instruction Fuzzy Hash: D9D0123214024EBBDF115F909C05FAB3B2DEF04314F108827FE06A4090D375D530AB65
                                                  Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: 9ad3368f28842b63240b43095d0b068e3f646c1f23794f7f91dbfbeff94efc4c
                                                  • Instruction ID: e41715f0e6a8bf2c44c365c92f64d23a332030a9f95fc047605520203e95b8fc
                                                  • Opcode Fuzzy Hash: 9ad3368f28842b63240b43095d0b068e3f646c1f23794f7f91dbfbeff94efc4c
                                                  • Instruction Fuzzy Hash: 9BD012B6708111ABCB10DFA8AA4869D77A49B40325B308137D515F21D0E2B9C9456719
                                                  Function 00403173 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F0F,?), ref: 00403181
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                  • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                  • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                  • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                  Function 00401EDB Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00405056: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000,?), ref: 0040508F
                                                    • Part of subcall function 00405056: lstrlenA.KERNEL32(004030B1,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,004030B1,00000000), ref: 0040509F
                                                    • Part of subcall function 00405056: lstrcatA.KERNEL32(0041F4E8,004030B1,004030B1,0041F4E8,00000000,0040E8C0,00000000), ref: 004050B2
                                                    • Part of subcall function 00405056: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 004050C4
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004050EA
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405104
                                                    • Part of subcall function 00405056: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405112
                                                    • Part of subcall function 004055CE: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 004055F7
                                                    • Part of subcall function 004055CE: CloseHandle.KERNEL32(?), ref: 00405604
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F20
                                                    • Part of subcall function 0040633C: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040634D
                                                    • Part of subcall function 0040633C: GetExitCodeProcess.KERNEL32(?,?), ref: 0040636F
                                                    • Part of subcall function 00405E8D: wsprintfA.USER32 ref: 00405E9A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                  • String ID:
                                                  • API String ID: 2972824698-0
                                                  • Opcode ID: b0a501a9eafe77c97c2c496f47c0dc6ba7aad14b3677605ff562daff4fba8fe6
                                                  • Instruction ID: 17f7953f0d5b7b21d2e535c202f5bbb1bf051249d0315c8d96c64ca666d5043c
                                                  • Opcode Fuzzy Hash: b0a501a9eafe77c97c2c496f47c0dc6ba7aad14b3677605ff562daff4fba8fe6
                                                  • Instruction Fuzzy Hash: FCF0BB71A05121ABCB20BF654D495EF66A4DF81314B10057BFA01B21D1C77C4E4146BE
                                                  Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3420571393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.3420556458.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420586472.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000433000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420603743.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.3420721835.0000000000443000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Sleep
                                                  • String ID:
                                                  • API String ID: 3472027048-0
                                                  • Opcode ID: 2d2ea165d73d518d9fd4fb0fa82b75b10d4384c3dbeee5eca3b70bc2a4399788
                                                  • Instruction ID: f8516b803037c027809a6aaf5c02566bfb38bc0bc56e6af3c2ac612a391889ec
                                                  • Opcode Fuzzy Hash: 2d2ea165d73d518d9fd4fb0fa82b75b10d4384c3dbeee5eca3b70bc2a4399788
                                                  • Instruction Fuzzy Hash: BFD05EB3B14151AFDB14EBB9BD8845E77F4E7503153208837E812E2091E978C9424A28
                                                  Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: AllocGlobal
                                                  • String ID:
                                                  • API String ID: 3761449716-0
                                                  • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                  • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                                  • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                  • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                                  Non-executed Functions

                                                  Function 03191F95 Relevance: 3.5, Strings: 2, Instructions: 1040COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Q$m VK
                                                  • API String ID: 0-3200252097
                                                  • Opcode ID: 38a6da67f0a2d9dcabd3e4f3046847ee6e0eb774f59afc3435be662b02298861
                                                  • Instruction ID: 958f9659742d7f0a29939cde11f4a58c302db6e0e10cb6575b79f438a31982bc
                                                  • Opcode Fuzzy Hash: 38a6da67f0a2d9dcabd3e4f3046847ee6e0eb774f59afc3435be662b02298861
                                                  • Instruction Fuzzy Hash: 74428886E2E31A9AFF97A170C5016A15B80DF2F182F238F579836719A1772F4ACF05D4
                                                  Function 03190E3B Relevance: 2.9, Strings: 1, Instructions: 1601COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 84ebe9b1415ecc44371e99edfb26ce5a9a51dbdc94d1fb88d7749d0b85b1ebeb
                                                  • Instruction ID: f9c7478165f2c02066f0890b7a62848cd3791dd25ed94d840137c17e0f554dd8
                                                  • Opcode Fuzzy Hash: 84ebe9b1415ecc44371e99edfb26ce5a9a51dbdc94d1fb88d7749d0b85b1ebeb
                                                  • Instruction Fuzzy Hash: 04926846E2E31AAAFE87B031C5017A15B80DF2F5C6F238F67983671961772B4ACE05D4
                                                  Function 03190E68 Relevance: 2.8, Strings: 1, Instructions: 1599COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 4ed7d0c24986d6b92bfb030780985fe3006a65f7a30e2b5e57dcfb85239a9ef4
                                                  • Instruction ID: 17aee17f3366f62d7c7ca866515127ab9188c62682ae09c37642e34a13342989
                                                  • Opcode Fuzzy Hash: 4ed7d0c24986d6b92bfb030780985fe3006a65f7a30e2b5e57dcfb85239a9ef4
                                                  • Instruction Fuzzy Hash: 44925946E2E31AAAFF87B031C5017A15B80DF2F586F238F67983671961772B4ACE05D4
                                                  Function 03190EB7 Relevance: 2.8, Strings: 1, Instructions: 1585COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 468480b8e309d75ca29913573e42fc18f636e4d10c1563f6318664710dbff3f8
                                                  • Instruction ID: a373e995653a51217cbb9a30631135101af600c416a22ff8a4029265dc4debd9
                                                  • Opcode Fuzzy Hash: 468480b8e309d75ca29913573e42fc18f636e4d10c1563f6318664710dbff3f8
                                                  • Instruction Fuzzy Hash: 0E926946E2E31AAAFE87B031C5017A15B80DF2F582F238F67983671961772B4ACE05D4
                                                  Function 03190FA1 Relevance: 2.8, Strings: 1, Instructions: 1569COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 6c70aef48a91794e2bd4c42c67142ee69f925aa895b8ede9b8744523343ca8f5
                                                  • Instruction ID: eb9989424cd1076b18992933c0b3ec0152cfac70fcfb25ae2b1f142ef195254a
                                                  • Opcode Fuzzy Hash: 6c70aef48a91794e2bd4c42c67142ee69f925aa895b8ede9b8744523343ca8f5
                                                  • Instruction Fuzzy Hash: 24925846E2E31AAAFF87B031C5017A15B80DF2F586F238F67983671961772B4ACE05D4
                                                  Function 03190F44 Relevance: 2.8, Strings: 1, Instructions: 1568COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: c2c8195de70da16bd45990bfb5e5a8620fb67d556a49099d6600e7dde3e19b36
                                                  • Instruction ID: 0302ba96045523289e19d3a6d2e9ba80d0dfb2a936f479e9484fa7fb3835f83c
                                                  • Opcode Fuzzy Hash: c2c8195de70da16bd45990bfb5e5a8620fb67d556a49099d6600e7dde3e19b36
                                                  • Instruction Fuzzy Hash: F8925846E2E31AAAFE87B031C5017A15B80DF2F5C6F238F67983671961772B4ACE05D4
                                                  Function 03190F64 Relevance: 2.8, Strings: 1, Instructions: 1565COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 7e40959d3b35ac794696208c404f10f628b58b15080f196ea78a2a536497a3e6
                                                  • Instruction ID: 4ea33ce8011746a756bbc4b98e7f85a71bb1e4ee74564a67cc7a08e59f606130
                                                  • Opcode Fuzzy Hash: 7e40959d3b35ac794696208c404f10f628b58b15080f196ea78a2a536497a3e6
                                                  • Instruction Fuzzy Hash: B6925846E2E31AAAFF87B031C5016A15B80DF2F5C6F238F67983671961772B4ACE05D4
                                                  Function 03190FD8 Relevance: 2.8, Strings: 1, Instructions: 1554COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 4b3a2fb207f2c0dba02400041825bd2f384b1672f38178ad95ef2e407870cab8
                                                  • Instruction ID: 889b6b1ef1c9e2b212d6920f0d8e79fde6611a531f1077406555d99a5c13e343
                                                  • Opcode Fuzzy Hash: 4b3a2fb207f2c0dba02400041825bd2f384b1672f38178ad95ef2e407870cab8
                                                  • Instruction Fuzzy Hash: 3A925846E2E31AAAFE87B031C5017A15B80DF2F5C2F238F67983671961772B4ACE05D4
                                                  Function 03191227 Relevance: 2.7, Strings: 1, Instructions: 1480COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 2f8eb432bbf45428991373ebbd519fd1c83d7bce287b91e88c8ebe8721d6a982
                                                  • Instruction ID: b60a212728eb6b5d4e465f5a0c5999d1bfe1833830e2657d50372ab11a5374d0
                                                  • Opcode Fuzzy Hash: 2f8eb432bbf45428991373ebbd519fd1c83d7bce287b91e88c8ebe8721d6a982
                                                  • Instruction Fuzzy Hash: B4826846E2E31AAAFE87B071C5017A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 031912B1 Relevance: 2.7, Strings: 1, Instructions: 1478COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: b8d4054ea758a4ed6c024f16c5e754069d604335926c2b9390dff2e8af76e279
                                                  • Instruction ID: 19278f801e8d386abae5f5ce0196bdd40b6c3e884e5886f0df546f7c898ba648
                                                  • Opcode Fuzzy Hash: b8d4054ea758a4ed6c024f16c5e754069d604335926c2b9390dff2e8af76e279
                                                  • Instruction Fuzzy Hash: 8B826846E2E31AAAFE87B070C5017A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 0319123A Relevance: 2.7, Strings: 1, Instructions: 1474COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 59b25fbd17b54be2732f9ceb2614ef1f4623334eb1837d56902029d81c9650d4
                                                  • Instruction ID: 27398b9a2ebb2ae18b1445ea61e30a05d7ce1563455fb14bceea29476b7163f7
                                                  • Opcode Fuzzy Hash: 59b25fbd17b54be2732f9ceb2614ef1f4623334eb1837d56902029d81c9650d4
                                                  • Instruction Fuzzy Hash: 67825846E2E31AAAFE87B070C5417A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 0319127D Relevance: 2.7, Strings: 1, Instructions: 1462COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: f7286b5d0b82b44aab1b593546299c7f3b51b306527b3d61d2b886f22ba19776
                                                  • Instruction ID: c71aad293f8e3677dd9e83e7ca49c00874e7ce77c4d910bb9d3df0351ebb4895
                                                  • Opcode Fuzzy Hash: f7286b5d0b82b44aab1b593546299c7f3b51b306527b3d61d2b886f22ba19776
                                                  • Instruction Fuzzy Hash: 92826846E2E31AAAFE87A071C5017A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 031913C2 Relevance: 2.7, Strings: 1, Instructions: 1439COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: a59679cc8871117921a09b585f333662fedc872b2b2ee9a294bfc85c95603011
                                                  • Instruction ID: 08f4ab2133258f405710fb1c821fe6573dfe35123af217b38f92d5f821df4c8b
                                                  • Opcode Fuzzy Hash: a59679cc8871117921a09b585f333662fedc872b2b2ee9a294bfc85c95603011
                                                  • Instruction Fuzzy Hash: 4C827946E2E31AAAFF87A031C5417A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 031913F3 Relevance: 2.7, Strings: 1, Instructions: 1438COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: a19437a256af6512b709f81cc50f2ca7668bd2e1e9df37d03c5512922918c11e
                                                  • Instruction ID: 1023fc3c469ae0fa0e8290be4ff9cc062a31954eea294d4a5647ea20f65dd489
                                                  • Opcode Fuzzy Hash: a19437a256af6512b709f81cc50f2ca7668bd2e1e9df37d03c5512922918c11e
                                                  • Instruction Fuzzy Hash: 74827A46E2E31A9AFF87A070C5417A15B80DF2F582F238F679836719A1772F4ACE05D4
                                                  Function 03191325 Relevance: 2.7, Strings: 1, Instructions: 1437COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 1e2fb6b65b71bda1b63f75e3bf2135605ca5dd4048142de7072ade7af18eb643
                                                  • Instruction ID: e3be487c83b6647922f9efebd05c8da673c30a2adcace2489c162156c2a31c24
                                                  • Opcode Fuzzy Hash: 1e2fb6b65b71bda1b63f75e3bf2135605ca5dd4048142de7072ade7af18eb643
                                                  • Instruction Fuzzy Hash: 0E826A46E2E31AAAFF87A031C5417A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 03191316 Relevance: 2.7, Strings: 1, Instructions: 1432COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: c5f5a22b32c1f61f4a1e53340ecf8867777b7d9943f602ad1cbd2c3fd724858a
                                                  • Instruction ID: 18fc2a9a94e7add6dadbd5cea5a91ffd7d297cad60cec3ca5136ec5fda3b32fb
                                                  • Opcode Fuzzy Hash: c5f5a22b32c1f61f4a1e53340ecf8867777b7d9943f602ad1cbd2c3fd724858a
                                                  • Instruction Fuzzy Hash: 71826946E2E31AAAFE87B071C5417A15B80DF2F582F238F67983671961372F4ACE05D4
                                                  Function 03191368 Relevance: 2.7, Strings: 1, Instructions: 1429COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 6bc58c1d2bcee1d64ade08004c1b1a6aa4c59665fb52e708c3cc5f4e7206542b
                                                  • Instruction ID: b280370185b118fce042d2908ce0098106fec9c5620abbea181036d9bbff5972
                                                  • Opcode Fuzzy Hash: 6bc58c1d2bcee1d64ade08004c1b1a6aa4c59665fb52e708c3cc5f4e7206542b
                                                  • Instruction Fuzzy Hash: C2827946E2E31AAAFF87A071C5417A15B80DF2F582F238F67983671961372F4ACE05D4
                                                  Function 0319139C Relevance: 2.7, Strings: 1, Instructions: 1408COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: bfccfa1020119627403361f43818e39607fdf18a34db09e069bc7285cb76881a
                                                  • Instruction ID: 8137bc75211c0d892c4d48ffd9079a98e8751988cd29d7b9cf46fdab1b4fc7aa
                                                  • Opcode Fuzzy Hash: bfccfa1020119627403361f43818e39607fdf18a34db09e069bc7285cb76881a
                                                  • Instruction Fuzzy Hash: 59826946E2E31AAAFF87B070C5416A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 03191677 Relevance: 2.6, Strings: 1, Instructions: 1330COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 06b0dd8457b0fd5938aaad43c6907ce6a4fb6bdddfd346de1d43d5ff6b463cd2
                                                  • Instruction ID: 97ce46a6b92bbeb12c57aae87b35e70812f060e85af01d386fcb84d29dd71876
                                                  • Opcode Fuzzy Hash: 06b0dd8457b0fd5938aaad43c6907ce6a4fb6bdddfd346de1d43d5ff6b463cd2
                                                  • Instruction Fuzzy Hash: AB726986E2E31A9AFF87B071C5016A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 03191697 Relevance: 2.6, Strings: 1, Instructions: 1330COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: c2bc9211532db9549e632532f06a6dc80b409e03938582575fe0cc25bc24685c
                                                  • Instruction ID: 0671dd9382df54356ab1d32426e81739d5f89d2917318c8b842b6e0cce95e460
                                                  • Opcode Fuzzy Hash: c2bc9211532db9549e632532f06a6dc80b409e03938582575fe0cc25bc24685c
                                                  • Instruction Fuzzy Hash: 04726886E2E31A9AFF87B071C5016A15B80DF2F582F238F67983671961772F4ACE05D4
                                                  Function 03191782 Relevance: 2.6, Strings: 1, Instructions: 1327COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 253f4910464d4a7f8d1c05d93ce21da3c6fdd1bd200499f72644e253e5f89549
                                                  • Instruction ID: efa2e8667f80cc336058a51be5826b8b34a9c02cc9118c791e4550f0c1c4e77a
                                                  • Opcode Fuzzy Hash: 253f4910464d4a7f8d1c05d93ce21da3c6fdd1bd200499f72644e253e5f89549
                                                  • Instruction Fuzzy Hash: D6727986E2E31A9AFF87B070C5016A55B80DF2F182F238F67983671961772F4ACE05D4
                                                  Function 031916FE Relevance: 2.6, Strings: 1, Instructions: 1325COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 8c224e3a2a1d46eb3458d920152f240aa7a9891572cb1a339b5a6370c8f6284c
                                                  • Instruction ID: 46570175fb8546b36e08a01841d9697193fec84b2614486d8d760a9aa6be9493
                                                  • Opcode Fuzzy Hash: 8c224e3a2a1d46eb3458d920152f240aa7a9891572cb1a339b5a6370c8f6284c
                                                  • Instruction Fuzzy Hash: 6A727A86E2E31A9AFF87B070C5016A15B80DF2F182F238F67983671961772F4ACE05D4
                                                  Function 031917F9 Relevance: 2.5, Strings: 1, Instructions: 1282COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: ad43e13aa9e12ec79c883f07caac39505636cf82a961d000de9595999ae59786
                                                  • Instruction ID: b47eb5ebb04d4dab5f9d2861b320f71f6362366cfcf56542bf295091e834e696
                                                  • Opcode Fuzzy Hash: ad43e13aa9e12ec79c883f07caac39505636cf82a961d000de9595999ae59786
                                                  • Instruction Fuzzy Hash: 13726886E2E31A9AFF97B071C5016A15B80DF2F182F238F67983671961772F4ACE05D4
                                                  Function 031917DD Relevance: 2.5, Strings: 1, Instructions: 1280COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 7712946ed233d2f1c29de82fe69ee6fa485e7a8c643d93e745553b5826124d0f
                                                  • Instruction ID: 73e12c96aa873ed3c9b0dc0ffc8e34da194db2553698f3f0596f2cf35bfac955
                                                  • Opcode Fuzzy Hash: 7712946ed233d2f1c29de82fe69ee6fa485e7a8c643d93e745553b5826124d0f
                                                  • Instruction Fuzzy Hash: A6727986E2E31A9AFF87B071C5016A15B80DF2F182F238F67983671961772F4ACE05D4
                                                  Function 03191A6C Relevance: 2.5, Strings: 1, Instructions: 1221COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: a474ba8d932493af8cf7605576755d30553e3e6a1d1521c96dab9caeed88618a
                                                  • Instruction ID: 6fced1d1fc9321d209f7430a06e33e4c688f0b2e724fe6f096bf73aee158cb60
                                                  • Opcode Fuzzy Hash: a474ba8d932493af8cf7605576755d30553e3e6a1d1521c96dab9caeed88618a
                                                  • Instruction Fuzzy Hash: 88626846E2E31A9AFF97A030C5416A55B80DF2F182F238F679836719A1772F4ACF05D4
                                                  Function 03191ACD Relevance: 2.5, Strings: 1, Instructions: 1218COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: b7849a4d9020c3a92c48a96949a00e5b4b2dbf29b539bd0f31b99ca04fcb6c54
                                                  • Instruction ID: 69b91a6971f4a4638d021f978257afe60db0acf9a9d5f6b1db523d6dcfe505d6
                                                  • Opcode Fuzzy Hash: b7849a4d9020c3a92c48a96949a00e5b4b2dbf29b539bd0f31b99ca04fcb6c54
                                                  • Instruction Fuzzy Hash: F1627946E2E31A9AFF97B070C5416A15B80DF2F182B238F679836719A1772F4ACF05D4
                                                  Function 03191A53 Relevance: 2.4, Strings: 1, Instructions: 1200COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: de9da95e7ec657c7afec377d7fb075822024b2370def0e68240cecf317d6cf32
                                                  • Instruction ID: ba44a4605def35d05ca6ff054d3f2697c92ce190eca4a3efc7a0a397c50d18c1
                                                  • Opcode Fuzzy Hash: de9da95e7ec657c7afec377d7fb075822024b2370def0e68240cecf317d6cf32
                                                  • Instruction Fuzzy Hash: 4D627986E2E31A9AFF97B070C5416A15B80DF2F182B238F67983671961772F4ACF05D4
                                                  Function 03191AAE Relevance: 2.4, Strings: 1, Instructions: 1187COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 6b718187e17e81f5a9decef24ddadc04626d21fd826aec6b5791e750f67683e5
                                                  • Instruction ID: a893dea7d3c42885e1d6e55a5d6ab0d8c2f2199189d94a1c6f1014ad6628c398
                                                  • Opcode Fuzzy Hash: 6b718187e17e81f5a9decef24ddadc04626d21fd826aec6b5791e750f67683e5
                                                  • Instruction Fuzzy Hash: 80626846E2E31A9AFF97A070C5016A15B80DF2F582F238F67983671961772F4ACF05D4
                                                  Function 03191B46 Relevance: 2.4, Strings: 1, Instructions: 1174COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 2880700fd96b06e86e30a2326e54d76e0894daa7e907db9950c7d9f374be15cf
                                                  • Instruction ID: 92dbc641ad084f7bc25abebccd26182416d121a3f1175146ea2ea7fbcf296ace
                                                  • Opcode Fuzzy Hash: 2880700fd96b06e86e30a2326e54d76e0894daa7e907db9950c7d9f374be15cf
                                                  • Instruction Fuzzy Hash: D5627946E2E31A9AFF97A070C5016A15B80DF2F182F238F679836719A1772F4ACF05D4
                                                  Function 03191B94 Relevance: 2.4, Strings: 1, Instructions: 1157COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: babbe5169da232d70ba1793ecd583dac609a05f609df06875b2873953faf8b36
                                                  • Instruction ID: c62176d2acd3276c7de05ded603c030febabed08c931a626904e5df6fdb0d7b9
                                                  • Opcode Fuzzy Hash: babbe5169da232d70ba1793ecd583dac609a05f609df06875b2873953faf8b36
                                                  • Instruction Fuzzy Hash: 77527846E2E31A9AFF97A070C5016A15B80DF2F182F238F679836719A1772F4ACF05D4
                                                  Function 03191BE3 Relevance: 2.4, Strings: 1, Instructions: 1151COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: ed64453796d1ad8ebd86fea305e57cf432f91f07232217dca10f28b578a56edd
                                                  • Instruction ID: 718d69e9bf4cb758fbeb2394e02ab6cbeda3ef21a4a7f118f84e9cf75905bd8b
                                                  • Opcode Fuzzy Hash: ed64453796d1ad8ebd86fea305e57cf432f91f07232217dca10f28b578a56edd
                                                  • Instruction Fuzzy Hash: 27527746E2E31A9AFF97A070C5016A15B80DF2F182F238F679836719A1772F4ACF05D4
                                                  Function 03191E2E Relevance: 2.3, Strings: 1, Instructions: 1080COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: d341ac24ac99842ce369e7d9f0dc7bf009f11098515aaf78696c74d160a1691d
                                                  • Instruction ID: 149cacccab72144af584ffcabac1c26070a719bf3d3a4ddc2c85f621ae00a1f9
                                                  • Opcode Fuzzy Hash: d341ac24ac99842ce369e7d9f0dc7bf009f11098515aaf78696c74d160a1691d
                                                  • Instruction Fuzzy Hash: 8E528986E2E31A9AFF97A071C5016A15B80DF2F182F238F579836719A1772F4ACF05D4
                                                  Function 03191EF7 Relevance: 2.3, Strings: 1, Instructions: 1078COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 60d6721a0aa2eccd45e2684266cd174b4c77f41b4bf4dcb31655b1e7717d9144
                                                  • Instruction ID: de4a1befe2a2b98318c52af68700e730915e23a1b7ffd546017653914b36934e
                                                  • Opcode Fuzzy Hash: 60d6721a0aa2eccd45e2684266cd174b4c77f41b4bf4dcb31655b1e7717d9144
                                                  • Instruction Fuzzy Hash: 0A529986E2E31A9AFF97A070C5016A15B80DF2F182F238F579836719A1772F4ACF05D4
                                                  Function 03191E6A Relevance: 2.3, Strings: 1, Instructions: 1069COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 9ef1105cfe8ee5ce3a2c6f30c1ee166fe73fbf844a28cf06de75b43cce31388e
                                                  • Instruction ID: e669f9f6516289263e5730da4ed25e9f7aa3cd29a09b0e8863ea892b14954a06
                                                  • Opcode Fuzzy Hash: 9ef1105cfe8ee5ce3a2c6f30c1ee166fe73fbf844a28cf06de75b43cce31388e
                                                  • Instruction Fuzzy Hash: 0F528886E2E31A9AFF97A071C5016A15B80DF2F582F238F579836719A1372F4ACF05D4
                                                  Function 03191EB8 Relevance: 2.3, Strings: 1, Instructions: 1061COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: e1da889ef1290a99dfd0865e1480ecc909506c5044a3a6f8af0cbcfd0b7ed398
                                                  • Instruction ID: 3a5a81580bb150548494934ab7ec507ed93b3a0e9bda3641bbe757a07d08fc22
                                                  • Opcode Fuzzy Hash: e1da889ef1290a99dfd0865e1480ecc909506c5044a3a6f8af0cbcfd0b7ed398
                                                  • Instruction Fuzzy Hash: 89528786E2E31A9AFF97A170C5016A15B80DF2F182F238F579836719A1772F4ACF05D4
                                                  Function 03191F23 Relevance: 2.3, Strings: 1, Instructions: 1054COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 9e9402d4c7fc705d9d8100b1fef71ff6e499cdb19347b6568b9771e2a44cbbd3
                                                  • Instruction ID: 412d9c1b18c3ecfda211bb988f17ec684b61bb7750cfe1e01b0c81e157a63c40
                                                  • Opcode Fuzzy Hash: 9e9402d4c7fc705d9d8100b1fef71ff6e499cdb19347b6568b9771e2a44cbbd3
                                                  • Instruction Fuzzy Hash: 66528886E2E71A9AFF97A170C5016A15B80DF2F182F238F579836719A1772F4ACF05C4
                                                  Function 03191F5D Relevance: 2.3, Strings: 1, Instructions: 1045COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 2d3536984f0cb555881c7bf2fed5659b8a92ae3a1b8f36fb5c03204102d5d3c1
                                                  • Instruction ID: 4031cb9d2b0f71c628949a77cbc21d611201310d288f07973dc72c8ac7fc87d7
                                                  • Opcode Fuzzy Hash: 2d3536984f0cb555881c7bf2fed5659b8a92ae3a1b8f36fb5c03204102d5d3c1
                                                  • Instruction Fuzzy Hash: 02527786E2E71A9AFF97A170C5016A15B80DF2F182F238F579836719A1772F4ACF05C4
                                                  Function 03191FF9 Relevance: 2.3, Strings: 1, Instructions: 1021COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 41a5b7a5141a30a95f3bc628b3d93f456cb9e20e43c595a4a42a32a8f3b1c3ad
                                                  • Instruction ID: 2ac691e04e7d654092288d0ce7f4f435fa1b8335613c40cb007e70bd8dccad6f
                                                  • Opcode Fuzzy Hash: 41a5b7a5141a30a95f3bc628b3d93f456cb9e20e43c595a4a42a32a8f3b1c3ad
                                                  • Instruction Fuzzy Hash: 2F427686E2E31A9AFF97A170C5016A15B80DF2F182F238F579836719A1372F4ACF05D4
                                                  Function 031922B0 Relevance: 2.2, Strings: 1, Instructions: 949COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 4de271ab86cd244f332d5e00c700479971c61cf86430d3fc2330368b4ffe8cc4
                                                  • Instruction ID: 6365be98df0446b8a4cc132c5648978062166ea88d34c13b59e3399a57bdaf0a
                                                  • Opcode Fuzzy Hash: 4de271ab86cd244f332d5e00c700479971c61cf86430d3fc2330368b4ffe8cc4
                                                  • Instruction Fuzzy Hash: D9429846E2E31A9AFF97A170C5416A15B80DF2F1C2B238F579836719A1772F4ACF05C4
                                                  Function 0319222D Relevance: 2.2, Strings: 1, Instructions: 944COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 8fff8a6bb0191d6bfb4dd1452fbe73a3c30a941cab7fa5ae1cdb7d4b60323c5a
                                                  • Instruction ID: 4e3efbf67512800451f9e590ae36ca5bbcc81d0e5bd51f69fa5380f662c856dd
                                                  • Opcode Fuzzy Hash: 8fff8a6bb0191d6bfb4dd1452fbe73a3c30a941cab7fa5ae1cdb7d4b60323c5a
                                                  • Instruction Fuzzy Hash: E4329886E2E31A9AFE97A171C5416A15B80DF2F1C2F238F579836719A1372F4ACF05C4
                                                  Function 03192278 Relevance: 2.2, Strings: 1, Instructions: 942COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 923d93784cf9ec374a93c2750b039285a7c7f1fc27cee0c0ed45d6a092ce8bcf
                                                  • Instruction ID: 85717960373f05b78844c9ecfa7b45c072b0231f72dbe2f2f91b3f964c3ce04c
                                                  • Opcode Fuzzy Hash: 923d93784cf9ec374a93c2750b039285a7c7f1fc27cee0c0ed45d6a092ce8bcf
                                                  • Instruction Fuzzy Hash: B9329886E2E31A9AFE97A071C5416A15B80DF2F1C2F238F579836719A1772F4ACF05C4
                                                  Function 03192261 Relevance: 2.2, Strings: 1, Instructions: 940COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: c971a566b491d6dba10eed0f25d867b9d851b3eb938988c71b2e38a2a8246e93
                                                  • Instruction ID: e9c131c27ccbba1211852bf613324b04b4ab3978648c3f7e9c1e84e15c8efa68
                                                  • Opcode Fuzzy Hash: c971a566b491d6dba10eed0f25d867b9d851b3eb938988c71b2e38a2a8246e93
                                                  • Instruction Fuzzy Hash: 22329886E2E31A9AFE97A171C5416A15B80DF2F1C2F238F579836719A1372F4ACF05C4
                                                  Function 03192312 Relevance: 2.2, Strings: 1, Instructions: 931COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 9adb4be9591f14116c04b86cf9bd350005a9ba84799d01c22352fae2cb4368e7
                                                  • Instruction ID: 309708a7ac8b0a8ed0248da3c38adce78e90f4e88574228bf44e605b28c6bfc7
                                                  • Opcode Fuzzy Hash: 9adb4be9591f14116c04b86cf9bd350005a9ba84799d01c22352fae2cb4368e7
                                                  • Instruction Fuzzy Hash: A6328846E2E31A9AFF97A170C5416A15B80DF2F182B238F5B9836719A1772F4ACF05C4
                                                  Function 03192389 Relevance: 2.2, Strings: 1, Instructions: 930COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 42cd0b2f366265d979753f1551ca629a3c70a22c6f0232c2580284f4ee902dbf
                                                  • Instruction ID: 2c39bf81bce132b9fcba757c53067819e5c6275617c383c1faf2584190ad4fe4
                                                  • Opcode Fuzzy Hash: 42cd0b2f366265d979753f1551ca629a3c70a22c6f0232c2580284f4ee902dbf
                                                  • Instruction Fuzzy Hash: 36329A46E2E31A9AFF97A170C5416A15B80DF2B1C2B238F579836719A1772F4ACF05C4
                                                  Function 031923A8 Relevance: 2.2, Strings: 1, Instructions: 921COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: f860ab24fdc28943c7e840d692deb9c807403b6295d676020a7a3296d95b1eba
                                                  • Instruction ID: 2e682004f62e4dada55bc19bdd8a657a4d214f371c332a3654a15013bca8e5e8
                                                  • Opcode Fuzzy Hash: f860ab24fdc28943c7e840d692deb9c807403b6295d676020a7a3296d95b1eba
                                                  • Instruction Fuzzy Hash: FE328986E2E31A9AFE97A170C5416A15B80DF2F1C2F238F579836719A1772F4ACF05C4
                                                  Function 031923C2 Relevance: 2.2, Strings: 1, Instructions: 901COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 8a091ba0ed11bdad239613394b430df47446e488d0ef1538defc52198526873b
                                                  • Instruction ID: e8ab0aa10f69b7b17d99dcabea49252e3cc01332ca21187468c1accf9bbc9a2b
                                                  • Opcode Fuzzy Hash: 8a091ba0ed11bdad239613394b430df47446e488d0ef1538defc52198526873b
                                                  • Instruction Fuzzy Hash: 6F328846E2E31A9AFE97A170C5416A15B80DF2F1C2B238F579836719A1772F4ACF05C4
                                                  Function 03192647 Relevance: 2.1, Strings: 1, Instructions: 828COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 3aa342fb56b34f3aa28757ce9b30298a2d1d96c97d2ca672ab8a6362bf713b91
                                                  • Instruction ID: 8c920240356f2b19986cad6534836410222ac2cc6b29be2b656fce4367ef52e0
                                                  • Opcode Fuzzy Hash: 3aa342fb56b34f3aa28757ce9b30298a2d1d96c97d2ca672ab8a6362bf713b91
                                                  • Instruction Fuzzy Hash: 09227886E2E31A9AFF97A170C5016A15B80DF2F182F238F579836719A1772F4ACF05D4
                                                  Function 03192613 Relevance: 2.1, Strings: 1, Instructions: 821COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 268cadd8e9cf2bd357bf1a2d2832ccfee255390cf7f86a9eab27c45cad8d1531
                                                  • Instruction ID: f4d2eba7e1b28d51a8b25d197e68ddae0e8a8e6c68cff6afd5813cc2a07e0615
                                                  • Opcode Fuzzy Hash: 268cadd8e9cf2bd357bf1a2d2832ccfee255390cf7f86a9eab27c45cad8d1531
                                                  • Instruction Fuzzy Hash: C7227886E2E31A9AFF97A170C5016A15B80DF2B182F238F579836719A1772F4ACF05D4
                                                  Function 03192681 Relevance: 2.1, Strings: 1, Instructions: 807COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: ba565394eb34af11208b762b9965f2a7e8edc49fe45aaf137494d14bd774141e
                                                  • Instruction ID: c49f8093ff6941bccd3352f3a339bd9f7b75e1ae78b33073a823f1b9f9d43302
                                                  • Opcode Fuzzy Hash: ba565394eb34af11208b762b9965f2a7e8edc49fe45aaf137494d14bd774141e
                                                  • Instruction Fuzzy Hash: 5E228886E2E31A9AFF97A170C5016A15B80DF2B1C2F238F579836719A1772F4ACF05D4
                                                  Function 031926A8 Relevance: 2.1, Strings: 1, Instructions: 805COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 7c06b7448467c47bd7ccefdd5198c67f9b958c402f58ef2e9c19af9239d40359
                                                  • Instruction ID: 92bb764109c40e0866d0721d96ef5eef2aad72b2df190636404f767966fe07f8
                                                  • Opcode Fuzzy Hash: 7c06b7448467c47bd7ccefdd5198c67f9b958c402f58ef2e9c19af9239d40359
                                                  • Instruction Fuzzy Hash: 19228886E2E31A9AFF97A170C5016A15B80DF2B1C2F238F579836719A1772F4ACF05D4
                                                  Function 031926E9 Relevance: 2.0, Strings: 1, Instructions: 792COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 0bd68921010dfc0db2379ffbcfcc0353c93d7cf96d6b87fe3ae1f87adcef44d2
                                                  • Instruction ID: 6476938f4ea8fcf748e3bcc1f77c28d93550b9c31a68827562b9398b187fbac1
                                                  • Opcode Fuzzy Hash: 0bd68921010dfc0db2379ffbcfcc0353c93d7cf96d6b87fe3ae1f87adcef44d2
                                                  • Instruction Fuzzy Hash: F7227786E2E31A9AFF97A170C5016A15B80DF2B1C2F238F579836719A1772F4ACF05D4
                                                  Function 031927FE Relevance: 2.0, Strings: 1, Instructions: 788COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 50fad88403f9b82071bed411dcd1764af58fd2390b8347f41476725c32de0461
                                                  • Instruction ID: 5260b56b565be30b718fdbd333b4ace0ca5afc0f945731727e763c23b843ffa4
                                                  • Opcode Fuzzy Hash: 50fad88403f9b82071bed411dcd1764af58fd2390b8347f41476725c32de0461
                                                  • Instruction Fuzzy Hash: 4A228A86E2E31A9AFF97A170C5016A15B80DF2F1C2B238F579836719A5772F4ACF05C4
                                                  Function 031927C6 Relevance: 2.0, Strings: 1, Instructions: 787COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: a0cd4a80a9fef02bbe1fc4bbb1aa5534793880a47eb513c47c61ed71f6c5cc4e
                                                  • Instruction ID: a6f04a310b18aabde03b7f7103b0766b6a8cae165f5f83000fca33ef5d7903de
                                                  • Opcode Fuzzy Hash: a0cd4a80a9fef02bbe1fc4bbb1aa5534793880a47eb513c47c61ed71f6c5cc4e
                                                  • Instruction Fuzzy Hash: CD12A986E2E31A9AFF97A170C5016A15B80DF2F1C2B238F579836719A1772F4ACF05C4
                                                  Function 0319276E Relevance: 2.0, Strings: 1, Instructions: 780COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: f94e8741a1aedadc1efcd3c1251a725c2e4c79949e9c98d04fc56f78f0495a0b
                                                  • Instruction ID: 7407d46b974e3fa36df2832fcff215501083d6a0d17fbc099ecf75f63b96751e
                                                  • Opcode Fuzzy Hash: f94e8741a1aedadc1efcd3c1251a725c2e4c79949e9c98d04fc56f78f0495a0b
                                                  • Instruction Fuzzy Hash: 42128886E2E31A9AFF97B170C5016A15B80DF2B1C2B238F579836719A1772F4ACF05D4
                                                  Function 03192797 Relevance: 2.0, Strings: 1, Instructions: 777COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: d786e55e70c35c8cfa8201ebb8c89d6330fabd4c3dd6934a6e349a63b17e03db
                                                  • Instruction ID: b00c76762fa62e09936201d663c4b28db6d28c18c386446cc50d51d9feefcb28
                                                  • Opcode Fuzzy Hash: d786e55e70c35c8cfa8201ebb8c89d6330fabd4c3dd6934a6e349a63b17e03db
                                                  • Instruction Fuzzy Hash: 7F128986E2E31A9AFF97A170C5016A15B80DF2F1C2B238F57983671961772F4ACF05C4
                                                  Function 03192A52 Relevance: 2.0, Strings: 1, Instructions: 746COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 18224ae0561aa71f8125fd4d65ae8ea8a1cd4745ebe9594a0d9d4009c917d454
                                                  • Instruction ID: 308ca3561902b4461ed39fa61fb5de91e38496aae73b0f8415c13a457cacabad
                                                  • Opcode Fuzzy Hash: 18224ae0561aa71f8125fd4d65ae8ea8a1cd4745ebe9594a0d9d4009c917d454
                                                  • Instruction Fuzzy Hash: 5C12AA4AE2E31A9AFF97B130C5416A55B80DF2F182B238F579836719A1772F4ACF05C4
                                                  Function 03192A77 Relevance: 2.0, Strings: 1, Instructions: 700COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: 4b591803a557361ffc015f677b842627a348989d7714384c5b019044998e7548
                                                  • Instruction ID: 8d20cb161cdc727f9103cfdccdbe5f52210bd513b807b495865323140f6c52d8
                                                  • Opcode Fuzzy Hash: 4b591803a557361ffc015f677b842627a348989d7714384c5b019044998e7548
                                                  • Instruction Fuzzy Hash: FB029A4AE2E31A9AFF97B170C5016A55B80DF2F1C2B238F579836719A1772F4ACE05C4
                                                  Function 03192AF9 Relevance: 1.9, Strings: 1, Instructions: 694COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: m VK
                                                  • API String ID: 0-3718960360
                                                  • Opcode ID: ee5bfb088fc3c58e3a83e75c6597b5342e823428c93db660e9fce5c97105d5b6
                                                  • Instruction ID: a72ddbee9265e66d17161707a7369aaebd3d6e08e1b9accf705a1ff6f1f4c53d
                                                  • Opcode Fuzzy Hash: ee5bfb088fc3c58e3a83e75c6597b5342e823428c93db660e9fce5c97105d5b6
                                                  • Instruction Fuzzy Hash: 04029C4AE2E3169AFF87B170C5016A55B80DF2F1C6B238F579836B19A1772F4ACE05C4
                                                  Function 0319022B Relevance: 1.6, Strings: 1, Instructions: 354COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3421465563.0000000003190000.00000040.00001000.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_3190000_Micra.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: G
                                                  • API String ID: 0-985283518
                                                  • Opcode ID: dc87f09054a646cbc778a502f3f62a3d89a08e104248def7cc85d651cc89d055
                                                  • Instruction ID: dd70810ce70f19ad2244bf487b320fb53ebebc9748ad62641d33895eb62582e4
                                                  • Opcode Fuzzy Hash: dc87f09054a646cbc778a502f3f62a3d89a08e104248def7cc85d651cc89d055
                                                  • Instruction Fuzzy Hash: 3EA19883E3A3198AFE97B070C5016A19B85DF1F485F178F5B8826B18A1372F4ACE19C4
                                                  Function 100021FA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalFree.KERNEL32(00000000), ref: 10002348
                                                    • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C5
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022DA
                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E9
                                                  • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F7
                                                  • GlobalFree.KERNEL32(00000000), ref: 100022FE
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                  • String ID: @Hmu
                                                  • API String ID: 3730416702-887474944
                                                  • Opcode ID: 0f1d2088a070cebd5915530b0a964975e4ea41447dfd67459970790859c4aece
                                                  • Instruction ID: a642113aa4013a2ca06c871554e8d399cf46bf4099943ddf9e0960cc50565d32
                                                  • Opcode Fuzzy Hash: 0f1d2088a070cebd5915530b0a964975e4ea41447dfd67459970790859c4aece
                                                  • Instruction Fuzzy Hash: A941BCB1508311EFF320DF648C84B6AB7E8FF443D0F11892AF946D61A9DB34AA40CB61
                                                  Function 100023D8 Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                  • GlobalFree.KERNEL32(?), ref: 100024B3
                                                  • GlobalFree.KERNEL32(00000000), ref: 100024ED
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: 9b8f7426cd7417a05f7efaca6ab9ef20acf91f7aea9c9defdea317c740d0f0ba
                                                  • Instruction ID: c0db1d51d0d8beb2da32add46ec64f24e8f484468aa98c5ce89375ba0c102a5a
                                                  • Opcode Fuzzy Hash: 9b8f7426cd7417a05f7efaca6ab9ef20acf91f7aea9c9defdea317c740d0f0ba
                                                  • Instruction Fuzzy Hash: 0831A9B1504211EFF322DB94CCC4C2B7BBDEB853D4B118929FA4193228CB31AC94DB62
                                                  Function 1000180D Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: FreeGlobal
                                                  • String ID:
                                                  • API String ID: 2979337801-0
                                                  • Opcode ID: e61c022a33ae2d8226f4f9d8dc9768096fb4d6cd4e5c598d89deb3e57b8d12c3
                                                  • Instruction ID: adaf369aa6dab84e94bee76403d526b7d43184adb12fe210256c1aedb67fe499
                                                  • Opcode Fuzzy Hash: e61c022a33ae2d8226f4f9d8dc9768096fb4d6cd4e5c598d89deb3e57b8d12c3
                                                  • Instruction Fuzzy Hash: 43512536D04159AEFB55DFB488A4AEEBBF6EF453C0F124169E841B315DCA306E4087D2
                                                  Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                  • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                  • GlobalFree.KERNEL32(?), ref: 100011C7
                                                  • GlobalFree.KERNEL32(?), ref: 100011F5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.3428984711.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                  • Associated: 00000000.00000002.3428968276.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3428998849.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  • Associated: 00000000.00000002.3429054882.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_10000000_Micra.jbxd
                                                  Similarity
                                                  • API ID: Global$Free$Alloc
                                                  • String ID:
                                                  • API String ID: 1780285237-0
                                                  • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                  • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                  • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                  • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24