Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
510286.msi

Overview

General Information

Sample name:510286.msi
Analysis ID:1573633
MD5:66b16b0e40121de05fc889765a9a2f54
SHA1:72bbd8cda91693a0f655c67b0e2e9f86efaecc73
SHA256:e158310cb13d1a48304d68dfd83447c4208f27e03f4f13d6a2184364a7c174e4
Tags:aikmouciiqgecoqi-xyzmsiuser-JAMESWT_MHT
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found API chain indicative of debugger detection
Performs DNS queries to domains with low reputation
Tries to resolve many domain names, but no domain seems valid
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks for available system drives (often done to infect USB drives)
Connects to many different domains
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w7x64
  • msiexec.exe (PID: 3580 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\510286.msi" MD5: AC2E7152124CEED36846BD1B6592A00F)
  • msiexec.exe (PID: 3656 cmdline: C:\Windows\system32\msiexec.exe /V MD5: AC2E7152124CEED36846BD1B6592A00F)
    • msiexec.exe (PID: 3968 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0E851BF32976718622E9865433C40305 MD5: 4315D6ECAE85024A0567DF2CB253B7B0)
      • icacls.exe (PID: 4008 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH MD5: 1542A92D5C6F7E1E80613F3466C9CE7F)
      • expand.exe (PID: 4036 cmdline: "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files MD5: 659CED6D7BDA047BCC6048384231DB9F)
      • piovbar.exe (PID: 2148 cmdline: "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe" /VERYSILENT /VERYSILENT MD5: 53215D6E26A13C7586B33498909E0B93)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\$dpx$.tmp\5d1f88a19781ab44b7fb4dbf9087fc72.tmpReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe (copy)ReversingLabs: Detection: 28%
Multi AV Scanner detection for submitted file
Source: 510286.msiReversingLabs: Detection: 34%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.8% probability
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Windows\Logs\DPX\setupact.logJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Windows\Logs\DPX\setuperr.logJump to behavior
Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: 510286.msi, MSIA47A.tmp.2.dr, 4e56b8.msi.2.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F824E _free,_free,FindFirstFileExW,_free,12_2_003F824E
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F82FF FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,12_2_003F82FF

Networking

barindex
Performs DNS queries to domains with low reputation
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keoqiqigggqkcykq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keoqiqigggqkcykq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keoqiqigggqkcykq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keoqiqigggqkcykq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keoqiqigggqkcykq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cycscsqyqkeaykgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cycscsqyqkeaykgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cycscsqyqkeaykgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cycscsqyqkeaykgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cycscsqyqkeaykgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uowowiqiyeiuwmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uowowiqiyeiuwmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uowowiqiyeiuwmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uowowiqiyeiuwmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uowowiqiyeiuwmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uokqeaieowiogsgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uokqeaieowiogsgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uokqeaieowiogsgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uokqeaieowiogsgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uokqeaieowiogsgc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: mmygsewuukqkiiok.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: mmygsewuukqkiiok.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: mmygsewuukqkiiok.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: mmygsewuukqkiiok.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: mmygsewuukqkiiok.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: owoksuegymmgesys.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: owoksuegymmgesys.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: owoksuegymmgesys.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: owoksuegymmgesys.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: owoksuegymmgesys.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: skekiggeimmceqcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: skekiggeimmceqcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: skekiggeimmceqcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: skekiggeimmceqcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: skekiggeimmceqcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ocsqocikkcggeaaw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ocsqocikkcggeaaw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ocsqocikkcggeaaw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ocsqocikkcggeaaw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ocsqocikkcggeaaw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uwgicagyykoommga.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uiggameqqycugsqw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uiggameqqycugsqw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uiggameqqycugsqw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uiggameqqycugsqw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uiggameqqycugsqw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keosqeosukqcooco.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keosqeosukqcooco.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keosqeosukqcooco.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keosqeosukqcooco.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: keosqeosukqcooco.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ymmcwogyimsuqmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ymmcwogyimsuqmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ymmcwogyimsuqmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ymmcwogyimsuqmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ymmcwogyimsuqmcc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: aqgmgoqcoqqkguyk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: aqgmgoqcoqqkguyk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: aqgmgoqcoqqkguyk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: aqgmgoqcoqqkguyk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: aqgmgoqcoqqkguyk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: yyyagyakeciucagk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: yyyagyakeciucagk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: yyyagyakeciucagk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: yyyagyakeciucagk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: yyyagyakeciucagk.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: comuwmkimocayeeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: comuwmkimocayeeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: comuwmkimocayeeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: comuwmkimocayeeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: comuwmkimocayeeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kouumoyqiuckkcau.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kouumoyqiuckkcau.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kouumoyqiuckkcau.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kouumoyqiuckkcau.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kouumoyqiuckkcau.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qgwkkkyicoqmooqu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qgwkkkyicoqmooqu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qgwkkkyicoqmooqu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qgwkkkyicoqmooqu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qgwkkkyicoqmooqu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: syiysgiqgqggqkoc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: syiysgiqgqggqkoc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: syiysgiqgqggqkoc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: syiysgiqgqggqkoc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: syiysgiqgqggqkoc.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cymymsciyaiacwgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cymymsciyaiacwgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cymymsciyaiacwgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cymymsciyaiacwgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: cymymsciyaiacwgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: eigywisgeoiskekg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: eigywisgeoiskekg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: eigywisgeoiskekg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: eigywisgeoiskekg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: eigywisgeoiskekg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ywcwqgmikmycwoeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ywcwqgmikmycwoeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ywcwqgmikmycwoeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ywcwqgmikmycwoeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ywcwqgmikmycwoeu.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ucoweesewcwiosgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ucoweesewcwiosgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ucoweesewcwiosgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ucoweesewcwiosgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ucoweesewcwiosgw.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uqsqcgouceqmigcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uqsqcgouceqmigcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: uqsqcgouceqmigcg.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kwoesauawkouiecq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kwoesauawkouiecq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kwoesauawkouiecq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kwoesauawkouiecq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: kwoesauawkouiecq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: gcuasoickeyqugwe.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: gcuasoickeyqugwe.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: gcuasoickeyqugwe.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: gcuasoickeyqugwe.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: gcuasoickeyqugwe.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ukgmmiakkgwgssak.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ukgmmiakkgwgssak.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ukgmmiakkgwgssak.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ukgmmiakkgwgssak.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: ukgmmiakkgwgssak.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qqmoqouykmakcwwo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qqmoqouykmakcwwo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qqmoqouykmakcwwo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qqmoqouykmakcwwo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qqmoqouykmakcwwo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: giekgiaycwsmicgi.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: giekgiaycwsmicgi.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: giekgiaycwsmicgi.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: giekgiaycwsmicgi.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: giekgiaycwsmicgi.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: sagqoimosegsiusq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: sagqoimosegsiusq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: sagqoimosegsiusq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: sagqoimosegsiusq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: sagqoimosegsiusq.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: iswkciyqkcwyyyoo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: iswkciyqkcwyyyoo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: iswkciyqkcwyyyoo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: iswkciyqkcwyyyoo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: iswkciyqkcwyyyoo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wueiymqkmeqoaeoa.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wueiymqkmeqoaeoa.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wueiymqkmeqoaeoa.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wueiymqkmeqoaeoa.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wueiymqkmeqoaeoa.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: awuasceiaugcyimo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: awuasceiaugcyimo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: awuasceiaugcyimo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: awuasceiaugcyimo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: awuasceiaugcyimo.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wmgoyusqoacscaym.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wmgoyusqoacscaym.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wmgoyusqoacscaym.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wmgoyusqoacscaym.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: wmgoyusqoacscaym.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qoaqqguqascciiey.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qoaqqguqascciiey.xyz
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDNS query: qoaqqguqascciiey.xyz
Source: DNS query: ykwswkacmaqscuaw.xyz
Source: DNS query: quuicoywaeqsaqam.xyz
Source: DNS query: gawwyyweayiamauo.xyz
Source: DNS query: ggmagoysqkegguym.xyz
Source: DNS query: qosiywgcuamwuuos.xyz
Source: DNS query: ikiakwccommusayk.xyz
Source: DNS query: kuowguomwakoagem.xyz
Source: DNS query: iycyekwmcqmygiwc.xyz
Source: DNS query: wsggkemgawiyoyag.xyz
Tries to resolve many domain names, but no domain seems valid
Source: unknownDNS traffic detected: query: mmygsewuukqkiiok.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uqsqcgouceqmigcg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qgwkkkyicoqmooqu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cymymsciyaiacwgw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ykwswkacmaqscuaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uokqeaieowiogsgc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: quuicoywaeqsaqam.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qosiywgcuamwuuos.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: awuasceiaugcyimo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kouumoyqiuckkcau.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ucoweesewcwiosgw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ukgmmiakkgwgssak.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wsggkemgawiyoyag.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uowowiqiyeiuwmcc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yyyagyakeciucagk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cycscsqyqkeaykgc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gcuasoickeyqugwe.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ikiakwccommusayk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uwgicagyykoommga.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kwoesauawkouiecq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: giekgiaycwsmicgi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymmcwogyimsuqmcc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eigywisgeoiskekg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: sagqoimosegsiusq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iycyekwmcqmygiwc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ywcwqgmikmycwoeu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wueiymqkmeqoaeoa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: skekiggeimmceqcg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: keosqeosukqcooco.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: owoksuegymmgesys.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ocsqocikkcggeaaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: comuwmkimocayeeu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gawwyyweayiamauo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kuowguomwakoagem.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: syiysgiqgqggqkoc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uiggameqqycugsqw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iswkciyqkcwyyyoo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aqgmgoqcoqqkguyk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qoaqqguqascciiey.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: keoqiqigggqkcykq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wmgoyusqoacscaym.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggmagoysqkegguym.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qqmoqouykmakcwwo.xyz replaycode: Name error (3)
Source: unknownNetwork traffic detected: DNS query count 43
Source: unknownDNS traffic detected: query: mmygsewuukqkiiok.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uqsqcgouceqmigcg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qgwkkkyicoqmooqu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cymymsciyaiacwgw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ykwswkacmaqscuaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uokqeaieowiogsgc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: quuicoywaeqsaqam.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qosiywgcuamwuuos.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: awuasceiaugcyimo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kouumoyqiuckkcau.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ucoweesewcwiosgw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ukgmmiakkgwgssak.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wsggkemgawiyoyag.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uowowiqiyeiuwmcc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: yyyagyakeciucagk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cycscsqyqkeaykgc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gcuasoickeyqugwe.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ikiakwccommusayk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uwgicagyykoommga.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kwoesauawkouiecq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: giekgiaycwsmicgi.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ymmcwogyimsuqmcc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eigywisgeoiskekg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: sagqoimosegsiusq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iycyekwmcqmygiwc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ywcwqgmikmycwoeu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wueiymqkmeqoaeoa.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: skekiggeimmceqcg.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: keosqeosukqcooco.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: owoksuegymmgesys.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ocsqocikkcggeaaw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: comuwmkimocayeeu.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gawwyyweayiamauo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kuowguomwakoagem.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: syiysgiqgqggqkoc.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: uiggameqqycugsqw.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: iswkciyqkcwyyyoo.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aqgmgoqcoqqkguyk.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qoaqqguqascciiey.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: keoqiqigggqkcykq.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: wmgoyusqoacscaym.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ggmagoysqkegguym.xyz replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qqmoqouykmakcwwo.xyz replaycode: Name error (3)
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0030F890 recv,recv,12_2_0030F890
Source: global trafficDNS traffic detected: DNS query: keoqiqigggqkcykq.xyz
Source: global trafficDNS traffic detected: DNS query: cycscsqyqkeaykgc.xyz
Source: global trafficDNS traffic detected: DNS query: uowowiqiyeiuwmcc.xyz
Source: global trafficDNS traffic detected: DNS query: uokqeaieowiogsgc.xyz
Source: global trafficDNS traffic detected: DNS query: mmygsewuukqkiiok.xyz
Source: global trafficDNS traffic detected: DNS query: owoksuegymmgesys.xyz
Source: global trafficDNS traffic detected: DNS query: skekiggeimmceqcg.xyz
Source: global trafficDNS traffic detected: DNS query: ocsqocikkcggeaaw.xyz
Source: global trafficDNS traffic detected: DNS query: uwgicagyykoommga.xyz
Source: global trafficDNS traffic detected: DNS query: uiggameqqycugsqw.xyz
Source: global trafficDNS traffic detected: DNS query: keosqeosukqcooco.xyz
Source: global trafficDNS traffic detected: DNS query: ymmcwogyimsuqmcc.xyz
Source: global trafficDNS traffic detected: DNS query: aqgmgoqcoqqkguyk.xyz
Source: global trafficDNS traffic detected: DNS query: yyyagyakeciucagk.xyz
Source: global trafficDNS traffic detected: DNS query: comuwmkimocayeeu.xyz
Source: global trafficDNS traffic detected: DNS query: kouumoyqiuckkcau.xyz
Source: global trafficDNS traffic detected: DNS query: qgwkkkyicoqmooqu.xyz
Source: global trafficDNS traffic detected: DNS query: syiysgiqgqggqkoc.xyz
Source: global trafficDNS traffic detected: DNS query: cymymsciyaiacwgw.xyz
Source: global trafficDNS traffic detected: DNS query: eigywisgeoiskekg.xyz
Source: global trafficDNS traffic detected: DNS query: ywcwqgmikmycwoeu.xyz
Source: global trafficDNS traffic detected: DNS query: ucoweesewcwiosgw.xyz
Source: global trafficDNS traffic detected: DNS query: uqsqcgouceqmigcg.xyz
Source: global trafficDNS traffic detected: DNS query: kwoesauawkouiecq.xyz
Source: global trafficDNS traffic detected: DNS query: gcuasoickeyqugwe.xyz
Source: global trafficDNS traffic detected: DNS query: ukgmmiakkgwgssak.xyz
Source: global trafficDNS traffic detected: DNS query: qqmoqouykmakcwwo.xyz
Source: global trafficDNS traffic detected: DNS query: giekgiaycwsmicgi.xyz
Source: global trafficDNS traffic detected: DNS query: sagqoimosegsiusq.xyz
Source: global trafficDNS traffic detected: DNS query: iswkciyqkcwyyyoo.xyz
Source: global trafficDNS traffic detected: DNS query: wueiymqkmeqoaeoa.xyz
Source: global trafficDNS traffic detected: DNS query: awuasceiaugcyimo.xyz
Source: global trafficDNS traffic detected: DNS query: wmgoyusqoacscaym.xyz
Source: global trafficDNS traffic detected: DNS query: qoaqqguqascciiey.xyz
Source: global trafficDNS traffic detected: DNS query: ykwswkacmaqscuaw.xyz
Source: global trafficDNS traffic detected: DNS query: quuicoywaeqsaqam.xyz
Source: global trafficDNS traffic detected: DNS query: gawwyyweayiamauo.xyz
Source: global trafficDNS traffic detected: DNS query: ggmagoysqkegguym.xyz
Source: global trafficDNS traffic detected: DNS query: qosiywgcuamwuuos.xyz
Source: global trafficDNS traffic detected: DNS query: ikiakwccommusayk.xyz
Source: global trafficDNS traffic detected: DNS query: kuowguomwakoagem.xyz
Source: global trafficDNS traffic detected: DNS query: iycyekwmcqmygiwc.xyz
Source: global trafficDNS traffic detected: DNS query: wsggkemgawiyoyag.xyz
Source: C:\Windows\SysWOW64\icacls.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Windows\SysWOW64\expand.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4e56b8.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{657A7792-FE38-4F52-8CFA-BFF02084F4D8}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4e56b9.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4e56b9.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA47A.tmpJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Windows\Logs\DPX\setupact.logJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Windows\Logs\DPX\setuperr.logJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\4e56b9.ipiJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002A193012_2_002A1930
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003BBB7012_2_003BBB70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00316E1012_2_00316E10
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026100012_2_00261000
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036207012_2_00362070
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036806012_2_00368060
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003A806012_2_003A8060
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028804012_2_00288040
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026F05012_2_0026F050
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003220A012_2_003220A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003780A012_2_003780A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0038E0A012_2_0038E0A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034809012_2_00348090
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002ED09012_2_002ED090
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035E0E012_2_0035E0E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F50F012_2_002F50F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0033C0D012_2_0033C0D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0037F0D012_2_0037F0D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039613012_2_00396130
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F612012_2_002F6120
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0030912012_2_00309120
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0030F12012_2_0030F120
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029A10012_2_0029A100
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031614012_2_00316140
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F315012_2_002F3150
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002851A012_2_002851A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003121A012_2_003121A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026A1B012_2_0026A1B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F71B012_2_002F71B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0030119012_2_00301190
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026518012_2_00265180
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034E1F012_2_0034E1F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0027E1F012_2_0027E1F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CA1F012_2_002CA1F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0027D1C012_2_0027D1C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003921D012_2_003921D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003BB1D012_2_003BB1D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034323012_2_00343230
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036121012_2_00361210
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0033620012_2_00336200
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028621012_2_00286210
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029326012_2_00293260
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026C27012_2_0026C270
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0038226012_2_00382260
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0032724012_2_00327240
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002FF25012_2_002FF250
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003372B012_2_003372B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003752B012_2_003752B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003A52A012_2_003A52A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034729012_2_00347290
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0037328012_2_00373280
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028029012_2_00280290
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036E2F012_2_0036E2F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003B12E012_2_003B12E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002FE2F012_2_002FE2F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003892D012_2_003892D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003A32D012_2_003A32D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035F33012_2_0035F330
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0033032012_2_00330320
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F433012_2_002F4330
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0030631012_2_00306310
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039131012_2_00391310
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002A131012_2_002A1310
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003B030012_2_003B0300
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034437012_2_00344370
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035337012_2_00353370
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002C536012_2_002C5360
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036536012_2_00365360
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031E35012_2_0031E350
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0027135012_2_00271350
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003633B012_2_003633B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003723A012_2_003723A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003BC3A012_2_003BC3A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002DD39012_2_002DD390
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003483F012_2_003483F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003B53C012_2_003B53C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002B942012_2_002B9420
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0037B42012_2_0037B420
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0037042012_2_00370420
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034141012_2_00341410
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026240012_2_00262400
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F640012_2_002F6400
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0033F40012_2_0033F400
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036F47012_2_0036F470
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036A47012_2_0036A470
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002FC46012_2_002FC460
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0032F45012_2_0032F450
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003B845012_2_003B8450
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034A44012_2_0034A440
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026E4B012_2_0026E4B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029948012_2_00299480
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0032048012_2_00320480
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CA4E012_2_002CA4E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003944E012_2_003944E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003034D012_2_003034D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035E4C012_2_0035E4C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002874D012_2_002874D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E653012_2_002E6530
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002EC53012_2_002EC530
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003FC51312_2_003FC513
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0032E50012_2_0032E500
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026A51012_2_0026A510
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028C56012_2_0028C560
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F954012_2_002F9540
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036454012_2_00364540
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034659012_2_00346590
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035258012_2_00352580
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F159012_2_002F1590
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F85E012_2_002F85E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E363012_2_003E3630
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034062012_2_00340620
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029060012_2_00290600
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031460012_2_00314600
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0032766012_2_00327660
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039066012_2_00390660
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003046B012_2_003046B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039D69012_2_0039D690
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039869012_2_00398690
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002EB68012_2_002EB680
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039F68012_2_0039F680
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003AA68012_2_003AA680
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035A6F012_2_0035A6F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002856E012_2_002856E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003FD6ED12_2_003FD6ED
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003796D012_2_003796D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003746C012_2_003746C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002826D012_2_002826D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026B71012_2_0026B710
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003B770012_2_003B7700
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034C76012_2_0034C760
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029B77012_2_0029B770
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E676012_2_003E6760
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039375012_2_00393750
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003A475012_2_003A4750
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003087B012_2_003087B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003427B012_2_003427B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002C77B012_2_002C77B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E479012_2_002E4790
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003417F012_2_003417F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003847F012_2_003847F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002FE7E012_2_002FE7E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F07C012_2_002F07C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034E7C012_2_0034E7C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0030B82012_2_0030B820
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036F82012_2_0036F820
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002A083012_2_002A0830
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E883012_2_002E8830
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E286012_2_002E2860
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0033486012_2_00334860
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CD87012_2_002CD870
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CF87012_2_002CF870
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003778A012_2_003778A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003948A012_2_003948A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029A8B012_2_0029A8B0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CA88012_2_002CA880
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0038E88012_2_0038E880
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003B988012_2_003B9880
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003188E012_2_003188E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003608E012_2_003608E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E08F012_2_002E08F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003ED8DD12_2_003ED8DD
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003758D012_2_003758D0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003618C012_2_003618C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0037B93012_2_0037B930
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026A93012_2_0026A930
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039A91012_2_0039A910
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002FF91012_2_002FF910
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0037896012_2_00378960
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002C897012_2_002C8970
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036295012_2_00362950
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036795012_2_00367950
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002719A012_2_002719A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003259A012_2_003259A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003A59A012_2_003A59A0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031098012_2_00310980
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002D699012_2_002D6990
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035F9F012_2_0035F9F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003639F012_2_003639F0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0036A9E012_2_0036A9E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003BA9E012_2_003BA9E0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E69C012_2_002E69C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039F9C012_2_0039F9C0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026FA2012_2_0026FA20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029CA2012_2_0029CA20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039EA1012_2_0039EA10
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00359A0012_2_00359A00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00366A7012_2_00366A70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039BA7012_2_0039BA70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00358A6012_2_00358A60
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0032BA4012_2_0032BA40
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00262A5012_2_00262A50
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00364AB012_2_00364AB0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028AAA012_2_0028AAA0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00302AA012_2_00302AA0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00354AA012_2_00354AA0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00347A9012_2_00347A90
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00372AF012_2_00372AF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00399AF012_2_00399AF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00398AE012_2_00398AE0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00285AC012_2_00285AC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031DB3012_2_0031DB30
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CBB2012_2_002CBB20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00266B6012_2_00266B60
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00281B6012_2_00281B60
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002EFB7012_2_002EFB70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00376B4012_2_00376B40
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00313BB012_2_00313BB0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0033BBB012_2_0033BBB0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002EDBB012_2_002EDBB0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00330B8012_2_00330B80
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002D9BE012_2_002D9BE0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00381BE012_2_00381BE0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002B8BF012_2_002B8BF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00370BC012_2_00370BC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00336C3012_2_00336C30
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00365C3012_2_00365C30
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00389C3012_2_00389C30
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003A3C3012_2_003A3C30
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00341C1012_2_00341C10
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028EC0012_2_0028EC00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00289C1012_2_00289C10
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00393C0012_2_00393C00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00265C6012_2_00265C60
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00397C7012_2_00397C70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F5C6012_2_002F5C60
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00350C5012_2_00350C50
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00356C5012_2_00356C50
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00272C4012_2_00272C40
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002F8C4012_2_002F8C40
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003B8C4012_2_003B8C40
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034DCB012_2_0034DCB0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002D0C8512_2_002D0C85
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CCC8012_2_002CCC80
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E5C9012_2_002E5C90
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028FCF012_2_0028FCF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00292CF012_2_00292CF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002FACF012_2_002FACF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F8CD612_2_003F8CD6
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00319CC012_2_00319CC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031ACC012_2_0031ACC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003A0CC012_2_003A0CC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00283D2012_2_00283D20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00315D0012_2_00315D00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0037AD0012_2_0037AD00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E3D6012_2_002E3D60
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002D8D7012_2_002D8D70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00374D4012_2_00374D40
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E0D5012_2_002E0D50
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F8D8E12_2_003F8D8E
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034BDF012_2_0034BDF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00314DE012_2_00314DE0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0026BDC012_2_0026BDC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00395DD012_2_00395DD0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00345E2012_2_00345E20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0032CE0012_2_0032CE00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00261E1012_2_00261E10
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039AE0012_2_0039AE00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0035CE7012_2_0035CE70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0034FE6012_2_0034FE60
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031EE5012_2_0031EE50
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00355EB012_2_00355EB0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0038FEA012_2_0038FEA0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002C4EB012_2_002C4EB0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E4EF012_2_002E4EF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0030AED012_2_0030AED0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00341EC012_2_00341EC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00349F2012_2_00349F20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00368F2012_2_00368F20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00362F1012_2_00362F10
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00387F1012_2_00387F10
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002A0F0012_2_002A0F00
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003ECF7012_2_003ECF70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002CEF7012_2_002CEF70
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002C9F5012_2_002C9F50
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002FCFA012_2_002FCFA0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00267F9012_2_00267F90
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0039DF8012_2_0039DF80
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0033EFF012_2_0033EFF0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002C7FE012_2_002C7FE0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_002E1FC012_2_002E1FC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0031CFC012_2_0031CFC0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00271FD012_2_00271FD0
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003ADFC012_2_003ADFC0
Source: Joe Sandbox ViewDropped File: C:\Windows\Installer\MSIA47A.tmp FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: String function: 003E2050 appears 45 times
Source: classification engineClassification label: mal72.troj.evad.winMSI@10/10@171/0
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\~DFE27F110D89ED2B70.TMPJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeConsole Write: ....................T........... 4......(.P.....................................................0.................................#.......#.....Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exeConsole Write: ....................T........... 4......(.P.....................................................0.......................v.......................Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\msiwrapper.iniJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: 510286.msiReversingLabs: Detection: 34%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\510286.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0E851BF32976718622E9865433C40305
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe" /VERYSILENT /VERYSILENT
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0E851BF32976718622E9865433C40305Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe" /VERYSILENT /VERYSILENT Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: bcrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rpcrtremote.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: devrtl.dllJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: dpx.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: wdscore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: wow64win.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: wow64cpu.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\msiwrapper.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 510286.msiStatic file information: File size 1916928 > 1048576
Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: 510286.msi, MSIA47A.tmp.2.dr, 4e56b8.msi.2.dr
Source: 5d1f88a19781ab44b7fb4dbf9087fc72.tmp.8.drStatic PE information: section name: .00cfg
Source: 5d1f88a19781ab44b7fb4dbf9087fc72.tmp.8.drStatic PE information: section name: .voltbl
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E220A push ecx; ret 12_2_003E221D
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028B490 push eax; mov dword ptr [esp], ecx12_2_0028B493
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_00280840 push eax; mov dword ptr [esp], ecx12_2_00280845
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0028BD00 push eax; mov dword ptr [esp], ecx12_2_0028BD05
Source: 5d1f88a19781ab44b7fb4dbf9087fc72.tmp.8.drStatic PE information: section name: .text entropy: 7.003907095799893
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA47A.tmpJump to dropped file
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\$dpx$.tmp\5d1f88a19781ab44b7fb4dbf9087fc72.tmpJump to dropped file
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA47A.tmpJump to dropped file
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Windows\Logs\DPX\setupact.logJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Windows\Logs\DPX\setuperr.logJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisherJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestoreJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA47A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_12-71760
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeAPI coverage: 9.0 %
Source: C:\Windows\System32\msiexec.exe TID: 3652Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Windows\System32\msiexec.exe TID: 3688Thread sleep time: -360000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe TID: 3988Thread sleep time: -120000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe TID: 2692Thread sleep count: 64 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe TID: 2692Thread sleep time: -38400000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe TID: 2692Thread sleep count: 39 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe TID: 2692Thread sleep count: 90 > 30Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe TID: 2692Thread sleep time: -600000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F824E _free,_free,FindFirstFileExW,_free,12_2_003F824E
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F82FF FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,12_2_003F82FF
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeThread delayed: delay time: 600000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_12-71768
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E9C5A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_003E9C5A
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F5A36 mov eax, dword ptr fs:[00000030h]12_2_003F5A36
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E7448 mov eax, dword ptr fs:[00000030h]12_2_003E7448
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003F5A05 mov eax, dword ptr fs:[00000030h]12_2_003F5A05
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_0029CA20 GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,12_2_0029CA20
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E1C3B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_003E1C3B
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E9C5A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_003E9C5A
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E1ED6 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_003E1ED6
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0E851BF32976718622E9865433C40305Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe" /VERYSILENT /VERYSILENT Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E1C63 cpuid 12_2_003E1C63
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: EnumSystemLocalesW,12_2_003F351D
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,12_2_003F7567
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: EnumSystemLocalesW,12_2_003F77BD
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,12_2_003F7858
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: EnumSystemLocalesW,12_2_003F7AAB
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: GetLocaleInfoW,12_2_003F7B0A
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: EnumSystemLocalesW,12_2_003F7BDF
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: GetLocaleInfoW,12_2_003F7C2A
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,12_2_003F7CD1
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: GetLocaleInfoW,12_2_003F7DD7
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: GetLocaleInfoW,12_2_003F2F43
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exeCode function: 12_2_003E26F8 GetSystemTimeAsFileTime,12_2_003E26F8

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		2
Windows Service		2
Windows Service		3
Obfuscated Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable Media1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Services File Permissions Weakness		11
Process Injection		1
Software Packing		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Services File Permissions Weakness		1
DLL Side-Loading		NTDS33
System Information Discovery		Distributed Component Object ModelInput Capture1
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA Secrets22
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Masquerading		Cached Domain Credentials1
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items121
Virtualization/Sandbox Evasion		DCSync121
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
Process Injection		Proc Filesystem1
Remote System Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Services File Permissions Weakness		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
510286.msi34%ReversingLabsWin32.Worm.Zomon

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\$dpx$.tmp\5d1f88a19781ab44b7fb4dbf9087fc72.tmp29%ReversingLabsWin32.Worm.Zomon
C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe (copy)29%ReversingLabsWin32.Worm.Zomon
C:\Windows\Installer\MSIA47A.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
aqgmgoqcoqqkguyk.xyz
unknown
unknownfalse
    		high
    wsggkemgawiyoyag.xyz
    		unknown
    		unknownfalse
      		high
      gawwyyweayiamauo.xyz
      		unknown
      		unknownfalse
        		high
        uwgicagyykoommga.xyz
        		unknown
        		unknownfalse
          		high
          keoqiqigggqkcykq.xyz
          		unknown
          		unknownfalse
            		high
            comuwmkimocayeeu.xyz
            		unknown
            		unknownfalse
              		high
              kwoesauawkouiecq.xyz
              		unknown
              		unknownfalse
                		high
                wueiymqkmeqoaeoa.xyz
                		unknown
                		unknownfalse
                  		high
                  giekgiaycwsmicgi.xyz
                  		unknown
                  		unknownfalse
                    		high
                    skekiggeimmceqcg.xyz
                    		unknown
                    		unknownfalse
                      		high
                      cycscsqyqkeaykgc.xyz
                      		unknown
                      		unknownfalse
                        		high
                        ggmagoysqkegguym.xyz
                        		unknown
                        		unknownfalse
                          		high
                          wmgoyusqoacscaym.xyz
                          		unknown
                          		unknownfalse
                            		high
                            qosiywgcuamwuuos.xyz
                            		unknown
                            		unknownfalse
                              		high
                              qgwkkkyicoqmooqu.xyz
                              		unknown
                              		unknownfalse
                                		high
                                ykwswkacmaqscuaw.xyz
                                		unknown
                                		unknownfalse
                                  		high
                                  owoksuegymmgesys.xyz
                                  		unknown
                                  		unknownfalse
                                    		high
                                    kouumoyqiuckkcau.xyz
                                    		unknown
                                    		unknownfalse
                                      		high
                                      uokqeaieowiogsgc.xyz
                                      		unknown
                                      		unknownfalse
                                        		high
                                        qqmoqouykmakcwwo.xyz
                                        		unknown
                                        		unknownfalse
                                          		high
                                          kuowguomwakoagem.xyz
                                          		unknown
                                          		unknownfalse
                                            		high
                                            gcuasoickeyqugwe.xyz
                                            		unknown
                                            		unknownfalse
                                              		high
                                              ikiakwccommusayk.xyz
                                              		unknown
                                              		unknownfalse
                                                		high
                                                qoaqqguqascciiey.xyz
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  iycyekwmcqmygiwc.xyz
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    ywcwqgmikmycwoeu.xyz
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      awuasceiaugcyimo.xyz
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        uowowiqiyeiuwmcc.xyz
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          ocsqocikkcggeaaw.xyz
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            eigywisgeoiskekg.xyz
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              ucoweesewcwiosgw.xyz
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                iswkciyqkcwyyyoo.xyz
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  mmygsewuukqkiiok.xyz
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high
                                                                    uqsqcgouceqmigcg.xyz
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		high
                                                                      syiysgiqgqggqkoc.xyz
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high
                                                                        sagqoimosegsiusq.xyz
                                                                        		unknown
                                                                        		unknownfalse
                                                                          		high
                                                                          uiggameqqycugsqw.xyz
                                                                          		unknown
                                                                          		unknownfalse
                                                                            		high
                                                                            ymmcwogyimsuqmcc.xyz
                                                                            		unknown
                                                                            		unknownfalse
                                                                              		high
                                                                              keosqeosukqcooco.xyz
                                                                              		unknown
                                                                              		unknownfalse
                                                                                		high
                                                                                cymymsciyaiacwgw.xyz
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  		high
                                                                                  ukgmmiakkgwgssak.xyz
                                                                                  		unknown
                                                                                  		unknownfalse
                                                                                    		high
                                                                                    yyyagyakeciucagk.xyz
                                                                                    		unknown
                                                                                    		unknownfalse
                                                                                      		high
                                                                                      quuicoywaeqsaqam.xyz
                                                                                      		unknown
                                                                                      		unknownfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        No contacted IP infos

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1573633
                                                                                        Start date and time:2024-12-12 12:37:08 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 7m 39s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                        Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                        Number of analysed new started processes analysed:13
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:510286.msi
                                                                                        Detection:MAL
                                                                                        Classification:mal72.troj.evad.winMSI@10/10@171/0
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 72%
                                                                                        • Number of executed functions: 26
                                                                                        • Number of non-executed functions: 152
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .msi
                                                                                        • Close Viewer

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, VSSVC.exe, svchost.exe
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                        • Report size getting too big, too many NtFsControlFile calls found.
                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • VT rate limit hit for: 510286.msi

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        06:38:28API Interceptor3225x Sleep call for process: msiexec.exe modified
                                                                                        06:39:11API Interceptor1x Sleep call for process: icacls.exe modified
                                                                                        06:39:59API Interceptor465x Sleep call for process: piovbar.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        No context

                                                                                        Domains

                                                                                        No context

                                                                                        ASNs

                                                                                        No context

                                                                                        JA3 Fingerprints

                                                                                        No context

                                                                                        Dropped Files

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        C:\Windows\Installer\MSIA47A.tmp5c322c.msiGet hashmaliciousUnknownBrowse
                                                                                          33abb.msiGet hashmaliciousUnknownBrowse
                                                                                            57ff67.msiGet hashmaliciousUnknownBrowse
                                                                                              56ff7c.msiGet hashmaliciousUnknownBrowse
                                                                                                setup (2).msiGet hashmaliciousUnknownBrowse
                                                                                                  5c322c.msiGet hashmaliciousUnknownBrowse
                                                                                                    57ff67.msiGet hashmaliciousUnknownBrowse
                                                                                                      293944637.dllGet hashmaliciousUnknownBrowse
                                                                                                        setup (2).msiGet hashmaliciousUnknownBrowse
                                                                                                          setup.msiGet hashmaliciousUnknownBrowse

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files.cab

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 1607492 bytes, 1 file, at 0x2c +A "piovbar.exe", ID 56422, number 1, 20966 datablocks, 0x1503 compression
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1607492
                                                                                                            Entropy (8bit):5.3417766721206
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:RuDqXb+yZ1D/zDyOol2chNZVti0IKj1IoW16i9FQTWXkT90AKV2mq6F:R2kDzeOahNZVtRIGE6czXkTXqHF
                                                                                                            MD5:A5BB958F9FC3480A53E0E11069A295AE
                                                                                                            SHA1:B7711D41344C19C8F08A5BE0AC2AA0581D685B18
                                                                                                            SHA-256:63BE86007D54161303371B93113AF3847F5611EF8B689450DC87D95ACD130F70
                                                                                                            SHA-512:D611691F786C53AC80C0D1377630702B587AD00306E6FFB4468DB254BEE24389C584D8AAB26ACE4E635A44A2BF46B64D48C118C31A424343DF5F10C5DBE9D94C
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:MSCF....D.......,...............f...H....Q.....(......vY.( .piovbar.exe.gE.t<B..[...5 ..q.....4!.P...].aS.&+U."...uD.de.Q..J...].S.a.O.o...J....no.~.....H..(66DV#3.V...p...II..-.{..gq9....gSI.s-<..;.17{.........v7GY.....o.6I&.^1`.M.....X..Alb.7).j.5...P...$#I..J..G...:1.m,...$..........QQ...[3..3....rj.kr.f..5q.,.p.......0&@.$.iz..h.Al.!!....HyT..IY..O...Q:o.......`.... [+*c.IR./(.......w.}.y.8b..>#.c..x/y..(w>......."...])*....o..'...!..P...\...^Ea..Z..f}Am..Z.....l.S.........N...X.F/.#t+.G....0....E...IJ2.c..nX.l.7cH.....\w.O78.....o.7#d..Z|....=.@.....3......M.(..,-.6..4..F..D.3fHs........g.1..W..o.sR@.....p.'|..........Op..{..g..:.....?.i..|.~..;f....gM..H....E.w...B.GV.[)(....I..7#C..v.2>5....S'..4T....ZB#..eX=....a.eJ.um).G..[....m.E.7....i.._../...}0P.......Kl.|..A.q.A_-.j:.S........M.D..+"..{...tr.a.n.|.G.N..Cy..a....(:..<...{+c.4.T........bP.S..,\...ZxbC..#..q.@;..54:.`>T..[P.K5....,..t......x._..{....m..H..}I..EI..].@....K..%.......

                                                                                                            C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\$dpx$.tmp\5d1f88a19781ab44b7fb4dbf9087fc72.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\expand.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):686991360
                                                                                                            Entropy (8bit):0.04482822786563126
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:
                                                                                                            MD5:53215D6E26A13C7586B33498909E0B93
                                                                                                            SHA1:6A4930F1EF541E2F9BC3C0B8E69697152D3E5C46
                                                                                                            SHA-256:184713EAEAB72CA8371B81851960D43AE0C2C97FD38B833CE75FA3112A9D2741
                                                                                                            SHA-512:B3D07375A6F0D8DCAA9B2F492C58BEBC93211E8EBD8F87819196D2C705497196365FD4CE6DCEFE39E1477B1926642E2432A74F21096A8469682EE0004DF062C4
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 29%
                                                                                                            Reputation:low
                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....@g.............................*............@...................................(..@.....................................x....P.............................................................0M..............@................................text............................... ..`.rdata..d.... ... ..................@..@.data........@...>...(..............@....00cfg....... .......f..............@..@.tls.........0.......h..............@....voltbl.,....@.......j...................rsrc.......P.......l..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe (copy)

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\expand.exe
                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):686991360
                                                                                                            Entropy (8bit):0.04482822786563126
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:
                                                                                                            MD5:53215D6E26A13C7586B33498909E0B93
                                                                                                            SHA1:6A4930F1EF541E2F9BC3C0B8E69697152D3E5C46
                                                                                                            SHA-256:184713EAEAB72CA8371B81851960D43AE0C2C97FD38B833CE75FA3112A9D2741
                                                                                                            SHA-512:B3D07375A6F0D8DCAA9B2F492C58BEBC93211E8EBD8F87819196D2C705497196365FD4CE6DCEFE39E1477B1926642E2432A74F21096A8469682EE0004DF062C4
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 29%
                                                                                                            Reputation:low
                                                                                                            Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....@g.............................*............@...................................(..@.....................................x....P.............................................................0M..............@................................text............................... ..`.rdata..d.... ... ..................@..@.data........@...>...(..............@....00cfg....... .......f..............@..@.tls.........0.......h..............@....voltbl.,....@.......j...................rsrc.......P.......l..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\msiwrapper.ini

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1600
                                                                                                            Entropy (8bit):3.733031324736613
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:LKAIrypZJFxjPxPiQjPxPiB5S7jPxPijWmUP:EypfPZiMPZiBofPZijMP
                                                                                                            MD5:9A4E53A2AA03F4C77692E5DE592BE2DE
                                                                                                            SHA1:16557B598371D760D816109AFB42FB1C8F302E8C
                                                                                                            SHA-256:9D7C8C799FA065A84D17D1E6CABAE2D05C06518790B8D2BD8DE382F4CEEC03EB
                                                                                                            SHA-512:8B8A24A7B85BD1C8A2C1DED5052C463C2EF08AD5F6CC7AD40FF45CA29494D7D4E5ED9623A6C6095B264FD2860C4C65A90372C87DCDB9B2DE03471E15A737EAF9
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:W.r.a.p.p.e.d.A.p.p.l.i.c.a.t.i.o.n.I.d.=.G.o.o.g.l.e. .C.h.r.o.m.e...W.r.a.p.p.e.d.R.e.g.i.s.t.r.a.t.i.o.n.=.N.o.n.e...I.n.s.t.a.l.l.S.u.c.c.e.s.s.C.o.d.e.s.=.0...E.l.e.v.a.t.i.o.n.M.o.d.e.=.n.e.v.e.r...B.a.s.e.N.a.m.e.=.p.i.o.v.b.a.r...e.x.e...C.a.b.H.a.s.h.=.6.3.b.e.8.6.0.0.7.d.5.4.1.6.1.3.0.3.3.7.1.b.9.3.1.1.3.a.f.3.8.4.7.f.5.6.1.1.e.f.8.b.6.8.9.4.5.0.d.c.8.7.d.9.5.a.c.d.1.3.0.f.7.0...S.e.t.u.p.P.a.r.a.m.e.t.e.r.s.=./.V.E.R.Y.S.I.L.E.N.T. . ./.V.E.R.Y.S.I.L.E.N.T. ...W.o.r.k.i.n.g.D.i.r.=...C.u.r.r.e.n.t.D.i.r.=.*.S.O.U.R.C.E.D.I.R.*...U.I.L.e.v.e.l.=.5...F.o.c.u.s.=.y.e.s...S.e.s.s.i.o.n.D.i.r.=.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.c.9.2.4.f.3.d.7.-.8.0.0.4.-.4.e.1.e.-.8.9.9.2.-.5.f.2.2.3.2.4.3.4.8.4.f.\...F.i.l.e.s.D.i.r.=.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.M.W.-.c.9.2.4.f.3.d.7.-.8.0.0.4.-.4.e.1.e.-.8.9.9.2.-.5.f.2.2.3.2.4.3.4.8.4.f.\.f.i.l.e.s.\...R.u.n.B.e.f.o.r.e.I.n.s.t.a.l.l.F.i.l.e.=...R.u.n.B.e.f.o.r.e.

                                                                                                            C:\Users\user\AppData\Local\Temp\~DFCABEAC1D04C4699C.TMP

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):69632
                                                                                                            Entropy (8bit):0.12064363393626824
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:RR0ZJfAebfddipV7sddipVlVIwG/lrkg9Sy+q+:XorfddSBsddSH4rr4
                                                                                                            MD5:A7005B7D676638887B8B8422BB0D3B47
                                                                                                            SHA1:0DD9B9D065C63F9E33CE8218B10DF71389F4287F
                                                                                                            SHA-256:9E8DA72FBA9ABBA78438B78E0D43146CD659E62CCF75188868D5779B65E8838A
                                                                                                            SHA-512:F8D404D5E0EBAB9C44C57589879F5F0FB7A49EB2EE6CDDED3FE0E37F2EC9780427326A4F429D7D52A41D30294E848A3A19CD7DC187FD141164C530583A546F95
                                                                                                            Malicious:false
                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\~DFE27F110D89ED2B70.TMP

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):32768
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3::
                                                                                                            MD5:BB7DF04E1B0A2570657527A7E108AE23
                                                                                                            SHA1:5188431849B4613152FD7BDBA6A3FF0A4FD6424B
                                                                                                            SHA-256:C35020473AED1B4642CD726CAD727B63FFF2824AD68CEDD7FFB73C7CBD890479
                                                                                                            SHA-512:768007E06B0CD9E62D50F458B9435C6DDA0A6D272F0B15550F97C478394B743331C3A9C9236E09AB5B9CB3B423B2320A5D66EB3C7068DB9EA37891CA40E47012
                                                                                                            Malicious:false
                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Windows\Installer\4e56b8.msi

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google Chrome 131.0.6778.86, Subject: Google Chrome, Author: Google LLC, Keywords: Installer, Template: Intel;1033, Revision Number: {1CF6D937-F408-46DC-B701-F988F63DA741}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1916928
                                                                                                            Entropy (8bit):5.653008101462768
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:wt9cpVDhnsV2kDzeOahNZVtRIGE6czXkTXqH:vpRhnlazeOahNZVtaGPcx
                                                                                                            MD5:66B16B0E40121DE05FC889765A9A2F54
                                                                                                            SHA1:72BBD8CDA91693A0F655C67B0E2E9F86EFAECC73
                                                                                                            SHA-256:E158310CB13D1A48304D68DFD83447C4208F27E03F4F13D6A2184364A7C174E4
                                                                                                            SHA-512:0BDDD047A67D76BBA80514138EE591F4B3B47FFC7240B2BBF5F2260C34E0C333F7C4A8A967AE76631187EF4988E4AA9A0AF9C585C0202C1534C2144779456C33
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Windows\Installer\4e56b9.ipi

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):20480
                                                                                                            Entropy (8bit):1.541516949460994
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:JJz3/jJcNvfmUgX0buR8hfyJ+lddipVlVIwG/lrkg9SCddipV7eJfAebN0K:77ONvlgEbucMaddSH4rbddSBerN
                                                                                                            MD5:D88A299E69F8987470156F1A4712784A
                                                                                                            SHA1:3B68BB2268E5FFAF05AE8EE71AA3AC36EB6FF721
                                                                                                            SHA-256:E82BA6A368B2E30A6929B0EA7F0A8466676DB6706D979AE11772651CC4C10419
                                                                                                            SHA-512:A50406B2B34C59F97805E6DC012EBE665661432ADF696C99158CB65AEB8755729A69FEDC403B35546F40C302C9DB9A0FC9BE69A8518251EB029F1BA3A9CC0DA6
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Windows\Installer\MSIA47A.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):212992
                                                                                                            Entropy (8bit):6.513409725320959
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3072:xspAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCL42loHUvU0yGxr5GqM2a8:jtOdiRQYpgjpjew5DHyGxcqo8
                                                                                                            MD5:0C8921BBCC37C6EFD34FAF44CF3B0CB5
                                                                                                            SHA1:DCFA71246157EDCD09EECAF9D4C5E360B24B3E49
                                                                                                            SHA-256:FD622CF73EA951A6DE631063ABA856487D77745DD1500ADCA61902B8DDE56FE1
                                                                                                            SHA-512:ED55443E20D40CCA90596F0A0542FA5AB83FE0270399ADFAAFD172987FB813DFD44EC0DA0A58C096AF3641003F830341FE259AD5BCE9823F238AE63B7E11E108
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Joe Sandbox View:
                                                                                                            • Filename: 5c322c.msi, Detection: malicious, Browse
                                                                                                            • Filename: 33abb.msi, Detection: malicious, Browse
                                                                                                            • Filename: 57ff67.msi, Detection: malicious, Browse
                                                                                                            • Filename: 56ff7c.msi, Detection: malicious, Browse
                                                                                                            • Filename: setup (2).msi, Detection: malicious, Browse
                                                                                                            • Filename: 5c322c.msi, Detection: malicious, Browse
                                                                                                            • Filename: 57ff67.msi, Detection: malicious, Browse
                                                                                                            • Filename: 293944637.dll, Detection: malicious, Browse
                                                                                                            • Filename: setup (2).msi, Detection: malicious, Browse
                                                                                                            • Filename: setup.msi, Detection: malicious, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............p...p...p.......p.....p..../.p.......p...q.%.p.......p.....p.....p.Rich..p.........................PE..L...Y..e...........!.....h..........K................................................]....@.........................P...]............P.......................`.....................................p...@...............t............................text....f.......h.................. ..`.rdata...............l..............@..@.data....5..........................@....rsrc........P......................@..@.reloc...)...`...*..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Windows\Installer\SourceHash{657A7792-FE38-4F52-8CFA-BFF02084F4D8}

                                                                                                            Download File
                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):49152
                                                                                                            Entropy (8bit):0.7685666629375059
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12:JSbX72FjyAGiLIlHVRpth/7777777777777777777777777vDHFFCitWN1XpSl0G:J0QI5pnC+WN1ZF
                                                                                                            MD5:F09F2A44AEEED13654181AC8F726EA59
                                                                                                            SHA1:550DFC5C8E776942834483CADE0690FC5878597E
                                                                                                            SHA-256:E600CD1FD9C316511E6482F536E04748CB78990577A3E0D18E830EC4078A48C7
                                                                                                            SHA-512:B05BC85EEE2AA97542CC4868BDC52E041644AFCA936539414E79C8BDC9D0680F83321565002D983FC0B8708637D2194D414139D1EB51C34F118C2F86C3C83C9C
                                                                                                            Malicious:false
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Google Chrome 131.0.6778.86, Subject: Google Chrome, Author: Google LLC, Keywords: Installer, Template: Intel;1033, Revision Number: {1CF6D937-F408-46DC-B701-F988F63DA741}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 12, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2
                                                                                                            Entropy (8bit):5.653008101462768
                                                                                                            TrID:
                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                            File name:510286.msi
                                                                                                            File size:1'916'928 bytes
                                                                                                            MD5:66b16b0e40121de05fc889765a9a2f54
                                                                                                            SHA1:72bbd8cda91693a0f655c67b0e2e9f86efaecc73
                                                                                                            SHA256:e158310cb13d1a48304d68dfd83447c4208f27e03f4f13d6a2184364a7c174e4
                                                                                                            SHA512:0bddd047a67d76bba80514138ee591f4b3b47ffc7240b2bbf5f2260c34e0c333f7c4a8a967ae76631187ef4988e4aa9a0af9c585c0202c1534c2144779456c33
                                                                                                            SSDEEP:24576:wt9cpVDhnsV2kDzeOahNZVtRIGE6czXkTXqH:vpRhnlazeOahNZVtaGPcx
                                                                                                            TLSH:EA9556D13784D027E95B09318EABC79D9729FC91AA30B08B7760B76E0B3ADD35E61701
                                                                                                            File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                            File Icon

                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                            Network Behavior

                                                                                                            Network Port Distribution

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Dec 12, 2024 12:40:05.617984056 CET5456253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:05.767860889 CET53545628.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:05.768069029 CET5456253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:05.902082920 CET53545628.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:05.902261972 CET5456253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:06.024940014 CET53545628.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:06.025197029 CET5456253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:06.174362898 CET53545628.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:06.174541950 CET5456253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:06.312139988 CET53545628.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:06.385237932 CET5291753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:06.535701036 CET53529178.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:06.537393093 CET5291753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:06.671611071 CET53529178.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:06.671930075 CET5291753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:06.820893049 CET53529178.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:06.821444988 CET5291753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:06.955480099 CET53529178.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:06.957489967 CET5291753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:07.080159903 CET53529178.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:07.160087109 CET6275153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:07.311295033 CET53627518.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:07.318886042 CET6275153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:07.468141079 CET53627518.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:07.474548101 CET6275153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:07.609009027 CET53627518.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:07.650171041 CET6275153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:07.784755945 CET53627518.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:07.786046028 CET6275153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:07.908916950 CET53627518.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:07.926136971 CET5789353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:08.075520992 CET53578938.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:08.081731081 CET5789353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:08.216084957 CET53578938.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:08.223547935 CET5789353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:08.373312950 CET53578938.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:08.373538017 CET5789353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:08.496439934 CET53578938.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:08.496599913 CET5789353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:08.631483078 CET53578938.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:08.646361113 CET5482153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:08.796926022 CET53548218.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:08.797087908 CET5482153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:08.947171926 CET53548218.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:08.947361946 CET5482153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:09.095972061 CET53548218.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:09.096138000 CET5482153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:09.230384111 CET53548218.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:09.230556965 CET5482153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:09.470392942 CET53548218.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:09.519339085 CET5471953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:09.668528080 CET53547198.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:09.668708086 CET5471953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:09.803478956 CET53547198.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:09.803661108 CET5471953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:09.937891960 CET53547198.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:09.938067913 CET5471953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:10.088445902 CET53547198.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:10.088756084 CET5471953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:10.222949028 CET53547198.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:10.280075073 CET4988153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:10.429691076 CET53498818.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:10.429858923 CET4988153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:10.578922033 CET53498818.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:10.595530987 CET4988153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:10.729835033 CET53498818.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:10.740828037 CET4988153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:10.875019073 CET53498818.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:10.906016111 CET4988153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:11.040235996 CET53498818.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:11.236825943 CET5499853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:11.387042046 CET53549988.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:11.387213945 CET5499853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:11.536875963 CET53549988.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:11.537096024 CET5499853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:11.671125889 CET53549988.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:11.671312094 CET5499853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:11.805398941 CET53549988.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:11.805628061 CET5499853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:11.940567017 CET53549988.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:12.015597105 CET5278153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:12.165050983 CET53527818.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:12.175468922 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:12.324883938 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:12.326093912 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:12.461632967 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:12.465075970 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:12.600056887 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:12.600265026 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:12.735328913 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:12.736351967 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:12.886212111 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:13.000786066 CET6551053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:13.150235891 CET53655108.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:13.150437117 CET6551053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:13.284934998 CET53655108.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:13.285126925 CET6551053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:13.435066938 CET53655108.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:13.435256958 CET6551053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:13.569766998 CET53655108.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:13.589447021 CET6551053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:13.739357948 CET53655108.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:13.861953974 CET6267253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:14.012588024 CET53626728.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:14.012774944 CET6267253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:14.163295031 CET53626728.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:14.166580915 CET6267253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:14.318216085 CET53626728.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:14.318401098 CET6267253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:14.452661037 CET53626728.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:14.452847004 CET6267253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:14.586779118 CET53626728.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:14.713777065 CET5647553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:14.863914967 CET53564758.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:14.864250898 CET5647553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:15.013474941 CET53564758.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:15.013744116 CET5647553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:15.147933006 CET53564758.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:15.148140907 CET5647553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:15.271961927 CET53564758.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:15.272129059 CET5647553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:15.406774998 CET53564758.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:15.463749886 CET4938453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:15.612654924 CET53493848.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:15.612921000 CET4938453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:15.764647007 CET53493848.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:15.764842987 CET4938453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:15.915807009 CET53493848.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:15.916194916 CET4938453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:16.050331116 CET53493848.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:16.050924063 CET4938453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:16.184981108 CET53493848.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:16.211343050 CET5484253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:16.361700058 CET53548428.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:16.362188101 CET5484253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:16.512882948 CET53548428.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:16.513044119 CET5484253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:16.647592068 CET53548428.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:16.664797068 CET5484253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:16.799441099 CET53548428.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:17.077538013 CET5484253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:17.212025881 CET53548428.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:17.375777960 CET5810553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:17.526949883 CET53581058.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:17.527172089 CET5810553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:17.677182913 CET53581058.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:17.677402020 CET5810553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:17.827692986 CET53581058.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:17.827948093 CET5810553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:17.978070021 CET53581058.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:17.978276014 CET5810553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:18.112718105 CET53581058.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:18.248747110 CET6492853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:18.399113894 CET53649288.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:18.399308920 CET6492853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:18.549232960 CET53649288.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:18.549417019 CET6492853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:18.698386908 CET53649288.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:18.698556900 CET6492853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:18.832947016 CET53649288.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:18.833167076 CET6492853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:18.955832005 CET53649288.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:19.020925999 CET5739053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:19.171892881 CET53573908.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:19.172086000 CET5739053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:19.323118925 CET53573908.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:19.323430061 CET5739053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:19.457782984 CET53573908.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:19.458239079 CET5739053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:19.581190109 CET53573908.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:19.581548929 CET5739053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:19.716824055 CET53573908.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:19.863677025 CET5809553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:20.015306950 CET53580958.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:20.018250942 CET5809553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:20.152930021 CET53580958.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:20.159337044 CET5809553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:20.282259941 CET53580958.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:20.424853086 CET5809553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:20.559120893 CET53580958.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:20.559308052 CET5809553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:20.708981991 CET53580958.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:20.751492977 CET5426153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:20.900317907 CET53542618.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:20.900538921 CET5426153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:21.051100969 CET53542618.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:21.051286936 CET5426153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:21.186079025 CET53542618.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:21.186302900 CET5426153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:21.321294069 CET53542618.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:21.321513891 CET5426153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:21.455926895 CET53542618.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:21.499788046 CET6050753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:21.651058912 CET53605078.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:21.651216984 CET6050753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:21.800673962 CET53605078.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:21.800859928 CET6050753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:21.935188055 CET53605078.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:21.935364008 CET6050753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:22.069510937 CET53605078.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:22.069678068 CET6050753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:22.192755938 CET53605078.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:22.249038935 CET5044653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:22.399163961 CET53504468.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:22.399378061 CET5044653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:22.561754942 CET53504468.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:22.563787937 CET5044653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:22.805250883 CET53504468.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:22.834839106 CET5044653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:22.969640017 CET53504468.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:22.971529961 CET5044653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:23.106206894 CET53504468.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:23.254889965 CET5593953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:23.405159950 CET53559398.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:23.459191084 CET5593953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:23.581984043 CET53559398.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:23.582411051 CET5593953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:23.717323065 CET53559398.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:24.001784086 CET4960853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:24.151555061 CET53496088.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:24.151937008 CET4960853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:24.286241055 CET53496088.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:24.286425114 CET4960853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:24.420527935 CET53496088.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:24.421379089 CET4960853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:24.572323084 CET53496088.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:24.572474003 CET4960853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:24.696615934 CET53496088.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:24.792140961 CET6148653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:24.941874027 CET53614868.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:24.942045927 CET6148653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:25.092333078 CET53614868.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:25.092551947 CET6148653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:25.226810932 CET53614868.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:25.226986885 CET6148653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:25.349575996 CET53614868.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:25.349862099 CET6148653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:25.483933926 CET53614868.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:25.540595055 CET6245353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:25.689080954 CET53624538.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:25.690279961 CET6245353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:25.838831902 CET53624538.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:25.853346109 CET6245353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:25.988506079 CET53624538.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:25.988749981 CET6245353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:26.143815041 CET53624538.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:26.149806023 CET6245353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:26.275382042 CET53624538.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:26.344245911 CET5056853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:26.494623899 CET53505688.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:26.582211971 CET5056853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:26.716495991 CET53505688.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:26.716694117 CET5056853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:26.866967916 CET53505688.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:26.868827105 CET5056853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:27.019438982 CET53505688.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:27.019613981 CET5056853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:27.142935038 CET53505688.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:27.177431107 CET6146753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:27.328643084 CET53614678.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:27.328847885 CET6146753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:27.454881907 CET53614678.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:27.455081940 CET6146753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:27.605218887 CET53614678.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:27.605413914 CET6146753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:27.755270004 CET53614678.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:27.755451918 CET6146753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:27.890362024 CET53614678.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:27.928184986 CET6161853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:28.077526093 CET53616188.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:28.078236103 CET6161853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:28.229608059 CET53616188.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:28.229983091 CET6161853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:28.380291939 CET53616188.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:28.380486965 CET6161853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:28.503346920 CET53616188.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:28.503535986 CET6161853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:28.638560057 CET53616188.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:28.675117970 CET5442253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:28.825858116 CET53544228.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:28.930773020 CET5442253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:29.080641031 CET53544228.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:29.096030951 CET5442253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:29.230324984 CET53544228.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:29.231797934 CET5442253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:29.355407000 CET53544228.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:29.369613886 CET5442253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:29.503581047 CET53544228.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:29.569761038 CET5207453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:29.718846083 CET53520748.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:29.719086885 CET5207453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:29.873191118 CET53520748.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:29.873363972 CET5207453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:30.007541895 CET53520748.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:30.007736921 CET5207453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:30.157746077 CET53520748.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:30.157943010 CET5207453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:30.292371035 CET53520748.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:30.324508905 CET5033753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:30.475584030 CET53503378.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:30.475817919 CET5033753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:30.598546028 CET53503378.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:30.598773003 CET5033753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:30.733191013 CET53503378.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:30.733374119 CET5033753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:30.884403944 CET53503378.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:30.884603977 CET5033753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:31.018651962 CET53503378.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:31.049813986 CET6182653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:31.200654984 CET53618268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:31.201231003 CET6182653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:31.335457087 CET53618268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:31.367912054 CET6182653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:31.502441883 CET53618268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:31.502655029 CET6182653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:31.636662960 CET53618268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:31.636885881 CET6182653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:31.786256075 CET53618268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:31.805898905 CET5632953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:31.956478119 CET53563298.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:31.956737995 CET5632953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:32.090876102 CET53563298.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:32.091221094 CET5632953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:32.239984035 CET53563298.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:32.337817907 CET6346953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:32.487040043 CET53634698.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:32.510665894 CET5944753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:32.661618948 CET53594478.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:32.665481091 CET5182853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:32.815042019 CET53518288.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:32.817172050 CET5340653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:32.979393959 CET53534068.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:32.981301069 CET5634553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:33.134768963 CET53563458.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:33.136413097 CET5187053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:33.286226034 CET53518708.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:33.288105011 CET6500953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:33.438060045 CET53650098.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:33.439702034 CET6495653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:33.590279102 CET53649568.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 12:40:33.592456102 CET5452153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 12:40:33.743221045 CET53545218.8.8.8192.168.2.22

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Dec 12, 2024 12:40:05.617984056 CET192.168.2.228.8.8.80xce03Standard query (0)keoqiqigggqkcykq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:05.768069029 CET192.168.2.228.8.8.80xce03Standard query (0)keoqiqigggqkcykq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:05.902261972 CET192.168.2.228.8.8.80xce03Standard query (0)keoqiqigggqkcykq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.025197029 CET192.168.2.228.8.8.80xce03Standard query (0)keoqiqigggqkcykq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.174541950 CET192.168.2.228.8.8.80xce03Standard query (0)keoqiqigggqkcykq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.385237932 CET192.168.2.228.8.8.80xab6dStandard query (0)cycscsqyqkeaykgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.537393093 CET192.168.2.228.8.8.80xab6dStandard query (0)cycscsqyqkeaykgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.671930075 CET192.168.2.228.8.8.80xab6dStandard query (0)cycscsqyqkeaykgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.821444988 CET192.168.2.228.8.8.80xab6dStandard query (0)cycscsqyqkeaykgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.957489967 CET192.168.2.228.8.8.80xab6dStandard query (0)cycscsqyqkeaykgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.160087109 CET192.168.2.228.8.8.80x98f4Standard query (0)uowowiqiyeiuwmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.318886042 CET192.168.2.228.8.8.80x98f4Standard query (0)uowowiqiyeiuwmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.474548101 CET192.168.2.228.8.8.80x98f4Standard query (0)uowowiqiyeiuwmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.650171041 CET192.168.2.228.8.8.80x98f4Standard query (0)uowowiqiyeiuwmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.786046028 CET192.168.2.228.8.8.80x98f4Standard query (0)uowowiqiyeiuwmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.926136971 CET192.168.2.228.8.8.80x1177Standard query (0)uokqeaieowiogsgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.081731081 CET192.168.2.228.8.8.80x1177Standard query (0)uokqeaieowiogsgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.223547935 CET192.168.2.228.8.8.80x1177Standard query (0)uokqeaieowiogsgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.373538017 CET192.168.2.228.8.8.80x1177Standard query (0)uokqeaieowiogsgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.496599913 CET192.168.2.228.8.8.80x1177Standard query (0)uokqeaieowiogsgc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.646361113 CET192.168.2.228.8.8.80xa04bStandard query (0)mmygsewuukqkiiok.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.797087908 CET192.168.2.228.8.8.80xa04bStandard query (0)mmygsewuukqkiiok.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.947361946 CET192.168.2.228.8.8.80xa04bStandard query (0)mmygsewuukqkiiok.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.096138000 CET192.168.2.228.8.8.80xa04bStandard query (0)mmygsewuukqkiiok.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.230556965 CET192.168.2.228.8.8.80xa04bStandard query (0)mmygsewuukqkiiok.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.519339085 CET192.168.2.228.8.8.80xfe93Standard query (0)owoksuegymmgesys.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.668708086 CET192.168.2.228.8.8.80xfe93Standard query (0)owoksuegymmgesys.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.803661108 CET192.168.2.228.8.8.80xfe93Standard query (0)owoksuegymmgesys.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.938067913 CET192.168.2.228.8.8.80xfe93Standard query (0)owoksuegymmgesys.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.088756084 CET192.168.2.228.8.8.80xfe93Standard query (0)owoksuegymmgesys.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.280075073 CET192.168.2.228.8.8.80xca71Standard query (0)skekiggeimmceqcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.429858923 CET192.168.2.228.8.8.80xca71Standard query (0)skekiggeimmceqcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.595530987 CET192.168.2.228.8.8.80xca71Standard query (0)skekiggeimmceqcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.740828037 CET192.168.2.228.8.8.80xca71Standard query (0)skekiggeimmceqcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.906016111 CET192.168.2.228.8.8.80xca71Standard query (0)skekiggeimmceqcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.236825943 CET192.168.2.228.8.8.80xb1a1Standard query (0)ocsqocikkcggeaaw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.387213945 CET192.168.2.228.8.8.80xb1a1Standard query (0)ocsqocikkcggeaaw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.537096024 CET192.168.2.228.8.8.80xb1a1Standard query (0)ocsqocikkcggeaaw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.671312094 CET192.168.2.228.8.8.80xb1a1Standard query (0)ocsqocikkcggeaaw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.805628061 CET192.168.2.228.8.8.80xb1a1Standard query (0)ocsqocikkcggeaaw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.015597105 CET192.168.2.228.8.8.80xbb0fStandard query (0)uwgicagyykoommga.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.175468922 CET192.168.2.228.8.8.80x24d5Standard query (0)uiggameqqycugsqw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.326093912 CET192.168.2.228.8.8.80x24d5Standard query (0)uiggameqqycugsqw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.465075970 CET192.168.2.228.8.8.80x24d5Standard query (0)uiggameqqycugsqw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.600265026 CET192.168.2.228.8.8.80x24d5Standard query (0)uiggameqqycugsqw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.736351967 CET192.168.2.228.8.8.80x24d5Standard query (0)uiggameqqycugsqw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.000786066 CET192.168.2.228.8.8.80x1905Standard query (0)keosqeosukqcooco.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.150437117 CET192.168.2.228.8.8.80x1905Standard query (0)keosqeosukqcooco.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.285126925 CET192.168.2.228.8.8.80x1905Standard query (0)keosqeosukqcooco.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.435256958 CET192.168.2.228.8.8.80x1905Standard query (0)keosqeosukqcooco.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.589447021 CET192.168.2.228.8.8.80x1905Standard query (0)keosqeosukqcooco.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.861953974 CET192.168.2.228.8.8.80x3bd9Standard query (0)ymmcwogyimsuqmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.012774944 CET192.168.2.228.8.8.80x3bd9Standard query (0)ymmcwogyimsuqmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.166580915 CET192.168.2.228.8.8.80x3bd9Standard query (0)ymmcwogyimsuqmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.318401098 CET192.168.2.228.8.8.80x3bd9Standard query (0)ymmcwogyimsuqmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.452847004 CET192.168.2.228.8.8.80x3bd9Standard query (0)ymmcwogyimsuqmcc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.713777065 CET192.168.2.228.8.8.80x69c0Standard query (0)aqgmgoqcoqqkguyk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.864250898 CET192.168.2.228.8.8.80x69c0Standard query (0)aqgmgoqcoqqkguyk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.013744116 CET192.168.2.228.8.8.80x69c0Standard query (0)aqgmgoqcoqqkguyk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.148140907 CET192.168.2.228.8.8.80x69c0Standard query (0)aqgmgoqcoqqkguyk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.272129059 CET192.168.2.228.8.8.80x69c0Standard query (0)aqgmgoqcoqqkguyk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.463749886 CET192.168.2.228.8.8.80x7a09Standard query (0)yyyagyakeciucagk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.612921000 CET192.168.2.228.8.8.80x7a09Standard query (0)yyyagyakeciucagk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.764842987 CET192.168.2.228.8.8.80x7a09Standard query (0)yyyagyakeciucagk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.916194916 CET192.168.2.228.8.8.80x7a09Standard query (0)yyyagyakeciucagk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.050924063 CET192.168.2.228.8.8.80x7a09Standard query (0)yyyagyakeciucagk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.211343050 CET192.168.2.228.8.8.80xb1b0Standard query (0)comuwmkimocayeeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.362188101 CET192.168.2.228.8.8.80xb1b0Standard query (0)comuwmkimocayeeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.513044119 CET192.168.2.228.8.8.80xb1b0Standard query (0)comuwmkimocayeeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.664797068 CET192.168.2.228.8.8.80xb1b0Standard query (0)comuwmkimocayeeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.077538013 CET192.168.2.228.8.8.80xb1b0Standard query (0)comuwmkimocayeeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.375777960 CET192.168.2.228.8.8.80xe0dStandard query (0)kouumoyqiuckkcau.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.527172089 CET192.168.2.228.8.8.80xe0dStandard query (0)kouumoyqiuckkcau.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.677402020 CET192.168.2.228.8.8.80xe0dStandard query (0)kouumoyqiuckkcau.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.827948093 CET192.168.2.228.8.8.80xe0dStandard query (0)kouumoyqiuckkcau.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.978276014 CET192.168.2.228.8.8.80xe0dStandard query (0)kouumoyqiuckkcau.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.248747110 CET192.168.2.228.8.8.80xca6eStandard query (0)qgwkkkyicoqmooqu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.399308920 CET192.168.2.228.8.8.80xca6eStandard query (0)qgwkkkyicoqmooqu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.549417019 CET192.168.2.228.8.8.80xca6eStandard query (0)qgwkkkyicoqmooqu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.698556900 CET192.168.2.228.8.8.80xca6eStandard query (0)qgwkkkyicoqmooqu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.833167076 CET192.168.2.228.8.8.80xca6eStandard query (0)qgwkkkyicoqmooqu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.020925999 CET192.168.2.228.8.8.80x587dStandard query (0)syiysgiqgqggqkoc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.172086000 CET192.168.2.228.8.8.80x587dStandard query (0)syiysgiqgqggqkoc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.323430061 CET192.168.2.228.8.8.80x587dStandard query (0)syiysgiqgqggqkoc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.458239079 CET192.168.2.228.8.8.80x587dStandard query (0)syiysgiqgqggqkoc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.581548929 CET192.168.2.228.8.8.80x587dStandard query (0)syiysgiqgqggqkoc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.863677025 CET192.168.2.228.8.8.80x116dStandard query (0)cymymsciyaiacwgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.018250942 CET192.168.2.228.8.8.80x116dStandard query (0)cymymsciyaiacwgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.159337044 CET192.168.2.228.8.8.80x116dStandard query (0)cymymsciyaiacwgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.424853086 CET192.168.2.228.8.8.80x116dStandard query (0)cymymsciyaiacwgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.559308052 CET192.168.2.228.8.8.80x116dStandard query (0)cymymsciyaiacwgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.751492977 CET192.168.2.228.8.8.80x8f8cStandard query (0)eigywisgeoiskekg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.900538921 CET192.168.2.228.8.8.80x8f8cStandard query (0)eigywisgeoiskekg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.051286936 CET192.168.2.228.8.8.80x8f8cStandard query (0)eigywisgeoiskekg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.186302900 CET192.168.2.228.8.8.80x8f8cStandard query (0)eigywisgeoiskekg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.321513891 CET192.168.2.228.8.8.80x8f8cStandard query (0)eigywisgeoiskekg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.499788046 CET192.168.2.228.8.8.80x33f3Standard query (0)ywcwqgmikmycwoeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.651216984 CET192.168.2.228.8.8.80x33f3Standard query (0)ywcwqgmikmycwoeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.800859928 CET192.168.2.228.8.8.80x33f3Standard query (0)ywcwqgmikmycwoeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.935364008 CET192.168.2.228.8.8.80x33f3Standard query (0)ywcwqgmikmycwoeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.069678068 CET192.168.2.228.8.8.80x33f3Standard query (0)ywcwqgmikmycwoeu.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.249038935 CET192.168.2.228.8.8.80xcd3fStandard query (0)ucoweesewcwiosgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.399378061 CET192.168.2.228.8.8.80xcd3fStandard query (0)ucoweesewcwiosgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.563787937 CET192.168.2.228.8.8.80xcd3fStandard query (0)ucoweesewcwiosgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.834839106 CET192.168.2.228.8.8.80xcd3fStandard query (0)ucoweesewcwiosgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.971529961 CET192.168.2.228.8.8.80xcd3fStandard query (0)ucoweesewcwiosgw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:23.254889965 CET192.168.2.228.8.8.80x627eStandard query (0)uqsqcgouceqmigcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:23.459191084 CET192.168.2.228.8.8.80x627eStandard query (0)uqsqcgouceqmigcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:23.582411051 CET192.168.2.228.8.8.80x627eStandard query (0)uqsqcgouceqmigcg.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.001784086 CET192.168.2.228.8.8.80x172aStandard query (0)kwoesauawkouiecq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.151937008 CET192.168.2.228.8.8.80x172aStandard query (0)kwoesauawkouiecq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.286425114 CET192.168.2.228.8.8.80x172aStandard query (0)kwoesauawkouiecq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.421379089 CET192.168.2.228.8.8.80x172aStandard query (0)kwoesauawkouiecq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.572474003 CET192.168.2.228.8.8.80x172aStandard query (0)kwoesauawkouiecq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.792140961 CET192.168.2.228.8.8.80xaf6aStandard query (0)gcuasoickeyqugwe.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.942045927 CET192.168.2.228.8.8.80xaf6aStandard query (0)gcuasoickeyqugwe.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.092551947 CET192.168.2.228.8.8.80xaf6aStandard query (0)gcuasoickeyqugwe.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.226986885 CET192.168.2.228.8.8.80xaf6aStandard query (0)gcuasoickeyqugwe.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.349862099 CET192.168.2.228.8.8.80xaf6aStandard query (0)gcuasoickeyqugwe.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.540595055 CET192.168.2.228.8.8.80xfd41Standard query (0)ukgmmiakkgwgssak.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.690279961 CET192.168.2.228.8.8.80xfd41Standard query (0)ukgmmiakkgwgssak.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.853346109 CET192.168.2.228.8.8.80xfd41Standard query (0)ukgmmiakkgwgssak.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.988749981 CET192.168.2.228.8.8.80xfd41Standard query (0)ukgmmiakkgwgssak.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.149806023 CET192.168.2.228.8.8.80xfd41Standard query (0)ukgmmiakkgwgssak.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.344245911 CET192.168.2.228.8.8.80x8d0dStandard query (0)qqmoqouykmakcwwo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.582211971 CET192.168.2.228.8.8.80x8d0dStandard query (0)qqmoqouykmakcwwo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.716694117 CET192.168.2.228.8.8.80x8d0dStandard query (0)qqmoqouykmakcwwo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.868827105 CET192.168.2.228.8.8.80x8d0dStandard query (0)qqmoqouykmakcwwo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.019613981 CET192.168.2.228.8.8.80x8d0dStandard query (0)qqmoqouykmakcwwo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.177431107 CET192.168.2.228.8.8.80x5e9dStandard query (0)giekgiaycwsmicgi.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.328847885 CET192.168.2.228.8.8.80x5e9dStandard query (0)giekgiaycwsmicgi.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.455081940 CET192.168.2.228.8.8.80x5e9dStandard query (0)giekgiaycwsmicgi.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.605413914 CET192.168.2.228.8.8.80x5e9dStandard query (0)giekgiaycwsmicgi.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.755451918 CET192.168.2.228.8.8.80x5e9dStandard query (0)giekgiaycwsmicgi.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.928184986 CET192.168.2.228.8.8.80x9290Standard query (0)sagqoimosegsiusq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.078236103 CET192.168.2.228.8.8.80x9290Standard query (0)sagqoimosegsiusq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.229983091 CET192.168.2.228.8.8.80x9290Standard query (0)sagqoimosegsiusq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.380486965 CET192.168.2.228.8.8.80x9290Standard query (0)sagqoimosegsiusq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.503535986 CET192.168.2.228.8.8.80x9290Standard query (0)sagqoimosegsiusq.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.675117970 CET192.168.2.228.8.8.80xc3ccStandard query (0)iswkciyqkcwyyyoo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.930773020 CET192.168.2.228.8.8.80xc3ccStandard query (0)iswkciyqkcwyyyoo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.096030951 CET192.168.2.228.8.8.80xc3ccStandard query (0)iswkciyqkcwyyyoo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.231797934 CET192.168.2.228.8.8.80xc3ccStandard query (0)iswkciyqkcwyyyoo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.369613886 CET192.168.2.228.8.8.80xc3ccStandard query (0)iswkciyqkcwyyyoo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.569761038 CET192.168.2.228.8.8.80xafa7Standard query (0)wueiymqkmeqoaeoa.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.719086885 CET192.168.2.228.8.8.80xafa7Standard query (0)wueiymqkmeqoaeoa.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.873363972 CET192.168.2.228.8.8.80xafa7Standard query (0)wueiymqkmeqoaeoa.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.007736921 CET192.168.2.228.8.8.80xafa7Standard query (0)wueiymqkmeqoaeoa.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.157943010 CET192.168.2.228.8.8.80xafa7Standard query (0)wueiymqkmeqoaeoa.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.324508905 CET192.168.2.228.8.8.80xeb87Standard query (0)awuasceiaugcyimo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.475817919 CET192.168.2.228.8.8.80xeb87Standard query (0)awuasceiaugcyimo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.598773003 CET192.168.2.228.8.8.80xeb87Standard query (0)awuasceiaugcyimo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.733374119 CET192.168.2.228.8.8.80xeb87Standard query (0)awuasceiaugcyimo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.884603977 CET192.168.2.228.8.8.80xeb87Standard query (0)awuasceiaugcyimo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.049813986 CET192.168.2.228.8.8.80x562bStandard query (0)wmgoyusqoacscaym.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.201231003 CET192.168.2.228.8.8.80x562bStandard query (0)wmgoyusqoacscaym.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.367912054 CET192.168.2.228.8.8.80x562bStandard query (0)wmgoyusqoacscaym.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.502655029 CET192.168.2.228.8.8.80x562bStandard query (0)wmgoyusqoacscaym.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.636885881 CET192.168.2.228.8.8.80x562bStandard query (0)wmgoyusqoacscaym.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.805898905 CET192.168.2.228.8.8.80xc1a1Standard query (0)qoaqqguqascciiey.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.956737995 CET192.168.2.228.8.8.80xc1a1Standard query (0)qoaqqguqascciiey.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.091221094 CET192.168.2.228.8.8.80xc1a1Standard query (0)qoaqqguqascciiey.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.337817907 CET192.168.2.228.8.8.80x208fStandard query (0)ykwswkacmaqscuaw.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.510665894 CET192.168.2.228.8.8.80x377Standard query (0)quuicoywaeqsaqam.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.665481091 CET192.168.2.228.8.8.80xfe1Standard query (0)gawwyyweayiamauo.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.817172050 CET192.168.2.228.8.8.80x7343Standard query (0)ggmagoysqkegguym.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.981301069 CET192.168.2.228.8.8.80x6082Standard query (0)qosiywgcuamwuuos.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.136413097 CET192.168.2.228.8.8.80x4b70Standard query (0)ikiakwccommusayk.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.288105011 CET192.168.2.228.8.8.80x3b0eStandard query (0)kuowguomwakoagem.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.439702034 CET192.168.2.228.8.8.80x52cbStandard query (0)iycyekwmcqmygiwc.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.592456102 CET192.168.2.228.8.8.80xcf15Standard query (0)wsggkemgawiyoyag.xyzA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Dec 12, 2024 12:40:05.767860889 CET8.8.8.8192.168.2.220xce03Name error (3)keoqiqigggqkcykq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:05.902082920 CET8.8.8.8192.168.2.220xce03Name error (3)keoqiqigggqkcykq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.024940014 CET8.8.8.8192.168.2.220xce03Name error (3)keoqiqigggqkcykq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.174362898 CET8.8.8.8192.168.2.220xce03Name error (3)keoqiqigggqkcykq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.312139988 CET8.8.8.8192.168.2.220xce03Name error (3)keoqiqigggqkcykq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.535701036 CET8.8.8.8192.168.2.220xab6dName error (3)cycscsqyqkeaykgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.671611071 CET8.8.8.8192.168.2.220xab6dName error (3)cycscsqyqkeaykgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.820893049 CET8.8.8.8192.168.2.220xab6dName error (3)cycscsqyqkeaykgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:06.955480099 CET8.8.8.8192.168.2.220xab6dName error (3)cycscsqyqkeaykgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.080159903 CET8.8.8.8192.168.2.220xab6dName error (3)cycscsqyqkeaykgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.311295033 CET8.8.8.8192.168.2.220x98f4Name error (3)uowowiqiyeiuwmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.468141079 CET8.8.8.8192.168.2.220x98f4Name error (3)uowowiqiyeiuwmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.609009027 CET8.8.8.8192.168.2.220x98f4Name error (3)uowowiqiyeiuwmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.784755945 CET8.8.8.8192.168.2.220x98f4Name error (3)uowowiqiyeiuwmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:07.908916950 CET8.8.8.8192.168.2.220x98f4Name error (3)uowowiqiyeiuwmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.075520992 CET8.8.8.8192.168.2.220x1177Name error (3)uokqeaieowiogsgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.216084957 CET8.8.8.8192.168.2.220x1177Name error (3)uokqeaieowiogsgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.373312950 CET8.8.8.8192.168.2.220x1177Name error (3)uokqeaieowiogsgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.496439934 CET8.8.8.8192.168.2.220x1177Name error (3)uokqeaieowiogsgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.631483078 CET8.8.8.8192.168.2.220x1177Name error (3)uokqeaieowiogsgc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.796926022 CET8.8.8.8192.168.2.220xa04bName error (3)mmygsewuukqkiiok.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:08.947171926 CET8.8.8.8192.168.2.220xa04bName error (3)mmygsewuukqkiiok.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.095972061 CET8.8.8.8192.168.2.220xa04bName error (3)mmygsewuukqkiiok.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.230384111 CET8.8.8.8192.168.2.220xa04bName error (3)mmygsewuukqkiiok.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.470392942 CET8.8.8.8192.168.2.220xa04bName error (3)mmygsewuukqkiiok.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.668528080 CET8.8.8.8192.168.2.220xfe93Name error (3)owoksuegymmgesys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.803478956 CET8.8.8.8192.168.2.220xfe93Name error (3)owoksuegymmgesys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:09.937891960 CET8.8.8.8192.168.2.220xfe93Name error (3)owoksuegymmgesys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.088445902 CET8.8.8.8192.168.2.220xfe93Name error (3)owoksuegymmgesys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.222949028 CET8.8.8.8192.168.2.220xfe93Name error (3)owoksuegymmgesys.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.429691076 CET8.8.8.8192.168.2.220xca71Name error (3)skekiggeimmceqcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.578922033 CET8.8.8.8192.168.2.220xca71Name error (3)skekiggeimmceqcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.729835033 CET8.8.8.8192.168.2.220xca71Name error (3)skekiggeimmceqcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:10.875019073 CET8.8.8.8192.168.2.220xca71Name error (3)skekiggeimmceqcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.040235996 CET8.8.8.8192.168.2.220xca71Name error (3)skekiggeimmceqcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.387042046 CET8.8.8.8192.168.2.220xb1a1Name error (3)ocsqocikkcggeaaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.536875963 CET8.8.8.8192.168.2.220xb1a1Name error (3)ocsqocikkcggeaaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.671125889 CET8.8.8.8192.168.2.220xb1a1Name error (3)ocsqocikkcggeaaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.805398941 CET8.8.8.8192.168.2.220xb1a1Name error (3)ocsqocikkcggeaaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:11.940567017 CET8.8.8.8192.168.2.220xb1a1Name error (3)ocsqocikkcggeaaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.165050983 CET8.8.8.8192.168.2.220xbb0fName error (3)uwgicagyykoommga.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.324883938 CET8.8.8.8192.168.2.220x24d5Name error (3)uiggameqqycugsqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.461632967 CET8.8.8.8192.168.2.220x24d5Name error (3)uiggameqqycugsqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.600056887 CET8.8.8.8192.168.2.220x24d5Name error (3)uiggameqqycugsqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.735328913 CET8.8.8.8192.168.2.220x24d5Name error (3)uiggameqqycugsqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:12.886212111 CET8.8.8.8192.168.2.220x24d5Name error (3)uiggameqqycugsqw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.150235891 CET8.8.8.8192.168.2.220x1905Name error (3)keosqeosukqcooco.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.284934998 CET8.8.8.8192.168.2.220x1905Name error (3)keosqeosukqcooco.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.435066938 CET8.8.8.8192.168.2.220x1905Name error (3)keosqeosukqcooco.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.569766998 CET8.8.8.8192.168.2.220x1905Name error (3)keosqeosukqcooco.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:13.739357948 CET8.8.8.8192.168.2.220x1905Name error (3)keosqeosukqcooco.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.012588024 CET8.8.8.8192.168.2.220x3bd9Name error (3)ymmcwogyimsuqmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.163295031 CET8.8.8.8192.168.2.220x3bd9Name error (3)ymmcwogyimsuqmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.318216085 CET8.8.8.8192.168.2.220x3bd9Name error (3)ymmcwogyimsuqmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.452661037 CET8.8.8.8192.168.2.220x3bd9Name error (3)ymmcwogyimsuqmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.586779118 CET8.8.8.8192.168.2.220x3bd9Name error (3)ymmcwogyimsuqmcc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:14.863914967 CET8.8.8.8192.168.2.220x69c0Name error (3)aqgmgoqcoqqkguyk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.013474941 CET8.8.8.8192.168.2.220x69c0Name error (3)aqgmgoqcoqqkguyk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.147933006 CET8.8.8.8192.168.2.220x69c0Name error (3)aqgmgoqcoqqkguyk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.271961927 CET8.8.8.8192.168.2.220x69c0Name error (3)aqgmgoqcoqqkguyk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.406774998 CET8.8.8.8192.168.2.220x69c0Name error (3)aqgmgoqcoqqkguyk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.612654924 CET8.8.8.8192.168.2.220x7a09Name error (3)yyyagyakeciucagk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.764647007 CET8.8.8.8192.168.2.220x7a09Name error (3)yyyagyakeciucagk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:15.915807009 CET8.8.8.8192.168.2.220x7a09Name error (3)yyyagyakeciucagk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.050331116 CET8.8.8.8192.168.2.220x7a09Name error (3)yyyagyakeciucagk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.184981108 CET8.8.8.8192.168.2.220x7a09Name error (3)yyyagyakeciucagk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.361700058 CET8.8.8.8192.168.2.220xb1b0Name error (3)comuwmkimocayeeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.512882948 CET8.8.8.8192.168.2.220xb1b0Name error (3)comuwmkimocayeeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.647592068 CET8.8.8.8192.168.2.220xb1b0Name error (3)comuwmkimocayeeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:16.799441099 CET8.8.8.8192.168.2.220xb1b0Name error (3)comuwmkimocayeeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.212025881 CET8.8.8.8192.168.2.220xb1b0Name error (3)comuwmkimocayeeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.526949883 CET8.8.8.8192.168.2.220xe0dName error (3)kouumoyqiuckkcau.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.677182913 CET8.8.8.8192.168.2.220xe0dName error (3)kouumoyqiuckkcau.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.827692986 CET8.8.8.8192.168.2.220xe0dName error (3)kouumoyqiuckkcau.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:17.978070021 CET8.8.8.8192.168.2.220xe0dName error (3)kouumoyqiuckkcau.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.112718105 CET8.8.8.8192.168.2.220xe0dName error (3)kouumoyqiuckkcau.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.399113894 CET8.8.8.8192.168.2.220xca6eName error (3)qgwkkkyicoqmooqu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.549232960 CET8.8.8.8192.168.2.220xca6eName error (3)qgwkkkyicoqmooqu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.698386908 CET8.8.8.8192.168.2.220xca6eName error (3)qgwkkkyicoqmooqu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.832947016 CET8.8.8.8192.168.2.220xca6eName error (3)qgwkkkyicoqmooqu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:18.955832005 CET8.8.8.8192.168.2.220xca6eName error (3)qgwkkkyicoqmooqu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.171892881 CET8.8.8.8192.168.2.220x587dName error (3)syiysgiqgqggqkoc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.323118925 CET8.8.8.8192.168.2.220x587dName error (3)syiysgiqgqggqkoc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.457782984 CET8.8.8.8192.168.2.220x587dName error (3)syiysgiqgqggqkoc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.581190109 CET8.8.8.8192.168.2.220x587dName error (3)syiysgiqgqggqkoc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:19.716824055 CET8.8.8.8192.168.2.220x587dName error (3)syiysgiqgqggqkoc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.015306950 CET8.8.8.8192.168.2.220x116dName error (3)cymymsciyaiacwgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.152930021 CET8.8.8.8192.168.2.220x116dName error (3)cymymsciyaiacwgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.282259941 CET8.8.8.8192.168.2.220x116dName error (3)cymymsciyaiacwgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.559120893 CET8.8.8.8192.168.2.220x116dName error (3)cymymsciyaiacwgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.708981991 CET8.8.8.8192.168.2.220x116dName error (3)cymymsciyaiacwgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:20.900317907 CET8.8.8.8192.168.2.220x8f8cName error (3)eigywisgeoiskekg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.051100969 CET8.8.8.8192.168.2.220x8f8cName error (3)eigywisgeoiskekg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.186079025 CET8.8.8.8192.168.2.220x8f8cName error (3)eigywisgeoiskekg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.321294069 CET8.8.8.8192.168.2.220x8f8cName error (3)eigywisgeoiskekg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.455926895 CET8.8.8.8192.168.2.220x8f8cName error (3)eigywisgeoiskekg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.651058912 CET8.8.8.8192.168.2.220x33f3Name error (3)ywcwqgmikmycwoeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.800673962 CET8.8.8.8192.168.2.220x33f3Name error (3)ywcwqgmikmycwoeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:21.935188055 CET8.8.8.8192.168.2.220x33f3Name error (3)ywcwqgmikmycwoeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.069510937 CET8.8.8.8192.168.2.220x33f3Name error (3)ywcwqgmikmycwoeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.192755938 CET8.8.8.8192.168.2.220x33f3Name error (3)ywcwqgmikmycwoeu.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.399163961 CET8.8.8.8192.168.2.220xcd3fName error (3)ucoweesewcwiosgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.561754942 CET8.8.8.8192.168.2.220xcd3fName error (3)ucoweesewcwiosgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.805250883 CET8.8.8.8192.168.2.220xcd3fName error (3)ucoweesewcwiosgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:22.969640017 CET8.8.8.8192.168.2.220xcd3fName error (3)ucoweesewcwiosgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:23.106206894 CET8.8.8.8192.168.2.220xcd3fName error (3)ucoweesewcwiosgw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:23.405159950 CET8.8.8.8192.168.2.220x627eName error (3)uqsqcgouceqmigcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:23.581984043 CET8.8.8.8192.168.2.220x627eName error (3)uqsqcgouceqmigcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:23.717323065 CET8.8.8.8192.168.2.220x627eName error (3)uqsqcgouceqmigcg.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.151555061 CET8.8.8.8192.168.2.220x172aName error (3)kwoesauawkouiecq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.286241055 CET8.8.8.8192.168.2.220x172aName error (3)kwoesauawkouiecq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.420527935 CET8.8.8.8192.168.2.220x172aName error (3)kwoesauawkouiecq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.572323084 CET8.8.8.8192.168.2.220x172aName error (3)kwoesauawkouiecq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.696615934 CET8.8.8.8192.168.2.220x172aName error (3)kwoesauawkouiecq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:24.941874027 CET8.8.8.8192.168.2.220xaf6aName error (3)gcuasoickeyqugwe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.092333078 CET8.8.8.8192.168.2.220xaf6aName error (3)gcuasoickeyqugwe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.226810932 CET8.8.8.8192.168.2.220xaf6aName error (3)gcuasoickeyqugwe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.349575996 CET8.8.8.8192.168.2.220xaf6aName error (3)gcuasoickeyqugwe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.483933926 CET8.8.8.8192.168.2.220xaf6aName error (3)gcuasoickeyqugwe.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.689080954 CET8.8.8.8192.168.2.220xfd41Name error (3)ukgmmiakkgwgssak.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.838831902 CET8.8.8.8192.168.2.220xfd41Name error (3)ukgmmiakkgwgssak.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:25.988506079 CET8.8.8.8192.168.2.220xfd41Name error (3)ukgmmiakkgwgssak.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.143815041 CET8.8.8.8192.168.2.220xfd41Name error (3)ukgmmiakkgwgssak.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.275382042 CET8.8.8.8192.168.2.220xfd41Name error (3)ukgmmiakkgwgssak.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.494623899 CET8.8.8.8192.168.2.220x8d0dName error (3)qqmoqouykmakcwwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.716495991 CET8.8.8.8192.168.2.220x8d0dName error (3)qqmoqouykmakcwwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:26.866967916 CET8.8.8.8192.168.2.220x8d0dName error (3)qqmoqouykmakcwwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.019438982 CET8.8.8.8192.168.2.220x8d0dName error (3)qqmoqouykmakcwwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.142935038 CET8.8.8.8192.168.2.220x8d0dName error (3)qqmoqouykmakcwwo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.328643084 CET8.8.8.8192.168.2.220x5e9dName error (3)giekgiaycwsmicgi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.454881907 CET8.8.8.8192.168.2.220x5e9dName error (3)giekgiaycwsmicgi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.605218887 CET8.8.8.8192.168.2.220x5e9dName error (3)giekgiaycwsmicgi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.755270004 CET8.8.8.8192.168.2.220x5e9dName error (3)giekgiaycwsmicgi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:27.890362024 CET8.8.8.8192.168.2.220x5e9dName error (3)giekgiaycwsmicgi.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.077526093 CET8.8.8.8192.168.2.220x9290Name error (3)sagqoimosegsiusq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.229608059 CET8.8.8.8192.168.2.220x9290Name error (3)sagqoimosegsiusq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.380291939 CET8.8.8.8192.168.2.220x9290Name error (3)sagqoimosegsiusq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.503346920 CET8.8.8.8192.168.2.220x9290Name error (3)sagqoimosegsiusq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.638560057 CET8.8.8.8192.168.2.220x9290Name error (3)sagqoimosegsiusq.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:28.825858116 CET8.8.8.8192.168.2.220xc3ccName error (3)iswkciyqkcwyyyoo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.080641031 CET8.8.8.8192.168.2.220xc3ccName error (3)iswkciyqkcwyyyoo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.230324984 CET8.8.8.8192.168.2.220xc3ccName error (3)iswkciyqkcwyyyoo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.355407000 CET8.8.8.8192.168.2.220xc3ccName error (3)iswkciyqkcwyyyoo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.503581047 CET8.8.8.8192.168.2.220xc3ccName error (3)iswkciyqkcwyyyoo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.718846083 CET8.8.8.8192.168.2.220xafa7Name error (3)wueiymqkmeqoaeoa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:29.873191118 CET8.8.8.8192.168.2.220xafa7Name error (3)wueiymqkmeqoaeoa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.007541895 CET8.8.8.8192.168.2.220xafa7Name error (3)wueiymqkmeqoaeoa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.157746077 CET8.8.8.8192.168.2.220xafa7Name error (3)wueiymqkmeqoaeoa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.292371035 CET8.8.8.8192.168.2.220xafa7Name error (3)wueiymqkmeqoaeoa.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.475584030 CET8.8.8.8192.168.2.220xeb87Name error (3)awuasceiaugcyimo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.598546028 CET8.8.8.8192.168.2.220xeb87Name error (3)awuasceiaugcyimo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.733191013 CET8.8.8.8192.168.2.220xeb87Name error (3)awuasceiaugcyimo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:30.884403944 CET8.8.8.8192.168.2.220xeb87Name error (3)awuasceiaugcyimo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.018651962 CET8.8.8.8192.168.2.220xeb87Name error (3)awuasceiaugcyimo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.200654984 CET8.8.8.8192.168.2.220x562bName error (3)wmgoyusqoacscaym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.335457087 CET8.8.8.8192.168.2.220x562bName error (3)wmgoyusqoacscaym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.502441883 CET8.8.8.8192.168.2.220x562bName error (3)wmgoyusqoacscaym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.636662960 CET8.8.8.8192.168.2.220x562bName error (3)wmgoyusqoacscaym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.786256075 CET8.8.8.8192.168.2.220x562bName error (3)wmgoyusqoacscaym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:31.956478119 CET8.8.8.8192.168.2.220xc1a1Name error (3)qoaqqguqascciiey.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.090876102 CET8.8.8.8192.168.2.220xc1a1Name error (3)qoaqqguqascciiey.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.239984035 CET8.8.8.8192.168.2.220xc1a1Name error (3)qoaqqguqascciiey.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.487040043 CET8.8.8.8192.168.2.220x208fName error (3)ykwswkacmaqscuaw.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.661618948 CET8.8.8.8192.168.2.220x377Name error (3)quuicoywaeqsaqam.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.815042019 CET8.8.8.8192.168.2.220xfe1Name error (3)gawwyyweayiamauo.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:32.979393959 CET8.8.8.8192.168.2.220x7343Name error (3)ggmagoysqkegguym.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.134768963 CET8.8.8.8192.168.2.220x6082Name error (3)qosiywgcuamwuuos.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.286226034 CET8.8.8.8192.168.2.220x4b70Name error (3)ikiakwccommusayk.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.438060045 CET8.8.8.8192.168.2.220x3b0eName error (3)kuowguomwakoagem.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.590279102 CET8.8.8.8192.168.2.220x52cbName error (3)iycyekwmcqmygiwc.xyznonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 12:40:33.743221045 CET8.8.8.8192.168.2.220xcf15Name error (3)wsggkemgawiyoyag.xyznonenoneA (IP address)IN (0x0001)false

                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:1
                                                                                                            Start time:06:38:25
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\510286.msi"
                                                                                                            Imagebase:0xff490000
                                                                                                            File size:128'512 bytes
                                                                                                            MD5 hash:AC2E7152124CEED36846BD1B6592A00F
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:2
                                                                                                            Start time:06:38:31
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                            Imagebase:0xff490000
                                                                                                            File size:128'512 bytes
                                                                                                            MD5 hash:AC2E7152124CEED36846BD1B6592A00F
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:5
                                                                                                            Start time:06:39:10
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 0E851BF32976718622E9865433C40305
                                                                                                            Imagebase:0x850000
                                                                                                            File size:73'216 bytes
                                                                                                            MD5 hash:4315D6ECAE85024A0567DF2CB253B7B0
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:06:39:11
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
                                                                                                            Imagebase:0xcf0000
                                                                                                            File size:27'136 bytes
                                                                                                            MD5 hash:1542A92D5C6F7E1E80613F3466C9CE7F
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:8
                                                                                                            Start time:06:39:12
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\expand.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
                                                                                                            Imagebase:0x40000
                                                                                                            File size:53'248 bytes
                                                                                                            MD5 hash:659CED6D7BDA047BCC6048384231DB9F
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:12
                                                                                                            Start time:06:39:59
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe" /VERYSILENT /VERYSILENT
                                                                                                            Imagebase:0x260000
                                                                                                            File size:686'991'360 bytes
                                                                                                            MD5 hash:53215D6E26A13C7586B33498909E0B93
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:false

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.4%
                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                              Signature Coverage:8%
                                                                                                              Total number of Nodes:591
                                                                                                              Total number of Limit Nodes:32
                                                                                                              execution_graph 71570 311290 71571 311320 71570->71571 71578 3058c0 71571->71578 71575 3113d7 71598 2b99a0 54 API calls std::ios_base::_Ios_base_dtor 71575->71598 71577 3113e2 71579 3058f4 71578->71579 71599 305170 71579->71599 71583 3059d3 71584 311440 71583->71584 71618 3117d0 71584->71618 71586 3114a5 71587 3114cc 71586->71587 71628 310320 71586->71628 71591 311d20 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 71592 3114f7 71591->71592 71592->71591 71593 311577 71592->71593 71638 311e50 71593->71638 71597 311598 71597->71575 71598->71577 71609 305630 71599->71609 71602 3e0385 71603 3e038e IsProcessorFeaturePresent 71602->71603 71604 3e038d 71602->71604 71606 3e1b56 71603->71606 71604->71583 71617 3e1c3b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 71606->71617 71608 3e1c39 71608->71583 71611 305680 71609->71611 71610 305182 71610->71602 71611->71610 71612 305770 71611->71612 71613 268ea0 28 API calls std::_Throw_Cpp_error 71611->71613 71616 269650 RaiseException Concurrency::cancel_current_task std::_Facet_Register 71612->71616 71613->71611 71617->71608 71619 311806 71618->71619 71620 3058c0 28 API calls 71619->71620 71621 31182c 71620->71621 71656 313360 71621->71656 71623 31189b 71660 3137f0 71623->71660 71627 31199c 71627->71586 71629 310380 _strlen 71628->71629 71674 267a60 71629->71674 71632 309fa0 71633 309fea 71632->71633 71634 30a22e 71633->71634 71637 267a60 54 API calls 71633->71637 71635 3e0385 CatchGuardHandler 5 API calls 71634->71635 71636 30a23b 71635->71636 71636->71592 71637->71633 71680 3e031a 71638->71680 71645 311f6a 71648 311f95 71645->71648 71717 308520 ReleaseSRWLockExclusive 71645->71717 71647 316e10 70 API calls 71647->71645 71649 311faa 71651 31202b 71649->71651 71718 368820 28 API calls 71649->71718 71652 3168e0 54 API calls 71653 31205c 71652->71653 71653->71652 71654 311590 71653->71654 71655 3121a0 54 API calls std::_Throw_Cpp_error 71654->71655 71655->71597 71657 3133a0 71656->71657 71658 305170 28 API calls 71657->71658 71659 313538 71658->71659 71659->71623 71661 313850 71660->71661 71662 3138a5 71661->71662 71664 31388c 71661->71664 71672 268ea0 28 API calls std::_Throw_Cpp_error 71662->71672 71673 269650 RaiseException Concurrency::cancel_current_task std::_Facet_Register 71664->71673 71667 311985 71668 312c10 71667->71668 71669 312c60 71668->71669 71670 3e0385 CatchGuardHandler 5 API calls 71669->71670 71671 312d36 71670->71671 71671->71627 71672->71667 71675 267a8f 71674->71675 71676 26a930 54 API calls 71675->71676 71677 267aec 71675->71677 71676->71675 71678 3e0385 CatchGuardHandler 5 API calls 71677->71678 71679 267f7e 71678->71679 71679->71632 71681 3e031f ___std_exception_copy 71680->71681 71682 311e8a 71681->71682 71684 3e033b 71681->71684 71719 3e7628 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 71681->71719 71691 316cf0 71682->71691 71685 3e1a49 std::_Facet_Register 71684->71685 71686 3e0345 Concurrency::cancel_current_task 71684->71686 71721 3e2c50 RaiseException 71685->71721 71720 3e2c50 RaiseException 71686->71720 71689 3e1a65 71690 3e0fc1 71693 316d40 71691->71693 71692 311eff 71695 316e10 71692->71695 71693->71692 71694 308230 60 API calls 71693->71694 71694->71693 71722 308230 71695->71722 71699 317501 71739 308520 ReleaseSRWLockExclusive 71699->71739 71701 317264 71702 311f18 71702->71645 71702->71647 71703 316fa2 71704 316f62 71704->71703 71708 317234 71704->71708 71709 317059 shutdown 71704->71709 71711 3170e7 71704->71711 71705 317370 GetCurrentThreadId 71705->71708 71706 3174f9 71738 308520 ReleaseSRWLockExclusive 71706->71738 71707 317308 GetCurrentThreadId 71707->71708 71708->71699 71708->71701 71708->71705 71708->71706 71708->71707 71713 31744c GetCurrentThreadId 71708->71713 71714 3174b8 GetCurrentThreadId 71708->71714 71709->71704 71712 31721d 71711->71712 71715 3171fa closesocket 71711->71715 71731 3042f0 71712->71731 71713->71708 71714->71708 71715->71711 71717->71649 71718->71653 71719->71681 71720->71690 71721->71689 71723 308290 71722->71723 71740 3e1586 71723->71740 71725 308366 71725->71712 71737 30f120 22 API calls 2 library calls 71725->71737 71726 3082f4 71726->71725 71727 308355 71726->71727 71743 3e0ec5 54 API calls 2 library calls 71726->71743 71744 3e0ec5 54 API calls 2 library calls 71727->71744 71732 304340 71731->71732 71733 30449a 71732->71733 71735 309120 54 API calls 71732->71735 71734 3e0385 CatchGuardHandler 5 API calls 71733->71734 71736 3044ad 71734->71736 71735->71732 71736->71708 71737->71704 71738->71699 71739->71702 71745 3e15b5 GetCurrentThreadId 71740->71745 71746 3e15fe 71745->71746 71747 3e15df 71745->71747 71749 3e161e 71746->71749 71750 3e1607 71746->71750 71748 3e15e4 AcquireSRWLockExclusive 71747->71748 71751 3e15f4 71747->71751 71748->71751 71753 3e167d 71749->71753 71759 3e1636 71749->71759 71750->71751 71752 3e1612 AcquireSRWLockExclusive 71750->71752 71754 3e0385 CatchGuardHandler 5 API calls 71751->71754 71752->71751 71753->71751 71755 3e1684 TryAcquireSRWLockExclusive 71753->71755 71756 3e1593 71754->71756 71755->71751 71756->71726 71758 3e166d TryAcquireSRWLockExclusive 71758->71751 71758->71759 71759->71751 71759->71758 71760 3e1708 GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 71759->71760 71760->71759 71761 29624c 71765 296166 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 71761->71765 71762 296160 Sleep 71762->71765 71765->71762 71766 2961f6 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 71765->71766 71767 3e175d QueryPerformanceFrequency 71765->71767 71768 3e1746 QueryPerformanceCounter 71765->71768 71767->71765 71768->71765 71769 27a860 71772 27a8a0 71769->71772 71770 27a8c0 71773 3e0385 CatchGuardHandler 5 API calls 71770->71773 71772->71770 71775 27a9c0 71772->71775 71774 27a9aa 71773->71774 71788 26c9f0 71775->71788 71777 27ad1b 71777->71772 71778 26c9f0 std::_Throw_Cpp_error 5 API calls 71785 27a9e2 std::ios_base::_Ios_base_dtor __Strxfrm 71778->71785 71779 27aac1 71799 2687c0 28 API calls std::_Throw_Cpp_error 71779->71799 71782 27ab07 71800 3e9c09 27 API calls 2 library calls 71782->71800 71785->71777 71785->71778 71785->71779 71785->71782 71786 3e031a std::_Facet_Register 3 API calls 71785->71786 71792 2687d0 71785->71792 71798 269110 28 API calls std::_Throw_Cpp_error 71785->71798 71786->71785 71789 26ca50 71788->71789 71790 3e0385 CatchGuardHandler 5 API calls 71789->71790 71791 26cc59 71790->71791 71791->71785 71793 268832 71792->71793 71795 268867 71793->71795 71801 268b40 5 API calls CatchGuardHandler 71793->71801 71796 3e0385 CatchGuardHandler 5 API calls 71795->71796 71797 268a15 71796->71797 71797->71785 71798->71785 71801->71793 71802 27a2a0 71804 27a2e3 71802->71804 71805 27a510 71804->71805 71809 27a5a0 71804->71809 71815 3e0e6d 71804->71815 71807 3e0385 CatchGuardHandler 5 API calls 71805->71807 71808 27a589 71807->71808 71810 27a5d0 71809->71810 71811 3e0e6d 41 API calls 71810->71811 71812 27a5f0 71810->71812 71811->71810 71813 3e0e6d 41 API calls 71812->71813 71814 27a790 71812->71814 71813->71812 71814->71804 71821 3ec94f 71815->71821 71817 3e0e7a 71818 3e0e7f 71817->71818 71835 3e1002 28 API calls 2 library calls 71817->71835 71818->71804 71822 3ec95b 71821->71822 71823 3ec970 71821->71823 71844 3e9507 14 API calls __Strcoll 71822->71844 71836 3f3177 71823->71836 71826 3ec960 71845 3e9bf9 27 API calls ___std_exception_copy 71826->71845 71827 3ec97b 71829 3ec993 71827->71829 71846 3e9507 14 API calls __Strcoll 71827->71846 71829->71817 71830 3ec96b 71830->71817 71832 3ec984 71847 3e9507 14 API calls __Strcoll 71832->71847 71834 3ec98f 71834->71817 71848 3f3340 71836->71848 71839 3f319c SystemFunction036 71839->71827 71840 3f31b1 71855 3ea5f3 39 API calls std::locale::_Setgloballocale 71840->71855 71844->71826 71845->71830 71846->71832 71847->71834 71849 3f336e 71848->71849 71853 3f3193 71848->71853 71849->71853 71856 3f3279 71849->71856 71852 3f3388 GetProcAddress 71852->71853 71854 3f3398 std::_Locinfo::_Locinfo_dtor 71852->71854 71853->71839 71853->71840 71854->71853 71861 3f328a ___vcrt_FlsFree 71856->71861 71857 3f3335 71857->71852 71857->71853 71858 3f32a8 LoadLibraryExW 71859 3f32c3 GetLastError 71858->71859 71858->71861 71859->71861 71860 3f331e FreeLibrary 71860->71861 71861->71857 71861->71858 71861->71860 71862 3f32f6 LoadLibraryExW 71861->71862 71862->71861 71863 3f3cd6 GetStartupInfoW 71864 3f3d87 71863->71864 71865 3f3cf3 71863->71865 71865->71864 71869 3fa3cf 71865->71869 71867 3f3d1b 71867->71864 71868 3f3d4b GetFileType 71867->71868 71868->71867 71870 3fa3db __wsopen_s 71869->71870 71871 3fa405 71870->71871 71872 3fa3e4 71870->71872 71882 3e9e78 EnterCriticalSection 71871->71882 71890 3e9507 14 API calls __Strcoll 71872->71890 71875 3fa3e9 71891 3e9bf9 27 API calls ___std_exception_copy 71875->71891 71877 3fa3f3 71877->71867 71878 3fa43d 71892 3fa464 LeaveCriticalSection std::_Lockit::~_Lockit 71878->71892 71881 3fa411 71881->71878 71883 3fa31f 71881->71883 71882->71881 71893 3f360d 71883->71893 71885 3fa33e 71901 3f2567 71885->71901 71886 3fa331 71886->71885 71900 3f2fbe 6 API calls std::_Locinfo::_Locinfo_dtor 71886->71900 71889 3fa393 71889->71881 71890->71875 71891->71877 71892->71877 71899 3f361a __Getctype 71893->71899 71894 3f365a 71908 3e9507 14 API calls __Strcoll 71894->71908 71895 3f3645 RtlAllocateHeap 71897 3f3658 71895->71897 71895->71899 71897->71886 71899->71894 71899->71895 71907 3e7628 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 71899->71907 71900->71886 71902 3f259b __dosmaperr 71901->71902 71903 3f2572 HeapFree 71901->71903 71902->71889 71903->71902 71904 3f2587 71903->71904 71909 3e9507 14 API calls __Strcoll 71904->71909 71906 3f258d GetLastError 71906->71902 71907->71899 71908->71897 71909->71906 71910 3e8de8 71911 3e8e42 71910->71911 71912 3e8e7a 71911->71912 71913 3e8e64 71911->71913 71921 3e8e52 71911->71921 71937 3f3e6c 71912->71937 71943 3e9507 14 API calls __Strcoll 71913->71943 71917 3e8e69 71944 3e9bf9 27 API calls ___std_exception_copy 71917->71944 71919 3e8e93 71946 3e8f78 39 API calls 71919->71946 71923 3e8ec8 71947 3e8df3 14 API calls 2 library calls 71923->71947 71925 3e8ed5 71926 3e8ede 71925->71926 71927 3e8eea 71925->71927 71948 3e9507 14 API calls __Strcoll 71926->71948 71949 3e8f78 39 API calls 71927->71949 71930 3e8f02 71936 3e8ee3 71930->71936 71950 3f7ec2 53 API calls 5 library calls 71930->71950 71932 3e8f2d 71935 3f2567 _free 14 API calls 71932->71935 71933 3f2567 _free 14 API calls 71934 3e8f70 71933->71934 71934->71921 71935->71936 71936->71933 71938 3f3e75 71937->71938 71942 3e8e80 71937->71942 71951 3f2825 71938->71951 71945 3f856e 44 API calls 2 library calls 71942->71945 71943->71917 71944->71921 71945->71919 71946->71923 71947->71925 71948->71936 71949->71930 71950->71932 71952 3f2836 71951->71952 71953 3f2830 71951->71953 71975 3f283c 71952->71975 71995 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 71952->71995 71994 3f2ec2 6 API calls std::_Locinfo::_Locinfo_dtor 71953->71994 71956 3f2850 71957 3f360d __Getctype 14 API calls 71956->71957 71956->71975 71959 3f2860 71957->71959 71961 3f287d 71959->71961 71962 3f2868 71959->71962 71997 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 71961->71997 71996 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 71962->71996 71963 3f28b5 71976 3f421d 71963->71976 71966 3f2874 71971 3f2567 _free 14 API calls 71966->71971 71967 3f2889 71968 3f288d 71967->71968 71969 3f289c 71967->71969 71998 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 71968->71998 71999 3f29e0 14 API calls __Getctype 71969->71999 71971->71975 71973 3f28a7 71974 3f2567 _free 14 API calls 71973->71974 71974->71975 71975->71963 72000 3ea5f3 39 API calls std::locale::_Setgloballocale 71975->72000 71977 3f4230 71976->71977 72001 3f40a7 71977->72001 71980 3f4249 71980->71942 71984 3f2567 _free 14 API calls 71986 3f429a 71984->71986 71986->71942 71987 3f4287 72026 3e9507 14 API calls __Strcoll 71987->72026 71989 3f428c 71989->71984 71990 3f42a2 71991 3f2567 _free 14 API calls 71990->71991 71993 3f42ce 71990->71993 71991->71993 71993->71989 72027 3f4572 27 API calls 2 library calls 71993->72027 71994->71952 71995->71956 71996->71966 71997->71967 71998->71966 71999->71973 72028 3e543a 72001->72028 72004 3f40da 72006 3f40df GetACP 72004->72006 72007 3f40f1 72004->72007 72005 3f40c8 GetOEMCP 72005->72007 72006->72007 72007->71980 72008 3f25a1 72007->72008 72009 3f25df 72008->72009 72013 3f25af __Getctype 72008->72013 72073 3e9507 14 API calls __Strcoll 72009->72073 72011 3f25ca RtlAllocateHeap 72012 3f25dd 72011->72012 72011->72013 72012->71989 72015 3f3eb4 72012->72015 72013->72009 72013->72011 72072 3e7628 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 72013->72072 72016 3f40a7 41 API calls 72015->72016 72017 3f3ed4 72016->72017 72019 3f3f0e IsValidCodePage 72017->72019 72024 3f3f4a __fread_nolock 72017->72024 72018 3e0385 CatchGuardHandler 5 API calls 72020 3f40a5 72018->72020 72021 3f3f20 72019->72021 72019->72024 72020->71987 72020->71990 72022 3f3f4f GetCPInfo 72021->72022 72025 3f3f29 __fread_nolock 72021->72025 72022->72024 72022->72025 72024->72018 72074 3f43f2 72025->72074 72026->71989 72027->71989 72029 3e5451 72028->72029 72030 3e545a 72028->72030 72029->72004 72029->72005 72030->72029 72036 3f2768 GetLastError 72030->72036 72034 3e5490 72064 3f2cdf 39 API calls __fassign 72034->72064 72037 3f277f 72036->72037 72040 3f2785 72036->72040 72065 3f2ec2 6 API calls std::_Locinfo::_Locinfo_dtor 72037->72065 72060 3f278b SetLastError 72040->72060 72066 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 72040->72066 72041 3f27a3 72042 3f360d __Getctype 14 API calls 72041->72042 72041->72060 72044 3f27b3 72042->72044 72045 3f27bb 72044->72045 72046 3f27d2 72044->72046 72067 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 72045->72067 72068 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 72046->72068 72047 3f281f 72071 3ea5f3 39 API calls std::locale::_Setgloballocale 72047->72071 72048 3e547a 72063 3f2cb2 39 API calls __Getctype 72048->72063 72053 3f27de 72055 3f27f3 72053->72055 72056 3f27e2 72053->72056 72054 3f27c9 72057 3f2567 _free 14 API calls 72054->72057 72070 3f29e0 14 API calls __Getctype 72055->72070 72069 3f2f01 6 API calls std::_Locinfo::_Locinfo_dtor 72056->72069 72057->72060 72060->72047 72060->72048 72061 3f27fe 72062 3f2567 _free 14 API calls 72061->72062 72062->72060 72063->72034 72064->72029 72065->72040 72066->72041 72067->72054 72068->72053 72069->72054 72070->72061 72072->72013 72073->72012 72075 3f441a GetCPInfo 72074->72075 72076 3f44e3 72074->72076 72075->72076 72082 3f4432 72075->72082 72077 3e0385 CatchGuardHandler 5 API calls 72076->72077 72079 3f4570 72077->72079 72079->72024 72085 3f38f9 72082->72085 72084 3f39fc 43 API calls 72084->72076 72086 3e543a __fassign 39 API calls 72085->72086 72087 3f3919 72086->72087 72105 3f25ef 72087->72105 72089 3f39d7 72091 3e0385 CatchGuardHandler 5 API calls 72089->72091 72090 3f3946 72090->72089 72092 3f25a1 __fread_nolock 15 API calls 72090->72092 72096 3f396c __fread_nolock __Strcoll 72090->72096 72093 3f39fa 72091->72093 72092->72096 72100 3f39fc 72093->72100 72094 3f39d1 72108 3e2241 14 API calls std::locale::_Locimp::~_Locimp 72094->72108 72096->72094 72097 3f25ef __fassign MultiByteToWideChar 72096->72097 72098 3f39ba 72097->72098 72098->72094 72099 3f39c1 GetStringTypeW 72098->72099 72099->72094 72101 3e543a __fassign 39 API calls 72100->72101 72102 3f3a0f 72101->72102 72109 3f3a45 72102->72109 72106 3f2600 MultiByteToWideChar 72105->72106 72106->72090 72108->72089 72110 3f3a60 __Strcoll 72109->72110 72111 3f25ef __fassign MultiByteToWideChar 72110->72111 72114 3f3aa4 72111->72114 72112 3f3c09 72113 3e0385 CatchGuardHandler 5 API calls 72112->72113 72115 3f3a30 72113->72115 72114->72112 72116 3f25a1 __fread_nolock 15 API calls 72114->72116 72120 3f3ac9 __Strcoll 72114->72120 72115->72084 72116->72120 72117 3f25ef __fassign MultiByteToWideChar 72118 3f3b0f 72117->72118 72131 3f3b6e 72118->72131 72137 3f3041 72118->72137 72120->72117 72120->72131 72123 3f3b7d 72125 3f25a1 __fread_nolock 15 API calls 72123->72125 72129 3f3b8f __Strcoll 72123->72129 72124 3f3b45 72127 3f3041 std::_Locinfo::_Locinfo_dtor 6 API calls 72124->72127 72124->72131 72125->72129 72126 3f3bfa 72144 3e2241 14 API calls std::locale::_Locimp::~_Locimp 72126->72144 72127->72131 72129->72126 72130 3f3041 std::_Locinfo::_Locinfo_dtor 6 API calls 72129->72130 72132 3f3bd7 72130->72132 72145 3e2241 14 API calls std::locale::_Locimp::~_Locimp 72131->72145 72132->72126 72143 3f266b WideCharToMultiByte 72132->72143 72134 3f3bf1 72134->72126 72135 3f3c26 72134->72135 72146 3e2241 14 API calls std::locale::_Locimp::~_Locimp 72135->72146 72147 3f3493 72137->72147 72141 3f3092 LCMapStringW 72142 3f3052 72141->72142 72142->72123 72142->72124 72142->72131 72143->72134 72144->72131 72145->72112 72146->72131 72148 3f3340 std::_Locinfo::_Locinfo_dtor 5 API calls 72147->72148 72149 3f304c 72148->72149 72149->72142 72150 3f30dd 5 API calls std::_Locinfo::_Locinfo_dtor 72149->72150 72150->72141 72151 27b210 72152 27b230 72151->72152 72153 27b248 72152->72153 72155 27b260 72152->72155 72161 269650 RaiseException Concurrency::cancel_current_task std::_Facet_Register 72153->72161 72156 3e031a std::_Facet_Register 3 API calls 72155->72156 72157 27b2a0 72155->72157 72160 269110 28 API calls std::_Throw_Cpp_error 72155->72160 72156->72155 72160->72155 72162 3e7146 72163 3e7167 72162->72163 72164 3e7153 72162->72164 72177 3e71d7 72163->72177 72186 3e9507 14 API calls __Strcoll 72164->72186 72167 3e7158 72187 3e9bf9 27 API calls ___std_exception_copy 72167->72187 72170 3e717c CreateThread 72171 3e719b GetLastError 72170->72171 72172 3e71a7 72170->72172 72197 3e725e 72170->72197 72188 3e952d 14 API calls 2 library calls 72171->72188 72189 3e7227 72172->72189 72173 3e7163 72178 3f360d __Getctype 14 API calls 72177->72178 72179 3e71e8 72178->72179 72180 3f2567 _free 14 API calls 72179->72180 72181 3e71f5 72180->72181 72182 3e71fc GetModuleHandleExW 72181->72182 72183 3e7219 72181->72183 72182->72183 72184 3e7227 16 API calls 72183->72184 72185 3e7173 72184->72185 72185->72170 72185->72172 72186->72167 72187->72173 72188->72172 72190 3e7233 72189->72190 72196 3e71b2 72189->72196 72191 3e7239 CloseHandle 72190->72191 72192 3e7242 72190->72192 72191->72192 72193 3e7248 FreeLibrary 72192->72193 72194 3e7251 72192->72194 72193->72194 72195 3f2567 _free 14 API calls 72194->72195 72195->72196 72198 3e726a __wsopen_s 72197->72198 72199 3e727e 72198->72199 72200 3e7271 GetLastError ExitThread 72198->72200 72201 3f2768 __Getctype 39 API calls 72199->72201 72202 3e7283 72201->72202 72213 3f5a36 72202->72213 72204 3e729a 72218 3bd6d0 72204->72218 72207 3e72b6 72225 3e71c9 17 API calls 72207->72225 72214 3f5a48 GetPEB 72213->72214 72215 3e728e 72213->72215 72214->72215 72216 3f5a5b 72214->72216 72215->72204 72224 3f310e 5 API calls std::_Locinfo::_Locinfo_dtor 72215->72224 72226 3f31f7 72216->72226 72219 3bd760 72218->72219 72220 3bdbf0 41 API calls 72219->72220 72221 3bd808 72219->72221 72220->72219 72229 3e12b5 GetCurrentThreadId ReleaseSRWLockExclusive EnterCriticalSection LeaveCriticalSection WakeAllConditionVariable 72221->72229 72223 3bd8af 72223->72207 72224->72204 72227 3f3340 std::_Locinfo::_Locinfo_dtor 5 API calls 72226->72227 72228 3f3213 72227->72228 72228->72215 72229->72223 72230 2a1930 72231 2a196f 72230->72231 72232 2a1b37 WSAStartup 72231->72232 72233 2a1c35 72231->72233 72234 2a19b3 WSAStartup 72231->72234 72232->72231 72235 3e0385 CatchGuardHandler 5 API calls 72233->72235 72234->72231 72236 2a1c42 72235->72236 72237 3e1844 CloseHandle 72238 3f2e44 72239 3f3340 std::_Locinfo::_Locinfo_dtor 5 API calls 72238->72239 72240 3f2e60 72239->72240 72241 3f2e78 TlsAlloc 72240->72241 72242 3f2e69 72240->72242 72241->72242 72243 2b9a90 72250 3bc3a0 72243->72250 72248 3e0385 CatchGuardHandler 5 API calls 72249 2b9ac9 72248->72249 72252 3bc3e2 72250->72252 72251 3bcce7 72253 3e0385 CatchGuardHandler 5 API calls 72251->72253 72252->72251 72254 3bcd20 QueryPerformanceCounter QueryPerformanceFrequency 72252->72254 72255 2b9ab2 72253->72255 72254->72252 72256 3bbb70 72255->72256 72264 3bbb8e 72256->72264 72257 3bc1e7 Sleep 72257->72264 72258 3bc061 Sleep 72258->72264 72260 3bcd20 QueryPerformanceCounter QueryPerformanceFrequency 72260->72264 72261 3bc384 72263 3e0385 CatchGuardHandler 5 API calls 72261->72263 72265 2b9abb 72263->72265 72264->72257 72264->72258 72264->72260 72264->72261 72266 3bd0f0 72264->72266 72265->72248 72267 3bd115 72266->72267 72268 3e0385 CatchGuardHandler 5 API calls 72267->72268 72269 3bc23e Sleep 72268->72269 72269->72264 72270 2c9430 72272 2c9482 72270->72272 72271 3e0cc7 44 API calls 72271->72272 72272->72271 72273 2c9562 72272->72273 72275 2c9546 72272->72275 72277 2c9600 81 API calls 72273->72277 72275->72275 72276 2c9571 72276->72276 72277->72276 72278 3f3242 72299 3f33c3 5 API calls std::_Locinfo::_Locinfo_dtor 72278->72299 72280 3f3247 72300 3f33dd 5 API calls std::_Locinfo::_Locinfo_dtor 72280->72300 72282 3f324c 72301 3f33f7 5 API calls std::_Locinfo::_Locinfo_dtor 72282->72301 72284 3f3251 72302 3f3411 72284->72302 72288 3f325b 72306 3f3445 5 API calls std::_Locinfo::_Locinfo_dtor 72288->72306 72290 3f3260 72307 3f345f 5 API calls std::_Locinfo::_Locinfo_dtor 72290->72307 72292 3f3265 72308 3f3479 5 API calls std::_Locinfo::_Locinfo_dtor 72292->72308 72294 3f326a 72295 3f3493 std::_Locinfo::_Locinfo_dtor 5 API calls 72294->72295 72296 3f326f 72295->72296 72309 3f34ad 72296->72309 72298 3f3274 72298->72298 72299->72280 72300->72282 72301->72284 72303 3f3340 std::_Locinfo::_Locinfo_dtor 5 API calls 72302->72303 72304 3f3256 72303->72304 72305 3f342b 5 API calls std::_Locinfo::_Locinfo_dtor 72304->72305 72305->72288 72306->72290 72307->72292 72308->72294 72310 3f3340 std::_Locinfo::_Locinfo_dtor 5 API calls 72309->72310 72311 3f34c3 72310->72311 72311->72298 72312 3e0740 72313 3e0749 72312->72313 72320 3e1c63 IsProcessorFeaturePresent 72313->72320 72315 3e0755 72321 3e32f7 72315->72321 72317 3e075a 72319 3e075e 72317->72319 72329 3e3316 7 API calls 2 library calls 72317->72329 72320->72315 72330 3f1c16 72321->72330 72324 3e3300 72324->72317 72326 3e3308 72327 3e3313 72326->72327 72344 3f1c52 DeleteCriticalSection 72326->72344 72327->72317 72329->72319 72331 3f1c1f 72330->72331 72333 3f1c48 72331->72333 72335 3e32fc 72331->72335 72345 3fcf38 72331->72345 72350 3f1c52 DeleteCriticalSection 72333->72350 72335->72324 72336 3f0cc1 72335->72336 72364 3fce49 72336->72364 72339 3f0cd6 72339->72326 72341 3f0ce4 72342 3f0cf1 72341->72342 72370 3f0cf4 6 API calls ___vcrt_FlsFree 72341->72370 72342->72326 72344->72324 72351 3fcfca 72345->72351 72348 3fcf70 InitializeCriticalSectionAndSpinCount 72349 3fcf5b 72348->72349 72349->72331 72350->72335 72352 3fcf52 72351->72352 72355 3fcfeb 72351->72355 72352->72348 72352->72349 72353 3fd053 GetProcAddress 72353->72352 72356 3fd061 72353->72356 72355->72352 72355->72353 72357 3fd044 72355->72357 72359 3fcf7f LoadLibraryExW 72355->72359 72356->72352 72357->72353 72358 3fd04c FreeLibrary 72357->72358 72358->72353 72360 3fcfc6 72359->72360 72361 3fcf96 GetLastError 72359->72361 72360->72355 72361->72360 72362 3fcfa1 ___vcrt_FlsFree 72361->72362 72362->72360 72363 3fcfb7 LoadLibraryExW 72362->72363 72363->72355 72365 3fcfca ___vcrt_FlsFree 5 API calls 72364->72365 72366 3fce63 72365->72366 72367 3fce7c TlsAlloc 72366->72367 72368 3f0ccb 72366->72368 72368->72339 72369 3fcefa 6 API calls ___vcrt_FlsFree 72368->72369 72369->72341 72370->72339

                                                                                                              Executed Functions

                                                                                                              Function 00316E10 Relevance: 18.0, APIs: 6, Strings: 4, Instructions: 492COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 316e10-316ec5 call 308230 3 316ed0-316ed6 0->3 4 316ef0-316ef6 3->4 5 316ed8-316ede 3->5 8 316f38-316f3d 4->8 9 316ef8-316efe 4->9 6 316ee0-316ee6 5->6 7 316f34-316f36 5->7 6->3 10 316ee8-316f56 6->10 7->3 8->3 9->3 11 316f00-316f32 9->11 13 317227-317231 call 3042f0 10->13 14 316f5c-316f67 call 30f120 10->14 11->3 16 317234-317236 13->16 20 317272-317294 14->20 21 316f6d-316f9c 14->21 18 3178b2-3178d7 call 308520 16->18 19 31723c-31725e 16->19 19->20 22 317260-317262 19->22 24 3172a0-3172a2 20->24 31 316fb2-316fc9 21->31 32 316f9e-316fa0 21->32 22->20 25 317264 22->25 24->24 27 3172a4-3172a7 24->27 29 317270 25->29 30 3172b6-3172e6 27->30 29->29 34 3172f0-3172f6 30->34 35 316fd0-316fd5 31->35 32->31 33 316fa2 32->33 36 316fb0 33->36 37 317360-317366 34->37 38 3172f8-3172fe 34->38 39 317040-317045 35->39 40 316fd7-316fdc 35->40 36->36 41 3173c0-3173ee 37->41 42 317368-31736e 37->42 45 317300-317306 38->45 46 31737f-3173ac 38->46 43 317047-31704c 39->43 44 31708c-31709f 39->44 47 317070-317075 40->47 48 316fe2-316fe7 40->48 52 3173f4-3173f6 41->52 53 3174f9-317582 call 308520 call 317c40 41->53 42->34 51 317370-31737a GetCurrentThreadId 42->51 54 3170a4-3170a9 43->54 55 31704e-317053 43->55 44->35 45->34 58 317308-317352 GetCurrentThreadId 45->58 46->34 56 317077-31707c 47->56 57 3170ae-3170e2 47->57 49 3170e7-3170f2 48->49 50 316fed-316ff2 48->50 63 3170f7-317165 49->63 50->35 59 316ff4-31702f 50->59 51->34 52->53 60 3173fc-31742b 52->60 53->18 54->35 55->35 61 317059-31706b shutdown 55->61 56->35 62 317082-317087 56->62 57->35 58->34 59->35 66 317430-317436 60->66 61->35 62->35 67 317170-317176 63->67 69 3174a0-3174a6 66->69 70 317438-31743e 66->70 71 3171a0-3171a6 67->71 72 317178-31717e 67->72 80 3172b0 69->80 81 3174ac-3174b2 69->81 78 317444-31744a 70->78 79 3174c7-3174f4 70->79 76 3171a8-3171ae 71->76 77 31721d 71->77 73 3171c0-3171c6 72->73 74 317180-317186 72->74 86 3171f0-3171f5 73->86 87 3171c8-3171ce 73->87 82 3171e5-3171ea 74->82 83 317188-31718e 74->83 84 3171b0-3171b6 76->84 85 3171ec-3171ee 76->85 77->13 78->66 88 31744c-317497 GetCurrentThreadId 78->88 79->66 80->30 81->66 89 3174b8-3174c2 GetCurrentThreadId 81->89 82->67 83->67 90 317190-317218 closesocket 83->90 84->67 91 3171b8-3171ba 84->91 85->67 86->67 87->67 92 3171d0-3171e3 87->92 88->66 89->66 90->63 91->67 92->67
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: F@..$G@..$G@..$G@..
                                                                                                              • API String ID: 0-3035917235
                                                                                                              • Opcode ID: 8f27194a20786abc2899f725d62eb99c6f354192c9b4fc7be62238b42ca2a080
                                                                                                              • Instruction ID: 46224db5dd6f8112ac5cd6cead16a8e1525cbab458371cfb12f15178a684dcd9
                                                                                                              • Opcode Fuzzy Hash: 8f27194a20786abc2899f725d62eb99c6f354192c9b4fc7be62238b42ca2a080
                                                                                                              • Instruction Fuzzy Hash: F002FB3A2057008FCB2D8F39D4916A677E3AF99350B29862DD4678BBE5D730EC46CB40
                                                                                                              Function 003BBB70 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 520COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 119 3bbb70-3bbb8c 120 3bbbd6-3bbbdb 119->120 121 3bbbdd-3bbbe2 120->121 122 3bbc50-3bbc55 120->122 123 3bbbe8-3bbbed 121->123 124 3bbcb0-3bbcb5 121->124 125 3bbc5b-3bbc60 122->125 126 3bbe20-3bbe25 122->126 127 3bbeb3-3bbeb8 123->127 128 3bbbf3-3bbbf8 123->128 133 3bbcbb-3bbcc0 124->133 134 3bbf42-3bbf47 124->134 129 3bbede-3bbee3 125->129 130 3bbc66-3bbc6b 125->130 131 3bbe2b-3bbe30 126->131 132 3bbf75-3bbf7a 126->132 135 3bbebe-3bbec3 127->135 136 3bc1e7-3bc220 Sleep 127->136 137 3bbfdb-3bbfe0 128->137 138 3bbbfe-3bbc03 128->138 139 3bbee9-3bbeee 129->139 140 3bc22f-3bc24f call 3bd0f0 Sleep 129->140 141 3bbc71-3bbc76 130->141 142 3bc016-3bc01b 130->142 145 3bc056-3bc05b 131->145 146 3bbe36-3bbe3b 131->146 147 3bc2c2-3bc2ec 132->147 148 3bbf80-3bbf85 132->148 149 3bc036-3bc03b 133->149 150 3bbcc6-3bbccb 133->150 143 3bc25e-3bc2a4 134->143 144 3bbf4d-3bbf52 134->144 161 3bbec9-3bbece 135->161 162 3bc225-3bc22a 135->162 169 3bbbcb-3bbbd3 136->169 151 3bc30d-3bc312 137->151 152 3bbfe6-3bbfeb 137->152 163 3bbc09-3bbc0e 138->163 164 3bc075-3bc082 138->164 165 3bc254-3bc259 139->165 166 3bbef4-3bbef9 139->166 140->120 167 3bbc7c-3bbc81 141->167 168 3bc087-3bc0a1 141->168 153 3bc021-3bc026 142->153 154 3bc317-3bc329 142->154 143->120 170 3bc2a9-3bc2bd 144->170 171 3bbf58-3bbf5d 144->171 157 3bc379-3bc37e 145->157 158 3bc061-3bc070 Sleep 145->158 159 3bbe41-3bbe46 146->159 160 3bc1d0-3bc1e2 146->160 174 3bc2f6-3bc308 call 3bcd20 147->174 173 3bbf8b-3bbf90 148->173 148->174 155 3bc32e-3bc374 149->155 156 3bc041-3bc046 149->156 175 3bc0ba-3bc14f 150->175 176 3bbcd1-3bbcd6 150->176 151->120 152->120 185 3bbff1-3bc011 152->185 153->120 186 3bc02c-3bc031 153->186 154->120 155->120 156->120 187 3bc04c-3bc051 156->187 157->120 179 3bc384-3bc396 call 3e0385 157->179 158->120 159->120 180 3bbe4c-3bbeae call 3bcd20 159->180 160->120 161->120 181 3bbed4-3bbed9 161->181 162->120 163->120 190 3bbc10-3bbc3e 163->190 164->120 165->120 166->120 182 3bbeff-3bbf28 166->182 167->120 191 3bbc87-3bbca6 167->191 188 3bc0a6-3bc0b5 168->188 169->120 170->120 171->120 183 3bbf63-3bbf70 171->183 173->120 184 3bbf96-3bbfd6 173->184 174->120 189 3bc150-3bc156 175->189 176->120 177 3bbcdc-3bbd94 176->177 193 3bbda0-3bbda6 177->193 180->120 181->120 200 3bbf2d-3bbf3d 182->200 183->120 184->120 194 3bbbbc-3bbbc6 185->194 186->120 187->120 188->169 198 3bc158-3bc15e 189->198 199 3bc180-3bc186 189->199 190->200 191->188 201 3bbda8-3bbdae 193->201 202 3bbdd0-3bbdd6 193->202 194->169 205 3bbb8e-3bbbb7 198->205 206 3bc164-3bc16a 198->206 207 3bc1b9-3bc1bb 199->207 208 3bc188-3bc18e 199->208 200->120 209 3bc1bd-3bc1cb 201->209 210 3bbdb4-3bbdba 201->210 211 3bbdd8-3bbdde 202->211 212 3bbe0e-3bbe12 202->212 205->194 206->189 213 3bc16c-3bc171 206->213 207->189 208->189 214 3bc190-3bc1b7 208->214 209->120 210->193 215 3bbdbc-3bbdc1 210->215 211->193 216 3bbde0-3bbe0c 211->216 212->193 213->189 214->189 215->193 216->193
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: h=$h=
                                                                                                              • API String ID: 0-4261169333
                                                                                                              • Opcode ID: 8874035aba7650064fed5f68e49648f43587faae58c624b007b6f3b6e9482f1b
                                                                                                              • Instruction ID: e2f809892b5fd138cdf6d571a64ba458655d38c45a9f5e49bf6acfdc77369e1d
                                                                                                              • Opcode Fuzzy Hash: 8874035aba7650064fed5f68e49648f43587faae58c624b007b6f3b6e9482f1b
                                                                                                              • Instruction Fuzzy Hash: E6027D767042448BCB19CA3898C05AEB2D36FC5368F25C72EE666C7BE4DB74CC458B42
                                                                                                              Function 002A1930 Relevance: 3.2, APIs: 2, Instructions: 217networkCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 566 2a1930-2a196d 567 2a1980-2a1985 566->567 568 2a198b-2a1990 567->568 569 2a1a30-2a1a35 567->569 572 2a1a70-2a1a75 568->572 573 2a1996-2a199b 568->573 570 2a1a3b-2a1a40 569->570 571 2a1ad6-2a1adb 569->571 574 2a1b56-2a1b67 570->574 575 2a1a46-2a1a4b 570->575 578 2a1bdf-2a1c25 571->578 579 2a1ae1-2a1ae6 571->579 576 2a1a7b-2a1a80 572->576 577 2a1bb5-2a1bda 572->577 580 2a1b2d-2a1b32 573->580 581 2a19a1-2a19a6 573->581 574->567 582 2a1b6c-2a1bb0 575->582 583 2a1a51-2a1a56 575->583 584 2a196f-2a197a 576->584 585 2a1a86-2a1a8b 576->585 577->567 578->567 586 2a1c2a-2a1c2f 579->586 587 2a1aec-2a1b28 579->587 580->567 588 2a19ac-2a19b1 581->588 589 2a1b37-2a1b51 WSAStartup 581->589 582->567 583->567 591 2a1a5c-2a1a64 583->591 584->567 585->567 592 2a1a91-2a1ad1 585->592 586->567 590 2a1c35-2a1c4b call 3e0385 586->590 587->567 588->567 593 2a19b3-2a1a23 WSAStartup 588->593 589->567 591->567 592->567 593->567
                                                                                                              APIs
                                                                                                              • WSAStartup.WS2_32(00000002,?), ref: 002A19DD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Startup
                                                                                                              • String ID:
                                                                                                              • API String ID: 724789610-0
                                                                                                              • Opcode ID: c6b1eb6fa56b3a956d8df28f1b533b915add4c114356d5ed90b1ea6516c56eae
                                                                                                              • Instruction ID: d997882a7992f3496ef29f9f4d32350d6032c7d76997c5523a6ad953e0eb0510
                                                                                                              • Opcode Fuzzy Hash: c6b1eb6fa56b3a956d8df28f1b533b915add4c114356d5ed90b1ea6516c56eae
                                                                                                              • Instruction Fuzzy Hash: 35711E35B252578FCF088E789C906BEB7E1AB86360F284529D821D73E0DA21CC65C756
                                                                                                              Function 003F5A36 Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fae5ea4be5bb806663e708e206bf24781ef62cf30d75b981bfa95a76e005119c
                                                                                                              • Instruction ID: fc18a8266e7c9ab3c5ea15b712bf4963ce241b7a14b42f19bdb788b731da82fc
                                                                                                              • Opcode Fuzzy Hash: fae5ea4be5bb806663e708e206bf24781ef62cf30d75b981bfa95a76e005119c
                                                                                                              • Instruction Fuzzy Hash: 68F03032612628EBCF27DB48D445AA9B3A8EB49B61F114156F601DB151C7B0DE40C7C4
                                                                                                              Function 003F3279 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 95 3f3279-3f3285 96 3f332c-3f332f 95->96 97 3f328a-3f329b 96->97 98 3f3335 96->98 99 3f329d-3f32a0 97->99 100 3f32a8-3f32c1 LoadLibraryExW 97->100 101 3f3337-3f333b 98->101 102 3f3329 99->102 103 3f32a6 99->103 104 3f3313-3f331c 100->104 105 3f32c3-3f32cc GetLastError 100->105 102->96 107 3f3325-3f3327 103->107 106 3f331e-3f331f FreeLibrary 104->106 104->107 108 3f32ce-3f32e0 call 3f684e 105->108 109 3f3303 105->109 106->107 107->102 111 3f333c-3f333e 107->111 108->109 115 3f32e2-3f32f4 call 3f684e 108->115 110 3f3305-3f3307 109->110 110->104 113 3f3309-3f3311 110->113 111->101 113->102 115->109 118 3f32f6-3f3301 LoadLibraryExW 115->118 118->110
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                              • API String ID: 0-537541572
                                                                                                              • Opcode ID: 0c2f05d9de840e4bb7b2e11f5631b084a28287562f66f818a14d2773c9396510
                                                                                                              • Instruction ID: 0f7b99d240798d2dce276a7da464e5a967893c857a7b603d112bc3713c043c2a
                                                                                                              • Opcode Fuzzy Hash: 0c2f05d9de840e4bb7b2e11f5631b084a28287562f66f818a14d2773c9396510
                                                                                                              • Instruction Fuzzy Hash: 59210575E05228ABDB23DB65ED44B7A37589B00760F260922EA42B7290DA30EF0085E1
                                                                                                              Function 003E0CC7 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 217 3e0cc7-3e0ce9 call 3e216b call 3e086c 222 3e0d2d-3e0d31 217->222 223 3e0ceb-3e0cf4 call 3e0bd0 call 3e0d5a 217->223 224 3e0d44-3e0d53 call 3e089d call 3e220a 222->224 225 3e0d33-3e0d40 222->225 233 3e0cf9-3e0d27 call 3e0b51 223->233 225->224 233->222
                                                                                                              APIs
                                                                                                              • __EH_prolog3.LIBCMT ref: 003E0CCE
                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 003E0CD9
                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 003E0D47
                                                                                                                • Part of subcall function 003E0BD0: std::locale::_Locimp::_Locimp.LIBCPMT ref: 003E0BE8
                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 003E0CF4
                                                                                                              • _Yarn.LIBCPMT ref: 003E0D0A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                              • String ID:
                                                                                                              • API String ID: 1088826258-0
                                                                                                              • Opcode ID: c7a32c802d0e81f90a74ce21b4adc40b44e7ac4a39b265b51e27053cddc97d14
                                                                                                              • Instruction ID: c5e3727a38dc0e5f98762462df28c58228fc3c7d52a8fba65026232a790f5b67
                                                                                                              • Opcode Fuzzy Hash: c7a32c802d0e81f90a74ce21b4adc40b44e7ac4a39b265b51e27053cddc97d14
                                                                                                              • Instruction Fuzzy Hash: 5E01D471A002759BCB0FEB62C845A7D77A2FF84700B544219E9151B3D1CFB4AE82CBC9
                                                                                                              Function 003F421D Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 239 3f421d-3f4247 call 3f417d call 3f40a7 244 3f424d-3f4262 call 3f25a1 239->244 245 3f4249-3f424c 239->245 248 3f4264-3f427a call 3f3eb4 244->248 249 3f4292 244->249 253 3f427f-3f4285 248->253 250 3f4294-3f42a1 call 3f2567 249->250 255 3f4287-3f428c call 3e9507 253->255 256 3f42a2-3f42a6 253->256 255->249 257 3f42ad-3f42b8 256->257 258 3f42a8 call 3e7720 256->258 261 3f42cf-3f42ed 257->261 262 3f42ba-3f42c4 257->262 258->257 261->250 265 3f42ef-3f431c call 3f4572 261->265 262->261 264 3f42c6-3f42ce call 3f2567 262->264 264->261 265->250 270 3f4322-3f432c 265->270 270->250
                                                                                                              APIs
                                                                                                                • Part of subcall function 003F40A7: GetOEMCP.KERNEL32(00000000,003F4238,003FA5F1,00000000,00000000,00000000,00000000,?,003FA5F1), ref: 003F40D2
                                                                                                              • _free.LIBCMT ref: 003F4295
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _free
                                                                                                              • String ID: 8vA$8vA
                                                                                                              • API String ID: 269201875-3281946713
                                                                                                              • Opcode ID: fc5df713833380b83286d61744dd92a8ce9c51f76875636588d74759482c3e25
                                                                                                              • Instruction ID: 3cec3c22abff079eafd0d6d2a6850780da33d1620f1da3928ee37fd024a5ac71
                                                                                                              • Opcode Fuzzy Hash: fc5df713833380b83286d61744dd92a8ce9c51f76875636588d74759482c3e25
                                                                                                              • Instruction Fuzzy Hash: 21318F7190424DAFDB02DF58D880AEF77B5EF45324F11456AFA149B2A1EB32DD50CB60
                                                                                                              Function 003FCF7F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 271 3fcf7f-3fcf94 LoadLibraryExW 272 3fcfc8-3fcfc9 271->272 273 3fcf96-3fcf9f GetLastError 271->273 274 3fcfc6 273->274 275 3fcfa1-3fcfb5 call 3f684e 273->275 274->272 275->274 278 3fcfb7-3fcfc5 LoadLibraryExW 275->278
                                                                                                              APIs
                                                                                                              • LoadLibraryExW.KERNELBASE(C7FACEF2,00000000,00000800,?,003FD01B,C7FACEF2,78E6566C,00000000,?,?,?,003FCED9,00000002,FlsGetValue,00407334,0040733C), ref: 003FCF8C
                                                                                                              • GetLastError.KERNEL32(?,003FD01B,C7FACEF2,78E6566C,00000000,?,?,?,003FCED9,00000002,FlsGetValue,00407334,0040733C,C7FACEF2,?,003F0D3E), ref: 003FCF96
                                                                                                              • LoadLibraryExW.KERNEL32(C7FACEF2,00000000,00000000,BA5A51B8,C7FACEF2,78E6566C,?,?,?,?,?,?,?), ref: 003FCFBE
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                              • String ID: api-ms-
                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                              • Opcode ID: b47531d784ed95b4be977a465d99c07d2b476ae71a2a2b9a08d0528cadbcaab1
                                                                                                              • Instruction ID: 65205d5c90f3a093429ddaf0c1a9809db3fdaaebcd655859b8fe5dbeb0599943
                                                                                                              • Opcode Fuzzy Hash: b47531d784ed95b4be977a465d99c07d2b476ae71a2a2b9a08d0528cadbcaab1
                                                                                                              • Instruction Fuzzy Hash: 1FE0483179430CBBDB221F61ED06F283A55AB10B84F154830FB0DB80E0D772AD208A4D
                                                                                                              Function 002960DD Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 279 2960dd-2960e8 281 2960e9-2960f1 279->281 281->281 282 2960f2-29610a 281->282 283 29610c-29611f 282->283 284 296153-29615b 282->284 285 296166-296181 call 3e175d call 3e1746 284->285 290 296183 285->290 291 2961f6-2961ff 285->291 294 296184-29618c 290->294 292 29626c-29627d call 3e0480 291->292 293 296201-29623e call 3e0480 291->293 301 29627e-296286 292->301 300 29623f-296247 293->300 302 29618e-2961a2 294->302 300->300 303 296249-29624b 300->303 310 296288-2962c1 301->310 306 2961a8-2961bf 302->306 307 2962ec-2962f3 302->307 308 2961c1-2961f1 call 3e0480 306->308 309 296160-296161 Sleep 306->309 308->309 309->285 314 2962c2-2962ca 310->314 314->314 315 2962cc-2962ce 314->315
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9533d52de907eb82a1765052b2db427809aeeb3674034c2656d0ab9922dbdbee
                                                                                                              • Instruction ID: 81bff9cdcf7588b6c651dfe3e87846581918346896d3ffae361839b0060b519b
                                                                                                              • Opcode Fuzzy Hash: 9533d52de907eb82a1765052b2db427809aeeb3674034c2656d0ab9922dbdbee
                                                                                                              • Instruction Fuzzy Hash: 4651BD32B087504BCB1DDE389C1622A7AD6ABD5740F65C53DE44ADB392FA258C0E87D1
                                                                                                              Function 003F3A45 Relevance: 4.7, APIs: 3, Instructions: 199COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 389 3f3a45-3f3a5e 390 3f3a74-3f3a79 389->390 391 3f3a60-3f3a70 call 3e712a 389->391 392 3f3a7b-3f3a83 390->392 393 3f3a86-3f3aae call 3f25ef 390->393 391->390 398 3f3a72 391->398 392->393 399 3f3c0c-3f3c1d call 3e0385 393->399 400 3f3ab4-3f3ac0 393->400 398->390 401 3f3af7 400->401 402 3f3ac2-3f3ac7 400->402 404 3f3af9-3f3afb 401->404 405 3f3adc-3f3ae7 call 3f25a1 402->405 406 3f3ac9-3f3ad2 call 3e2840 402->406 408 3f3c01 404->408 409 3f3b01-3f3b14 call 3f25ef 404->409 419 3f3af2-3f3af5 405->419 420 3f3ae9 405->420 418 3f3ad4-3f3ada 406->418 406->419 413 3f3c03-3f3c0a call 3e2241 408->413 409->408 421 3f3b1a-3f3b2c call 3f3041 409->421 413->399 423 3f3aef 418->423 419->404 420->423 425 3f3b31-3f3b35 421->425 423->419 425->408 426 3f3b3b-3f3b43 425->426 427 3f3b7d-3f3b89 426->427 428 3f3b45-3f3b4a 426->428 429 3f3b8b-3f3b8d 427->429 430 3f3bba 427->430 428->413 431 3f3b50-3f3b52 428->431 432 3f3b8f-3f3b98 call 3e2840 429->432 433 3f3ba2-3f3bad call 3f25a1 429->433 434 3f3bbc-3f3bbe 430->434 431->408 435 3f3b58-3f3b72 call 3f3041 431->435 438 3f3bfa-3f3c00 call 3e2241 432->438 446 3f3b9a-3f3ba0 432->446 433->438 448 3f3baf 433->448 434->438 439 3f3bc0-3f3bd9 call 3f3041 434->439 435->413 450 3f3b78 435->450 438->408 439->438 452 3f3bdb-3f3be2 439->452 451 3f3bb5-3f3bb8 446->451 448->451 450->408 451->434 453 3f3c1e-3f3c24 452->453 454 3f3be4-3f3be5 452->454 455 3f3be6-3f3bf8 call 3f266b 453->455 454->455 455->438 458 3f3c26-3f3c2d call 3e2241 455->458 458->413
                                                                                                              APIs
                                                                                                              • __freea.LIBCMT ref: 003F3BFB
                                                                                                                • Part of subcall function 003F25A1: RtlAllocateHeap.NTDLL(00000000,4D88C033,4D88C033,?,003F425A,00000220,003FA5F1,4D88C033,?,?,?,?,00000000,00000000,?,003FA5F1), ref: 003F25D3
                                                                                                              • __freea.LIBCMT ref: 003F3C04
                                                                                                              • __freea.LIBCMT ref: 003F3C27
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __freea$AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 2243444508-0
                                                                                                              • Opcode ID: dfc203257434e6a69202b949aa0602823e1877f4389500be14632694012c36f0
                                                                                                              • Instruction ID: 13a15abf9b5157ed677dfa034aa0b7f89fbf56e5766c9915d1f9a5745902c2f3
                                                                                                              • Opcode Fuzzy Hash: dfc203257434e6a69202b949aa0602823e1877f4389500be14632694012c36f0
                                                                                                              • Instruction Fuzzy Hash: 5351027250021EAFEF269F65CC82EBB7BA9EF40750F164129FE04EB150EB75DE009660
                                                                                                              Function 0029624C Relevance: 4.6, APIs: 3, Instructions: 62sleepCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 461 29624c-296267 call 3e0480 464 296194-2961a2 461->464 465 2961a8-2961bf 464->465 466 2962ec-2962f3 464->466 467 2961c1-2961f1 call 3e0480 465->467 468 296160-296161 Sleep 465->468 467->468 470 296166-296181 call 3e175d call 3e1746 468->470 476 296183 470->476 477 2961f6-2961ff 470->477 480 296184-29618c 476->480 478 29626c-29627d call 3e0480 477->478 479 296201-29623e call 3e0480 477->479 487 29627e-296286 478->487 486 29623f-296247 479->486 488 29618e-296192 480->488 486->486 489 296249-29624b 486->489 491 296288-2962c1 487->491 488->464 493 2962c2-2962ca 491->493 493->493 494 2962cc-2962ce 493->494
                                                                                                              APIs
                                                                                                              • Sleep.KERNEL32(05265C00,00000000), ref: 00296161
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002961CA
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0029620A
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0029625D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Sleep
                                                                                                              • String ID:
                                                                                                              • API String ID: 1587848893-0
                                                                                                              • Opcode ID: 242617ef17f40792469b5c00d5fbb5db71d466a7395d3ce8f6f92feb5465bbaf
                                                                                                              • Instruction ID: 3725a6ac3b436a53968a6b643e21e4f52411e303190a0eb34543117a1a4fac3e
                                                                                                              • Opcode Fuzzy Hash: 242617ef17f40792469b5c00d5fbb5db71d466a7395d3ce8f6f92feb5465bbaf
                                                                                                              • Instruction Fuzzy Hash: 06112632B247541BCB1EAA3E8C4673A21D6ABD4B40F698A3CB50ADB3D6F9609C050794
                                                                                                              Function 003E7146 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 495 3e7146-3e7151 496 3e7167-3e717a call 3e71d7 495->496 497 3e7153-3e7166 call 3e9507 call 3e9bf9 495->497 503 3e717c-3e7199 CreateThread 496->503 504 3e71a8 496->504 505 3e719b-3e71a7 GetLastError call 3e952d 503->505 506 3e71b7-3e71bc 503->506 507 3e71aa-3e71b6 call 3e7227 504->507 505->504 511 3e71be-3e71c1 506->511 512 3e71c3-3e71c7 506->512 511->512 512->507
                                                                                                              APIs
                                                                                                              • CreateThread.KERNELBASE(?,?,Function_0018725E,00000000,00000000,?), ref: 003E718F
                                                                                                              • GetLastError.KERNEL32(?,002BB522,00000000,00000000,003BD6D0,00000000,00000000,00000000), ref: 003E719B
                                                                                                              • __dosmaperr.LIBCMT ref: 003E71A2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateErrorLastThread__dosmaperr
                                                                                                              • String ID:
                                                                                                              • API String ID: 2744730728-0
                                                                                                              • Opcode ID: 5bbb226e38d396ce0d47879704d18b04d7a17a5fa9b7132c4a77aab3fd0fbf79
                                                                                                              • Instruction ID: 0b402f20f9e443181eb159e646514de4ae6cb2acee3d2abd1f19f9ddcac0cd74
                                                                                                              • Opcode Fuzzy Hash: 5bbb226e38d396ce0d47879704d18b04d7a17a5fa9b7132c4a77aab3fd0fbf79
                                                                                                              • Instruction Fuzzy Hash: DA0192725043A9AFDF179FE2DC05A9E3BA5EF00364F000659F9019A1D0DB70CD50DB90
                                                                                                              Function 003F43F2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 515 3f43f2-3f4414 516 3f441a-3f442c GetCPInfo 515->516 517 3f4526-3f452d 515->517 516->517 519 3f4432-3f4439 516->519 518 3f452f-3f4538 517->518 520 3f453a-3f4542 518->520 521 3f4544-3f4547 518->521 522 3f443b-3f4445 519->522 523 3f4557-3f4561 520->523 524 3f4549-3f4553 521->524 525 3f4555 521->525 522->522 526 3f4447-3f445a 522->526 523->518 527 3f4563-3f4571 call 3e0385 523->527 524->523 525->523 528 3f447b-3f447d 526->528 529 3f447f-3f44b6 call 3f38f9 call 3f39fc 528->529 530 3f445c-3f4463 528->530 540 3f44bb-3f44e6 call 3f39fc 529->540 534 3f4472-3f4474 530->534 535 3f4476-3f4479 534->535 536 3f4465-3f4467 534->536 535->528 536->535 539 3f4469-3f4471 536->539 539->534 543 3f44e8-3f44f3 540->543 544 3f44f5-3f4501 543->544 545 3f4503-3f4506 543->545 546 3f4518-3f4522 544->546 547 3f4508-3f4514 545->547 548 3f4516 545->548 546->543 549 3f4524 546->549 547->546 548->546 549->527
                                                                                                              APIs
                                                                                                              • GetCPInfo.KERNEL32(E8458D00,?,003FA5FD,003FA5F1,00000000), ref: 003F4424
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Info
                                                                                                              • String ID:
                                                                                                              • API String ID: 1807457897-3916222277
                                                                                                              • Opcode ID: f23694019ea484982406e4faea828d99ab168ca2d9ac91892a23d6b0f296efc0
                                                                                                              • Instruction ID: db4bac8f280a7f952c039d9c248a34295e74b318f70351f9a290e7778dba7ac1
                                                                                                              • Opcode Fuzzy Hash: f23694019ea484982406e4faea828d99ab168ca2d9ac91892a23d6b0f296efc0
                                                                                                              • Instruction Fuzzy Hash: 2A415B7050424C9BDB239B19CD84BFB7BFDAB46308F2404ADE7CA87143D2749E459B60
                                                                                                              Function 003F3177 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 550 3f3177-3f319a call 3f3340 553 3f319c-3f31ae SystemFunction036 550->553 554 3f31b1-3f31b6 call 3ea5f3 550->554
                                                                                                              APIs
                                                                                                              • SystemFunction036.ADVAPI32(?,?,002745BF,?,00007A61,?), ref: 003F31AA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Function036System
                                                                                                              • String ID: SystemFunction036
                                                                                                              • API String ID: 2600738214-2669272182
                                                                                                              • Opcode ID: e2a857c0dfa85044d0ef87844101080172058d8009a892df83badff06a73378a
                                                                                                              • Instruction ID: ee515f089829a7c7384349f177be8800c24e2a8fd6b0c990138da985df9964b4
                                                                                                              • Opcode Fuzzy Hash: e2a857c0dfa85044d0ef87844101080172058d8009a892df83badff06a73378a
                                                                                                              • Instruction Fuzzy Hash: A8E0C23174022C33DA2137958C0AE9EBE06DF50BB0F520032BF19392D1CAB94D2082D6
                                                                                                              Function 003F2E44 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 558 3f2e44-3f2e5b call 3f3340 560 3f2e60-3f2e67 558->560 561 3f2e69-3f2e76 560->561 562 3f2e78 TlsAlloc 560->562 563 3f2e7e-3f2e80 561->563 562->563
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Alloc
                                                                                                              • String ID: FlsAlloc
                                                                                                              • API String ID: 2773662609-671089009
                                                                                                              • Opcode ID: cb4054e6d8857e2d4e4730d11520106abf2552cb24d3e0e348d0c3ea95e10b58
                                                                                                              • Instruction ID: 87277004c9fd0f824e87d21eeb38b84a943d7ddc27aa37b372ac33e90452b8e6
                                                                                                              • Opcode Fuzzy Hash: cb4054e6d8857e2d4e4730d11520106abf2552cb24d3e0e348d0c3ea95e10b58
                                                                                                              • Instruction Fuzzy Hash: FAE0CD3168421873D11223515E05F6F7D08C760B60F160032FE5535181DAB5492181D9
                                                                                                              Function 003F3EB4 Relevance: 3.2, APIs: 2, Instructions: 166COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003F40A7: GetOEMCP.KERNEL32(00000000,003F4238,003FA5F1,00000000,00000000,00000000,00000000,?,003FA5F1), ref: 003F40D2
                                                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,003F427F,?,00000000,003FA5F1,4D88C033,?,?,?,?,00000000), ref: 003F3F12
                                                                                                              • GetCPInfo.KERNEL32(00000000,003F427F,?,?,003F427F,?,00000000,003FA5F1,4D88C033,?,?,?,?,00000000,00000000), ref: 003F3F54
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CodeInfoPageValid
                                                                                                              • String ID:
                                                                                                              • API String ID: 546120528-0
                                                                                                              • Opcode ID: 5f339dd44cdcc887061bf6335c802834594030622589f84e77bab26f90f2f746
                                                                                                              • Instruction ID: 9a1c59732bfe63bcccf1af0a3c2409799c1b7b3d3b37284da4d4f51b711e2a91
                                                                                                              • Opcode Fuzzy Hash: 5f339dd44cdcc887061bf6335c802834594030622589f84e77bab26f90f2f746
                                                                                                              • Instruction Fuzzy Hash: 73513670E0034E9EDB228F35C841ABBFBF5EF50304F15446ED2868B251EB359A46CB80
                                                                                                              Function 00296120 Relevance: 3.1, APIs: 2, Instructions: 72sleepCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Sleep.KERNEL32(05265C00,00000000), ref: 00296161
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 002961CA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: SleepUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID:
                                                                                                              • API String ID: 4141101911-0
                                                                                                              • Opcode ID: 8aae3e92dc7fa1774df916a7252105fc2bb1d509dc9db93124697ac2b37981a9
                                                                                                              • Instruction ID: 5d15e2e42faa1f5c6f4b24c69664e937bc977a652e53199e661005a5c1ac7075
                                                                                                              • Opcode Fuzzy Hash: 8aae3e92dc7fa1774df916a7252105fc2bb1d509dc9db93124697ac2b37981a9
                                                                                                              • Instruction Fuzzy Hash: 95115932B24694478B1D9A3D484523932D69BD8B60F798B3CF53EDB3D2FA618C0A4390
                                                                                                              Function 003FCFCA Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FreeLibrary.KERNEL32(00000000,78E6566C,00000000,?,?,?,003FCED9,00000002,FlsGetValue,00407334,0040733C,C7FACEF2,?,003F0D3E,?,003E2F8D), ref: 003FD04D
                                                                                                              • GetProcAddress.KERNEL32(00000000,BA5A51B8,78E6566C,00000000,?,?,?,003FCED9,00000002,FlsGetValue,00407334,0040733C,C7FACEF2,?,003F0D3E), ref: 003FD057
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                              • String ID:
                                                                                                              • API String ID: 3013587201-0
                                                                                                              • Opcode ID: be7a5d842ed9396e2e5a5db0e86a9a661598793c4f46c1e94af94345cb1f5a2d
                                                                                                              • Instruction ID: 1a4d85d372d3961ba42d059c92e3592b3cf27f4672ad78c0a34eabbedb87a0f3
                                                                                                              • Opcode Fuzzy Hash: be7a5d842ed9396e2e5a5db0e86a9a661598793c4f46c1e94af94345cb1f5a2d
                                                                                                              • Instruction Fuzzy Hash: 7211B13260121AAFCF23CF54DC84DA973BAFF463A0B150265EE01E7250EA31DD02CB95
                                                                                                              Function 003E725E Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetLastError.KERNEL32(00413820,0000000C), ref: 003E7271
                                                                                                              • ExitThread.KERNEL32 ref: 003E7278
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorExitLastThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 1611280651-0
                                                                                                              • Opcode ID: 82d7f3ee08649aa1c6c8a1215ce52dd438030fb4a039e88138a8427172612c25
                                                                                                              • Instruction ID: d478d4d08c76a18b37aca8fbb061f91cb63dcdcd6ba24a608335306fd994d238
                                                                                                              • Opcode Fuzzy Hash: 82d7f3ee08649aa1c6c8a1215ce52dd438030fb4a039e88138a8427172612c25
                                                                                                              • Instruction Fuzzy Hash: 07F0C2B0940214AFDB12BFB2C90AE6E3BB5EF00700F200A59F6119B2D2DB745A11CBA1
                                                                                                              Function 003E20D4 Relevance: 3.0, APIs: 2, Instructions: 35COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlEncodePointer.NTDLL(0028F5DD,?,003E0D77,003E0DBD,?,003E0CF9,00000000,00000000,00000000,00000004,0028F5DD,00000001,?), ref: 003E20E7
                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003EA60F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: EncodeFeaturePointerPresentProcessor
                                                                                                              • String ID:
                                                                                                              • API String ID: 4030241255-0
                                                                                                              • Opcode ID: ad767a11d6c021303ff9952c8537812ca299169f99bb24277adf01bc06dcdc59
                                                                                                              • Instruction ID: 51adffd495449901939d409ceb3d6a493fc6182aba8b174050293977c819c98e
                                                                                                              • Opcode Fuzzy Hash: ad767a11d6c021303ff9952c8537812ca299169f99bb24277adf01bc06dcdc59
                                                                                                              • Instruction Fuzzy Hash: A8F0503018874966E7362B52FC0A76137A4A716304F040178F608980E2EF745451C549
                                                                                                              Function 003F0CC1 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003F0CDF
                                                                                                              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 003F0CEA
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                              • String ID:
                                                                                                              • API String ID: 1660781231-0
                                                                                                              • Opcode ID: 7d7bfd5c4cda4e1d41035028e78380a188a0a52fc3d844236a83c6815115b1de
                                                                                                              • Instruction ID: aad476046bbf3cf87c0e085fa2190dd57a920e90f5c672d2d854b3a1551940c4
                                                                                                              • Opcode Fuzzy Hash: 7d7bfd5c4cda4e1d41035028e78380a188a0a52fc3d844236a83c6815115b1de
                                                                                                              • Instruction Fuzzy Hash: FBD0A73858820C54090E32BD39024FA124465217B23611387FB319D4C3EA654080B022
                                                                                                              Function 003F3340 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cb5d0178cf1460be735258f6a66752965b21bba66d90f4b40539b35382fb48fc
                                                                                                              • Instruction ID: bd3794332fe36d304499bea663e663eef17ba809091280701aa4f87d2e30a5b6
                                                                                                              • Opcode Fuzzy Hash: cb5d0178cf1460be735258f6a66752965b21bba66d90f4b40539b35382fb48fc
                                                                                                              • Instruction Fuzzy Hash: F201DD3B7142196FEF17CE6DEC409AA33AABB857607258132FB05CB254EE30D9059754
                                                                                                              Function 003FA31F Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003F360D: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003F290A,00000001,00000364,00000004,000000FF,?,?,003E950C,003F258D,?,?,003E93CB), ref: 003F364E
                                                                                                              • _free.LIBCMT ref: 003FA38E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap_free
                                                                                                              • String ID:
                                                                                                              • API String ID: 614378929-0
                                                                                                              • Opcode ID: e24bfb5e57089765fbbc67ab6fb8e40b3005ff819285934793cc61b943d183d2
                                                                                                              • Instruction ID: 3f9cbf44a33b20c71d7dcd85610c2398e34c5240bbee0d735c3b4fb75b66e167
                                                                                                              • Opcode Fuzzy Hash: e24bfb5e57089765fbbc67ab6fb8e40b3005ff819285934793cc61b943d183d2
                                                                                                              • Instruction Fuzzy Hash: 9001FEB760471A6BC3228F58C8819AEFB98FB057B0F15062AE659B76C0D3706D14C7A5
                                                                                                              Function 003F360D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003F290A,00000001,00000364,00000004,000000FF,?,?,003E950C,003F258D,?,?,003E93CB), ref: 003F364E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: e6d043e0a16932e66d29f27e166beca437ac460d869f229888db90a55a8649a0
                                                                                                              • Instruction ID: 93cd9d7d6e31b073ee6bc2965e8525b6cbd87cdee102b1cb4313beccef035c27
                                                                                                              • Opcode Fuzzy Hash: e6d043e0a16932e66d29f27e166beca437ac460d869f229888db90a55a8649a0
                                                                                                              • Instruction Fuzzy Hash: 48F0BE31A0557C7ADB632B26DC85F7A3748AF417A0F1A4526AA04EA390CA20EA0086E5
                                                                                                              Function 003F25A1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(00000000,4D88C033,4D88C033,?,003F425A,00000220,003FA5F1,4D88C033,?,?,?,?,00000000,00000000,?,003FA5F1), ref: 003F25D3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: 10b0c33e261f38d5bb294a1601fa5bff1648293ee46330ebc2d845c0bc0168d8
                                                                                                              • Instruction ID: 6f0417aee6e77d300be1c941d2215bd7bfbb905e4a2ed95ba5acbae3132a3890
                                                                                                              • Opcode Fuzzy Hash: 10b0c33e261f38d5bb294a1601fa5bff1648293ee46330ebc2d845c0bc0168d8
                                                                                                              • Instruction Fuzzy Hash: 0EE0E531145568D6D6232AA69C10B7BBA4CDB433A0F460620EE0C9A4D0DE20DC0081A4
                                                                                                              Function 003E1844 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CloseHandle.KERNELBASE(?), ref: 003E184A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CloseHandle
                                                                                                              • String ID:
                                                                                                              • API String ID: 2962429428-0
                                                                                                              • Opcode ID: b0b6a34ac8a3c832df31a0cf49de2c9f03fa820bf62f806e1936408df4cc8c88
                                                                                                              • Instruction ID: bb0525a3c63677902043d33a96cddc857733902ffe919621e7738ab557244b50
                                                                                                              • Opcode Fuzzy Hash: b0b6a34ac8a3c832df31a0cf49de2c9f03fa820bf62f806e1936408df4cc8c88
                                                                                                              • Instruction Fuzzy Hash: E6C092735E452D67EA001AFAEC079543B989B1257D71C4B30F42AD51E0E73AE5A48584

                                                                                                              Non-executed Functions

                                                                                                              Function 0037F0D0 Relevance: 34.3, Strings: 26, Instructions: 1782COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: +ig$,ig$,ig$7G<E$8G<E$8G<E$I.$J.$J.$J.$J.$VnA$VnA$bi$$ci$$ci$$ci$$gG,$gG,$o/ 0$p/ 0$p/ 0$pGo3$pGo3$q.7K$q.7K
                                                                                                              • API String ID: 0-274085110
                                                                                                              • Opcode ID: 00b441689a2e61bc81aef3e275a601aa7ab742ec2d293811251a627fbbae64b0
                                                                                                              • Instruction ID: 7640577585d8b2c4e9d4dca711c096360d76d44d432bd02c361e798d0bc2b733
                                                                                                              • Opcode Fuzzy Hash: 00b441689a2e61bc81aef3e275a601aa7ab742ec2d293811251a627fbbae64b0
                                                                                                              • Instruction Fuzzy Hash: 97E20835604205CF8F6D9A78C8E45BD77A6BF94320FA5C32ED42B9BAE0C7389C458B45
                                                                                                              Function 0033F400 Relevance: 30.4, Strings: 24, Instructions: 361COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Qza+$Rza+$lj]e$lj]e$lj]e$n5)+$n5)+$n5)+$n5)+$n5)+$o5)+$o5)+$o5)+$o5)+$o5)+$o5)+$o5)+$o5)+$o5)+$o5)+$~<k/$~<k/$~<k/$~<k/
                                                                                                              • API String ID: 0-68842540
                                                                                                              • Opcode ID: c443be0b6ef10ff277549bb7711da4a5749daa94f9e45c0f7248f3b536068f97
                                                                                                              • Instruction ID: 59540bb1c8fb2b56b6ba17146a6af74f0b2462c81e9c9f51ffbe09e40c980b9d
                                                                                                              • Opcode Fuzzy Hash: c443be0b6ef10ff277549bb7711da4a5749daa94f9e45c0f7248f3b536068f97
                                                                                                              • Instruction Fuzzy Hash: 7CC11A76E0C7119F8B158E19A5D417AB6D2AF88344F6AC53EEC99CB661D320DC04CBC3
                                                                                                              Function 00373280 Relevance: 27.4, APIs: 4, Strings: 11, Instructions: 1163COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Dmp$Dmp$Dmp$Dmp$Dmp$Dmp$Dmp$Dmp$Dmp$Dmp$value
                                                                                                              • API String ID: 0-1674705280
                                                                                                              • Opcode ID: ad6b748d2e0d9762efa273b6a0b769869ac17a448558acefcd8e768a05799fc5
                                                                                                              • Instruction ID: a72df6d09ab5ac64f294ca6c20f2f305686831e823cc6b7619727c31c4f3c8de
                                                                                                              • Opcode Fuzzy Hash: ad6b748d2e0d9762efa273b6a0b769869ac17a448558acefcd8e768a05799fc5
                                                                                                              • Instruction Fuzzy Hash: 599249762007408FCB398F3498D06A777E6AF95310F29CA2DD8AF8B691D735E909DB41
                                                                                                              Function 003892D0 Relevance: 25.4, Strings: 20, Instructions: 374COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: <U+%.4X>$U:K$U:K$U:K$U:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K$V:K
                                                                                                              • API String ID: 0-281245149
                                                                                                              • Opcode ID: 4e0c888b32b6f5b4da6dcfcec569a701f853930a736ca47628404ba349550dfc
                                                                                                              • Instruction ID: 3d48fe95a92ade6766b47571714619e1e0fe0759718e6b2ebbf1060f18ee6558
                                                                                                              • Opcode Fuzzy Hash: 4e0c888b32b6f5b4da6dcfcec569a701f853930a736ca47628404ba349550dfc
                                                                                                              • Instruction Fuzzy Hash: CFD15736E48314CFCF169FA8D5907FDBBE1AB99310F2E41ABE856A7291C2214C05CF95
                                                                                                              Function 00343230 Relevance: 24.6, Strings: 19, Instructions: 839COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: !`1$!`1$!`1$!`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1$"`1
                                                                                                              • API String ID: 0-2685043853
                                                                                                              • Opcode ID: 66da64beb5e3bcbd1bee15a086373ccbf20365ce0d35efebdb24b5e4a7f1ff7d
                                                                                                              • Instruction ID: f3ae96d332533b34ffc92bbd74aef0ee7d1784717451a2e4e630c3d2929eadc0
                                                                                                              • Opcode Fuzzy Hash: 66da64beb5e3bcbd1bee15a086373ccbf20365ce0d35efebdb24b5e4a7f1ff7d
                                                                                                              • Instruction Fuzzy Hash: BB6208797082418FC71ACF28D49056A7BE2EFC9310F25CA5DE89A8B795C731ED45CB82
                                                                                                              Function 002F6400 Relevance: 22.1, Strings: 17, Instructions: 897COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: +/^l$+/^l$+/^l$v~U$v~U$v~U$v~U$v~U$v~U$v~U$v~U$v~U$v~U$v~U$v~U$v~U$v~U
                                                                                                              • API String ID: 0-2890141032
                                                                                                              • Opcode ID: cff67497b9fe0715e59e6d8f0803b30abdc11cb614a8ff67a8d5289d2fafcff8
                                                                                                              • Instruction ID: 7b7af53ca66569ddf47abc521ee77f374adc6c7e9cc22ac3e806ea625f9f7b6d
                                                                                                              • Opcode Fuzzy Hash: cff67497b9fe0715e59e6d8f0803b30abdc11cb614a8ff67a8d5289d2fafcff8
                                                                                                              • Instruction Fuzzy Hash: 07627A373183498BCB148E38949867EFEC2DBD53A0F6D892EE99587361C235CC59DB81
                                                                                                              Function 0036A470 Relevance: 19.6, APIs: 3, Strings: 8, Instructions: 314COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • shutdown.WS2_32(?,00000002), ref: 0036A55D
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: shutdown
                                                                                                              • String ID: F@..$F@..$G@..$G@..$G@..$G@..$G@..$G@..
                                                                                                              • API String ID: 2510479042-2778482394
                                                                                                              • Opcode ID: f44f266439e880067d526cad3738eea1a73bd2f8e9b3bf0a6b213a6c6f756c9f
                                                                                                              • Instruction ID: e480522644bb629b3797aea9a383d0f8b3e409d6f9843dadcd28bb03c0a7421d
                                                                                                              • Opcode Fuzzy Hash: f44f266439e880067d526cad3738eea1a73bd2f8e9b3bf0a6b213a6c6f756c9f
                                                                                                              • Instruction Fuzzy Hash: 8CB126716009058FCB19CA38D8D41BE76E5EB84320F2AC669D016EBBE8C775DC469F86
                                                                                                              Function 00362070 Relevance: 15.6, Strings: 12, Instructions: 563COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 9dqS$9dqS$e`"v$f`"v$f`"v$f`"v$i6$j6$j6$u+6c$u+6c$u+6c
                                                                                                              • API String ID: 0-1909878806
                                                                                                              • Opcode ID: 97943b24de36498c118e8791120d1afefc0ed862ba0ea8ebce502847857cdf9b
                                                                                                              • Instruction ID: dddbd312e9d25c9d2446557695b3762256858f84af127f7d6f4863dce3220c35
                                                                                                              • Opcode Fuzzy Hash: 97943b24de36498c118e8791120d1afefc0ed862ba0ea8ebce502847857cdf9b
                                                                                                              • Instruction Fuzzy Hash: 18120535748A01DF8B1ACE38D9E056B77D6AB85310B37C92AEC15CB3A9C235CC45EB42
                                                                                                              Function 00299480 Relevance: 14.4, APIs: 2, Strings: 7, Instructions: 863COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Mb=$Mb=$jK:E$jK:E$)T$)T$)T
                                                                                                              • API String ID: 0-1239881086
                                                                                                              • Opcode ID: e9110c010a3fceb32f3ac45a23d40de3a124fdcadcbff24a916a91cce14501a2
                                                                                                              • Instruction ID: b13a784da1966b1a8c1de3f5ec0b9a591e8009c5afb46ab78cb78d4015e8b14d
                                                                                                              • Opcode Fuzzy Hash: e9110c010a3fceb32f3ac45a23d40de3a124fdcadcbff24a916a91cce14501a2
                                                                                                              • Instruction Fuzzy Hash: DA729F79A11105CFCF18CF6CD9D1AADB7F1AF49320B694159E812EB3A0D631EC92CB91
                                                                                                              Function 0028C560 Relevance: 12.9, Strings: 10, Instructions: 367COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: :/-X$:/-X$;*($;/-X$;/-X$;/-X$;/-X$<*($<*($<*(
                                                                                                              • API String ID: 0-1761621664
                                                                                                              • Opcode ID: d5f0f4a104cbe115b095f8f61dd0fb32da137f8bae67d6afe6d4ef2d6b02a4f5
                                                                                                              • Instruction ID: 76128eaec662123561d3f784c8325e4187d01c364e3c0b2b749b5d6112c6f2a9
                                                                                                              • Opcode Fuzzy Hash: d5f0f4a104cbe115b095f8f61dd0fb32da137f8bae67d6afe6d4ef2d6b02a4f5
                                                                                                              • Instruction Fuzzy Hash: 22D19F3E72A3128BCA18AE2C949047A77D19BC5B50F398929EC9AD73D1D330DC158FA1
                                                                                                              Function 003372B0 Relevance: 12.8, Strings: 10, Instructions: 347COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: <If@$<If@$=If@$=If@$=If@$=If@$=If@$=If@$=If@$=If@
                                                                                                              • API String ID: 0-2063423904
                                                                                                              • Opcode ID: ab5d4d93dd62fcd02ef6539cf1d388c879cb80ee05d73e5f1fea462282155906
                                                                                                              • Instruction ID: da1f954a2556bc02e86a9667d1a9e10136c3ae75c947e90eeb6ef67290796052
                                                                                                              • Opcode Fuzzy Hash: ab5d4d93dd62fcd02ef6539cf1d388c879cb80ee05d73e5f1fea462282155906
                                                                                                              • Instruction Fuzzy Hash: 4DD193B9B095099FCB25CF68D8E09BEBBF2AF89350F244559E816E77A0C6319C01DF50
                                                                                                              Function 00306310 Relevance: 12.4, APIs: 2, Strings: 4, Instructions: 1899COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: F@..$G@..$G@..$G@..
                                                                                                              • API String ID: 0-3035917235
                                                                                                              • Opcode ID: 352fe8226a2f82578b5f34fb4f0a85918b7a2bfefe8b2ae01e27d00238f8f08a
                                                                                                              • Instruction ID: 5f02308a60064d7c98cc51f591a0a7deba79ab407ee8e2fea99ae1eaa1a372ad
                                                                                                              • Opcode Fuzzy Hash: 352fe8226a2f82578b5f34fb4f0a85918b7a2bfefe8b2ae01e27d00238f8f08a
                                                                                                              • Instruction Fuzzy Hash: 5DE2AB7AB061054BCF1A8F389CE05AE73D6AF91360B394769D827D72E0D720DD46CB86
                                                                                                              Function 00340620 Relevance: 11.9, Strings: 9, Instructions: 669COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: K9$K9$=%$E$>%$E$>%$E$G!i;$G!i;$G!i;$G!i;
                                                                                                              • API String ID: 0-1411648554
                                                                                                              • Opcode ID: d3a00acf49ef7e0fe3d4bd6dc710233bf9907fe00798c189e0c940018e6a5537
                                                                                                              • Instruction ID: b2935e2e6b7ca5412c511ac8157cec7e9c2aca38e24b97884816a66b0760635b
                                                                                                              • Opcode Fuzzy Hash: d3a00acf49ef7e0fe3d4bd6dc710233bf9907fe00798c189e0c940018e6a5537
                                                                                                              • Instruction Fuzzy Hash: 6832D3797002058FDB2D9A6899D05AD77E1EFC5320F25861AE222EF6F1C639EC45CF41
                                                                                                              Function 00336200 Relevance: 11.9, Strings: 9, Instructions: 636COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 8r[@$9r[@$9r[@$9r[@$<If@$=If@$=If@$=If@$=If@
                                                                                                              • API String ID: 0-4180516749
                                                                                                              • Opcode ID: 56ca760b418fb4a634ee7a0fd286720ac4f779669db1d59f8454ed149e230381
                                                                                                              • Instruction ID: e5b5cb017e5b2652804880ae91404fb062383c35a6c09ff97b097cd8d715d724
                                                                                                              • Opcode Fuzzy Hash: 56ca760b418fb4a634ee7a0fd286720ac4f779669db1d59f8454ed149e230381
                                                                                                              • Instruction Fuzzy Hash: 9E22393A308211AF8F1E8B2495E257E77D2DFD4360F2AC62EE4479BAA4C735CC458785
                                                                                                              Function 0026A1B0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 242COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: +{$+{
                                                                                                              • API String ID: 0-2068623772
                                                                                                              • Opcode ID: 123e6368cc082bbd98622c2d8a7238ae68ef13f37b2aaa39026555d2cdc7e606
                                                                                                              • Instruction ID: 68aedcb8bbed64f349bae5a186d08a68c8a334074ef47e6cdfcc260e8e008c36
                                                                                                              • Opcode Fuzzy Hash: 123e6368cc082bbd98622c2d8a7238ae68ef13f37b2aaa39026555d2cdc7e606
                                                                                                              • Instruction Fuzzy Hash: F4819871B141468FCF188F389C900AE77F6AF85314B28856AD811E7391E774DC5ACB92
                                                                                                              Function 002F85E0 Relevance: 10.4, Strings: 8, Instructions: 411COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 'TsZ$'TsZ$jiB$jiB$jiB$_V$_V$_V
                                                                                                              • API String ID: 0-683237854
                                                                                                              • Opcode ID: 7f6bddc153fabcfbdfbfc1dc786b47da4bcfbdde0c0e0bdffa327f2d71644044
                                                                                                              • Instruction ID: d33e22f7ff2e61a354d89fdba4d6f10521ad78c6e4ced7c6420805d5a2c8bf9f
                                                                                                              • Opcode Fuzzy Hash: 7f6bddc153fabcfbdfbfc1dc786b47da4bcfbdde0c0e0bdffa327f2d71644044
                                                                                                              • Instruction Fuzzy Hash: CFE11B366283498F8F188E2895D057EF7D6ABC9390F29893DFA55C73A0CA35DC158B42
                                                                                                              Function 00288040 Relevance: 9.5, Strings: 7, Instructions: 783COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6-?$7-?$7-?$j*GQ$k*GQ$k*GQ$k*GQ
                                                                                                              • API String ID: 0-3010996060
                                                                                                              • Opcode ID: 26869380cdc25162e8a1c4a023afc5d09ec964dc25ff759dd2c0dba73a381fe6
                                                                                                              • Instruction ID: 98e2a75b39eae7dc4369ac81e795d09d7f12a960b60b2c2f32bb7ea026b7d430
                                                                                                              • Opcode Fuzzy Hash: 26869380cdc25162e8a1c4a023afc5d09ec964dc25ff759dd2c0dba73a381fe6
                                                                                                              • Instruction Fuzzy Hash: B3520B3D7262128BCE2C9E2885A053E77D2AFC4750FB48A1EE457977E4DE318C558B83
                                                                                                              Function 002DD390 Relevance: 9.5, APIs: 1, Strings: 4, Instructions: 734COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: PY-$3i($3i($3i(
                                                                                                              • API String ID: 0-962745817
                                                                                                              • Opcode ID: 3b6014f2762ecc964de9806786e49f03a603d7e19cf26f1b5a8085911beedd39
                                                                                                              • Instruction ID: c9c31c667d64b593add654ef2c3791324904add8b06f02ac6c5a27a39170e419
                                                                                                              • Opcode Fuzzy Hash: 3b6014f2762ecc964de9806786e49f03a603d7e19cf26f1b5a8085911beedd39
                                                                                                              • Instruction Fuzzy Hash: B4423A39764A458FCB688E38D5E057DB3E3AFD5310F24816FD4568B3E4DA358C618B82
                                                                                                              Function 00382260 Relevance: 9.5, Strings: 7, Instructions: 726COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "C&q$"C&q$IUiF$IUiF$IUiF$nJ.)$nJ.)
                                                                                                              • API String ID: 0-3505327753
                                                                                                              • Opcode ID: 56e15026785eecbd5b23b6d40735c061cc5e128c7255c58d61aa40ce1806a73b
                                                                                                              • Instruction ID: ba1e1aa86075237616907b6424cfdc703fcb32c880ad203b635b1f6eb0ad34ce
                                                                                                              • Opcode Fuzzy Hash: 56e15026785eecbd5b23b6d40735c061cc5e128c7255c58d61aa40ce1806a73b
                                                                                                              • Instruction Fuzzy Hash: E8422679704205CFCF19EB68D8D45AEB7F6AF84320B298696E816DB7A0D334DC42CB51
                                                                                                              Function 00262400 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 454COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _strlen
                                                                                                              • String ID: v!Ny$v!Ny$v!Ny
                                                                                                              • API String ID: 4218353326-1034994572
                                                                                                              • Opcode ID: 302cfae04e7f56def2a5b4c603f188017d64727e94b932abe33119b85e29b6b1
                                                                                                              • Instruction ID: 291341f5933a4ed60352c73dcfaf30e366f24399f34a2f47e36e68bbd0609ba4
                                                                                                              • Opcode Fuzzy Hash: 302cfae04e7f56def2a5b4c603f188017d64727e94b932abe33119b85e29b6b1
                                                                                                              • Instruction Fuzzy Hash: C0025075714B01CF8768CF2CD9D0926B3E2BF993207244A5DE86ACB7A1D631EC998B11
                                                                                                              Function 003F82FF Relevance: 9.2, APIs: 6, Instructions: 193COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003F83EF
                                                                                                              • _free.LIBCMT ref: 003F8540
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileFindFirst_free
                                                                                                              • String ID:
                                                                                                              • API String ID: 689657435-0
                                                                                                              • Opcode ID: 12707ee77b04d5be5688d428f3a930437151da616e40466af96445955a5d14f2
                                                                                                              • Instruction ID: b8fde26b9e088ae25532f164d9a86dc58deb2cf4851ad1142cdb4e503d45c7ab
                                                                                                              • Opcode Fuzzy Hash: 12707ee77b04d5be5688d428f3a930437151da616e40466af96445955a5d14f2
                                                                                                              • Instruction Fuzzy Hash: A861E475D0512CAFDF2A9F69CC89ABEB7B9AB05304F1441DAE50DA7251EF308E858F10
                                                                                                              Function 0037B420 Relevance: 9.1, Strings: 7, Instructions: 339COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: /$WR$/$WR$/$WR$O_-$O_-$@t$@t
                                                                                                              • API String ID: 0-430648968
                                                                                                              • Opcode ID: 154369f30dc09b98e30cf5c4232b23be54df5bdc3d0abb372b6061329049cae3
                                                                                                              • Instruction ID: 71e089aee66c742539b63039a7ec5ddb6a5e83bb1df40cf8a1007ca3fe2abc7e
                                                                                                              • Opcode Fuzzy Hash: 154369f30dc09b98e30cf5c4232b23be54df5bdc3d0abb372b6061329049cae3
                                                                                                              • Instruction Fuzzy Hash: 4BC1C3747111098FCB29CF68D8D46ADB7F6AB89324B24C616E42AEB3A1C734DC40DF51
                                                                                                              Function 00327240 Relevance: 9.0, Strings: 7, Instructions: 288COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %{f$&{f$&{f$&{f$:EL$:EL$:EL
                                                                                                              • API String ID: 0-3983732977
                                                                                                              • Opcode ID: 19a8c1097c53168ab1efb38b75f259dd75fe8e9bd5b398dd6bad99a45fe9678d
                                                                                                              • Instruction ID: 7babfcfcc16382efc468436074a1cd7bd6ab47cc2bf63f23bb2badf5d2d102b5
                                                                                                              • Opcode Fuzzy Hash: 19a8c1097c53168ab1efb38b75f259dd75fe8e9bd5b398dd6bad99a45fe9678d
                                                                                                              • Instruction Fuzzy Hash: 0AA18F75708165CF8F15CA28A8D05AD7BE6BF8E3107398659EC12EB7A0C731CC05DB95
                                                                                                              Function 00290600 Relevance: 9.0, Strings: 7, Instructions: 280COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6LIi$6LIi$O+S$O+S$O+S$O+S$O+S
                                                                                                              • API String ID: 0-3295826199
                                                                                                              • Opcode ID: 19e0c4c6f43e4df28fa391e73022755d7b792f0b8bbd9af22a296f31d59a8b19
                                                                                                              • Instruction ID: b3ed7566952fc98584abc099782a544d7615722c7d0363251d2c80b23f441467
                                                                                                              • Opcode Fuzzy Hash: 19e0c4c6f43e4df28fa391e73022755d7b792f0b8bbd9af22a296f31d59a8b19
                                                                                                              • Instruction Fuzzy Hash: E4A1E47572010A8F9F18CEA8D9D08BEB7E6ABC9320B244A69E825D73E4C731DD11CB51
                                                                                                              Function 0035E0E0 Relevance: 9.0, Strings: 7, Instructions: 262COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 9&A$9&A$jrs$jrs$jrs$tKUy$tKUy
                                                                                                              • API String ID: 0-763108057
                                                                                                              • Opcode ID: f8bbb24d1e39934ae5502d2f76fc438bd61beb09af5f67ce3bd81b330a3d2d51
                                                                                                              • Instruction ID: f7fdb23bc2388920c397504e98e55816771ed041954dcd882dc2982a549a40eb
                                                                                                              • Opcode Fuzzy Hash: f8bbb24d1e39934ae5502d2f76fc438bd61beb09af5f67ce3bd81b330a3d2d51
                                                                                                              • Instruction Fuzzy Hash: B791F3353083019BCB1D8E3899F583EB7D6AFC4352B69CD2DE85747AA0D630DE498B81
                                                                                                              Function 003B12E0 Relevance: 8.2, Strings: 6, Instructions: 651COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: O6~$O6~$O6~$vrfx$wrfx$wrfx
                                                                                                              • API String ID: 0-1440252476
                                                                                                              • Opcode ID: 75f6f7daa4718b490ef3d28ef75048d4aeb138bd47674832ad4d47227c526a5a
                                                                                                              • Instruction ID: fd9a843fdd977a3bbdeae24af4bf77f51a22525db1bc63c53944ad089f973629
                                                                                                              • Opcode Fuzzy Hash: 75f6f7daa4718b490ef3d28ef75048d4aeb138bd47674832ad4d47227c526a5a
                                                                                                              • Instruction Fuzzy Hash: 2D32373A7083408FCB15CF2898E05AEBBD6AFC5364F59C92DE8958B7A5C630DC45CB46
                                                                                                              Function 0026E4B0 Relevance: 7.9, Strings: 6, Instructions: 449COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fN4$fN4$fN4$fN4$fN4$fN4
                                                                                                              • API String ID: 0-1645897058
                                                                                                              • Opcode ID: ccd086bea7c2eb0f12c9a9b8340f61d3c4f007fe73fa2c9d65306e7aa3d90ae5
                                                                                                              • Instruction ID: 4914f35bf4b4459f3b9d0ad0e9e009c20a5c65fdfabdc7d30a69cd4d0bec2acf
                                                                                                              • Opcode Fuzzy Hash: ccd086bea7c2eb0f12c9a9b8340f61d3c4f007fe73fa2c9d65306e7aa3d90ae5
                                                                                                              • Instruction Fuzzy Hash: 69F1F179719305DFCB18CF28959042B77E2ABD8714F658D2EF4A6C73A1E630CC958B82
                                                                                                              Function 00341410 Relevance: 7.8, Strings: 6, Instructions: 271COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: gH$gH$gH$zv"8${v"8${v"8
                                                                                                              • API String ID: 0-2690450640
                                                                                                              • Opcode ID: e1afb3f5c5b833130056adfa36e52e2bb165291dbb67e80f7b7a3737642b79bf
                                                                                                              • Instruction ID: a350006faa4692cadc8bbdddbeaed58ce42310dfa9373776a23437b2f9f57580
                                                                                                              • Opcode Fuzzy Hash: e1afb3f5c5b833130056adfa36e52e2bb165291dbb67e80f7b7a3737642b79bf
                                                                                                              • Instruction Fuzzy Hash: 7B919E75B04619CB8F158A7495C01FE77F3DFC8394B2AC666C811DB7A4C235ED868B90
                                                                                                              Function 003F7567 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003F2768: GetLastError.KERNEL32(?,?,?,003E7283,00413820,0000000C), ref: 003F276D
                                                                                                                • Part of subcall function 003F2768: SetLastError.KERNEL32(00000000,00000004,000000FF,?,?,003E7283,00413820,0000000C), ref: 003F280B
                                                                                                                • Part of subcall function 003F2768: _free.LIBCMT ref: 003F27CA
                                                                                                                • Part of subcall function 003F2768: _free.LIBCMT ref: 003F2800
                                                                                                              • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 003F7673
                                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 003F76BC
                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 003F76CB
                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 003F7713
                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 003F7732
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                              • String ID:
                                                                                                              • API String ID: 949163717-0
                                                                                                              • Opcode ID: 2d46a6105b519ed18c8924df8e7d42cfe06efca41c5dddf631641501590cad86
                                                                                                              • Instruction ID: 7d6062a1e9771db7c66fc3fc8b08bd21961a5bd8b8c0c589d34aa2b9e32ebcfe
                                                                                                              • Opcode Fuzzy Hash: 2d46a6105b519ed18c8924df8e7d42cfe06efca41c5dddf631641501590cad86
                                                                                                              • Instruction Fuzzy Hash: F0519271A0460DAFEF12DFA9CC45EBE77B8AF08700F154429FA15EB191EB709904CB60
                                                                                                              Function 00261000 Relevance: 6.9, Strings: 5, Instructions: 660COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "D]*$"D]*$"D]*$_WYu$_WYu
                                                                                                              • API String ID: 0-60857619
                                                                                                              • Opcode ID: e7351ce121c8a1da2c5b12dfd83bede38ccddb0653cac31816611e059bba51c0
                                                                                                              • Instruction ID: 3ee0d12f033d66c471a8d7f6dd2dad0bccb6c911c13ad9b1ab09f9907f00507f
                                                                                                              • Opcode Fuzzy Hash: e7351ce121c8a1da2c5b12dfd83bede38ccddb0653cac31816611e059bba51c0
                                                                                                              • Instruction Fuzzy Hash: F0324B3552C2468BCF2C8E2896F423D72D29BD4368F2D851ED81BCB794C665ACF58782
                                                                                                              Function 00286210 Relevance: 6.9, Strings: 5, Instructions: 617COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 5=A$$5=A$$LFNo$MFNo$MFNo
                                                                                                              • API String ID: 0-1405563358
                                                                                                              • Opcode ID: fdb41e059b48121cf50c1624ef29fc39e89cd94be238e6402cdcc1adbd6e60a0
                                                                                                              • Instruction ID: fdf77fd4c4f170eb6e0848e3318a8d0bba83ebfd25fc2af4d3de27dd3bec6038
                                                                                                              • Opcode Fuzzy Hash: fdb41e059b48121cf50c1624ef29fc39e89cd94be238e6402cdcc1adbd6e60a0
                                                                                                              • Instruction Fuzzy Hash: 41225D7D32A2058FCB189E2895D897E73D29BC4324F68CA5EE856CB3D4D630DC55CB82
                                                                                                              Function 0036E2F0 Relevance: 6.7, Strings: 5, Instructions: 419COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ceo>$ceo>$ceo>$ceo>$ceo>
                                                                                                              • API String ID: 0-2624463310
                                                                                                              • Opcode ID: d085dce2c1aee4f17d840fd2d4ac7d601ff122461aa6287f886c1f057044bc8a
                                                                                                              • Instruction ID: e69d1689a89a48523d4231f995335713224c7f8573cd66e10908d2c43301fb3d
                                                                                                              • Opcode Fuzzy Hash: d085dce2c1aee4f17d840fd2d4ac7d601ff122461aa6287f886c1f057044bc8a
                                                                                                              • Instruction Fuzzy Hash: 7CE14B6E3481418F4B198A395CD057E3BC75FE6310B2DCD2AE867CB6A9E610CC0E8B46
                                                                                                              Function 0030F120 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @t\S$At\S$At\S$At\S$At\S
                                                                                                              • API String ID: 0-3871424096
                                                                                                              • Opcode ID: 153c9e9eea69135f4c7aa666158992da4eb2829e05959352d5c05640bf7db3c3
                                                                                                              • Instruction ID: 0786ade31994f1c0c23a36a14b76764374edb688f9fa3dbbdcf330f929271cef
                                                                                                              • Opcode Fuzzy Hash: 153c9e9eea69135f4c7aa666158992da4eb2829e05959352d5c05640bf7db3c3
                                                                                                              • Instruction Fuzzy Hash: 22A1D83620A305CFC739CE2999A055B32E99BC4750F298A39E829CBBE5D774CC054783
                                                                                                              Function 002F1590 Relevance: 6.5, APIs: 3, Instructions: 1989COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • std::_Xregex_error.LIBCPMT ref: 002F1657
                                                                                                              • std::_Xregex_error.LIBCPMT ref: 002F311D
                                                                                                              • std::_Xregex_error.LIBCPMT ref: 002F312B
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Xregex_errorstd::_
                                                                                                              • String ID:
                                                                                                              • API String ID: 3587890882-0
                                                                                                              • Opcode ID: 02f87958183267f284d9e46dba898a17117d68dc21ef439a5d70dc2ad231b656
                                                                                                              • Instruction ID: 144b229618b4ef550c9b7de8772824561080cc22c10f459ddf8b8188a944605d
                                                                                                              • Opcode Fuzzy Hash: 02f87958183267f284d9e46dba898a17117d68dc21ef439a5d70dc2ad231b656
                                                                                                              • Instruction Fuzzy Hash: 92F2E676A2011ACBCF14CF68D5906FDF7F2AF8A3A0F294169D915A7394C7319C1ACB90
                                                                                                              Function 00344370 Relevance: 6.5, APIs: 3, Instructions: 1957COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • std::_Xregex_error.LIBCPMT ref: 00345DF1
                                                                                                              • std::_Xregex_error.LIBCPMT ref: 00345DF8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Xregex_errorstd::_
                                                                                                              • String ID:
                                                                                                              • API String ID: 3587890882-0
                                                                                                              • Opcode ID: cd20153103f793075fae2da3bbe6c2bb77bec93f7e3e8331f48b4aeee70e9146
                                                                                                              • Instruction ID: b25871d5adb148013e57770278cc7c3ecb181f7a38ea6e4f38a73e562c49999c
                                                                                                              • Opcode Fuzzy Hash: cd20153103f793075fae2da3bbe6c2bb77bec93f7e3e8331f48b4aeee70e9146
                                                                                                              • Instruction Fuzzy Hash: 98F22636F046158BCF1ACF68E4906EDB7F2AF89360F2A4569D851AF395C731AC05CB90
                                                                                                              Function 0026A510 Relevance: 6.3, APIs: 4, Instructions: 286COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 88f2a915eb4080159050517b8e55658080fa83acc867eb96a1173de9796f959e
                                                                                                              • Instruction ID: d7929454ae91546150d5e94835444f677f99a95ecf427245d69c9baa629b34f3
                                                                                                              • Opcode Fuzzy Hash: 88f2a915eb4080159050517b8e55658080fa83acc867eb96a1173de9796f959e
                                                                                                              • Instruction Fuzzy Hash: 0CA14B75B151158BCF188F349D804AE77F2DF89354B288666E812F73E0E630DD9A8F46
                                                                                                              Function 002CA4E0 Relevance: 6.3, APIs: 4, Instructions: 256COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Strcoll
                                                                                                              • String ID:
                                                                                                              • API String ID: 2074348804-0
                                                                                                              • Opcode ID: 2effa91bf829b29477e80f1bff0fed96d456bc45c03aca851b0f275bc06dcfaa
                                                                                                              • Instruction ID: 12a6e2bd0ac4b98e233b359b64578ff26aa49fa39bebd17c5025e567a405b157
                                                                                                              • Opcode Fuzzy Hash: 2effa91bf829b29477e80f1bff0fed96d456bc45c03aca851b0f275bc06dcfaa
                                                                                                              • Instruction Fuzzy Hash: 05913C75B1114A8BCF04CF789C909FE7BE2AF86394B288729E815DB3A0D635CC55DB12
                                                                                                              Function 003F824E Relevance: 6.2, APIs: 4, Instructions: 199fileCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003F360D: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,003F290A,00000001,00000364,00000004,000000FF,?,?,003E950C,003F258D,?,?,003E93CB), ref: 003F364E
                                                                                                              • _free.LIBCMT ref: 003F82CF
                                                                                                              • _free.LIBCMT ref: 003F82E6
                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003F83EF
                                                                                                              • _free.LIBCMT ref: 003F84BF
                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 003F84CD
                                                                                                              • _free.LIBCMT ref: 003F851B
                                                                                                              • FindClose.KERNEL32(00000000), ref: 003F852A
                                                                                                              • _free.LIBCMT ref: 003F8540
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _free$Find$File$AllocateCloseFirstHeapNext
                                                                                                              • String ID:
                                                                                                              • API String ID: 4129390288-0
                                                                                                              • Opcode ID: 9f0127f68b73012bc222cc108a085265c4fd3e6c7616cebb84ec4e86a0461d6e
                                                                                                              • Instruction ID: 6562767645c7b83c17ce4099900b36b9ec890558a4c51f1b19c0cb0ac028bec7
                                                                                                              • Opcode Fuzzy Hash: 9f0127f68b73012bc222cc108a085265c4fd3e6c7616cebb84ec4e86a0461d6e
                                                                                                              • Instruction Fuzzy Hash: 41519A7990021CBFDB1A9F298C85EFEB7B9DF85304F14419AF5099B201EF309D418B20
                                                                                                              Function 00320480 Relevance: 5.7, Strings: 4, Instructions: 696COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • https, xrefs: 00320AA3
                                                                                                              • (?:(https?):)?(?://(?:\[([\d:]+)\]|([^:/?#]+))(?::(\d+))?)?([^?#]*)(\?[^#]*)?(?:#.*)?, xrefs: 00320A7A
                                                                                                              • http, xrefs: 00320AA8
                                                                                                              • location, xrefs: 00320572
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (?:(https?):)?(?://(?:\[([\d:]+)\]|([^:/?#]+))(?::(\d+))?)?([^?#]*)(\?[^#]*)?(?:#.*)?$http$https$location
                                                                                                              • API String ID: 0-4198004140
                                                                                                              • Opcode ID: 1810b1bb614a94ada36e65b007211e91ff2ea4671128b043d8d6e25f7cc5a96b
                                                                                                              • Instruction ID: 4e1237ec2374b7c9882fce9c1f86142c6af70d80a5c2ad886e7d4f69375f9acf
                                                                                                              • Opcode Fuzzy Hash: 1810b1bb614a94ada36e65b007211e91ff2ea4671128b043d8d6e25f7cc5a96b
                                                                                                              • Instruction Fuzzy Hash: 0C4249363007108FC71DCF38A99566677D2EF95310F298A2DD8A78B6E2D735E809CB85
                                                                                                              Function 0035E4C0 Relevance: 5.6, Strings: 4, Instructions: 551COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: h_e$i_e$i_e$i_e
                                                                                                              • API String ID: 0-3329591910
                                                                                                              • Opcode ID: 34a4b8fd0fa5c753436bd5c51252476ef5d9a25bba2376a9a4bb24111629bab8
                                                                                                              • Instruction ID: 0a2a010f086cbff4c3e4f47331b6209888de63e9f8af984a1eb977ea96215312
                                                                                                              • Opcode Fuzzy Hash: 34a4b8fd0fa5c753436bd5c51252476ef5d9a25bba2376a9a4bb24111629bab8
                                                                                                              • Instruction Fuzzy Hash: AF2223396083558FC709CF28D59085ABBE1AFC9311F19CA1AEC99877A6D330DD49CF92
                                                                                                              Function 00330320 Relevance: 5.5, Strings: 4, Instructions: 518COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %s: %s$'JI$(JI$(JI
                                                                                                              • API String ID: 0-453971472
                                                                                                              • Opcode ID: 00d5209f71372be036da9bcaefd7658b7480156a2e5a19e7bc2bdcaa507893c5
                                                                                                              • Instruction ID: 7fa4cd33dda6213b0152fa665a88b9a78c325c58d2c072546dc7333e18fdd24b
                                                                                                              • Opcode Fuzzy Hash: 00d5209f71372be036da9bcaefd7658b7480156a2e5a19e7bc2bdcaa507893c5
                                                                                                              • Instruction Fuzzy Hash: 4C0236793053098BCB1D8A3999E456E32D5EBC4724F3A4A2EE555DB3F0D320CD468F82
                                                                                                              Function 00271350 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 222COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: iostream stream error
                                                                                                              • API String ID: 0-3252602735
                                                                                                              • Opcode ID: ab1ee0dd2a45347720c985b9e27be711150f099ff3c2e4faeb4d6a2219977021
                                                                                                              • Instruction ID: ceb1a14d05ae28278efa39430f3a43cbbc27e5f19ac723cce81edf5bd471bdf4
                                                                                                              • Opcode Fuzzy Hash: ab1ee0dd2a45347720c985b9e27be711150f099ff3c2e4faeb4d6a2219977021
                                                                                                              • Instruction Fuzzy Hash: 34713F375213028FD7288E3C988566A31D6AFD1360F29C75AD45ACB6D1EF78CC3A8785
                                                                                                              Function 00265180 Relevance: 5.4, Strings: 4, Instructions: 449COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: hFg$hFg$hFg$8O
                                                                                                              • API String ID: 0-1980766220
                                                                                                              • Opcode ID: 20e4d0232cce8dfafc779ab4700e3d281a4d189b51afd8ac4b640e320e60540c
                                                                                                              • Instruction ID: 13a4470a730ecd3b7b343c29187b6c2f119e794723d79866fea2489f7f956413
                                                                                                              • Opcode Fuzzy Hash: 20e4d0232cce8dfafc779ab4700e3d281a4d189b51afd8ac4b640e320e60540c
                                                                                                              • Instruction Fuzzy Hash: 5CF14277624B21CFCB244E14D98467D77A39BD1330F6A8A5EE859173E0C27A4CE19783
                                                                                                              Function 002C5360 Relevance: 5.4, Strings: 4, Instructions: 438COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: )XP^$*XP^$*XP^$*XP^
                                                                                                              • API String ID: 0-912165117
                                                                                                              • Opcode ID: ff48f70d1a66cc2b9bc2bbe8af82ab8dc9b6563238fb4ea85d98cf871abbcde5
                                                                                                              • Instruction ID: f2119adf16884db5136a6ca1b1358384e32186af3be6c866ea5ac34e6acaea04
                                                                                                              • Opcode Fuzzy Hash: ff48f70d1a66cc2b9bc2bbe8af82ab8dc9b6563238fb4ea85d98cf871abbcde5
                                                                                                              • Instruction Fuzzy Hash: F3029E78A11219CFCF18CE68D590AADB7F2EF89310B64425DE856A73A0D631AC92CB51
                                                                                                              Function 00347290 Relevance: 5.3, Strings: 4, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: -A$.A$.A$.A
                                                                                                              • API String ID: 0-3200488072
                                                                                                              • Opcode ID: 07ae0ac8eaff091fb2b7944454655bad909e5de92081bedac79dfa95fafc27f0
                                                                                                              • Instruction ID: b0a6ce8137d526b5253b47f8699409a4279255f742fd98a6215c7f22acbd2f73
                                                                                                              • Opcode Fuzzy Hash: 07ae0ac8eaff091fb2b7944454655bad909e5de92081bedac79dfa95fafc27f0
                                                                                                              • Instruction Fuzzy Hash: 24C10F65B0C3509BCB268A2954D057E7BC59BD5350F5A8C69FCD8CF321E321EC099BC5
                                                                                                              Function 002FE2F0 Relevance: 5.3, Strings: 4, Instructions: 348COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: \h$\h$\h$\h
                                                                                                              • API String ID: 0-732254863
                                                                                                              • Opcode ID: 2166ee7bf6a739f4ba9cda20abcff0b2240f28c755fbb2928409776af4c4c724
                                                                                                              • Instruction ID: 93092b152a599f0bcd8677eb3c707967a3deef2be6dd0040ff34930ee3fdff03
                                                                                                              • Opcode Fuzzy Hash: 2166ee7bf6a739f4ba9cda20abcff0b2240f28c755fbb2928409776af4c4c724
                                                                                                              • Instruction Fuzzy Hash: 66D1F475B1451A8F8F15CE78D8D08BDF7F2AF88790B268569E912E73A4C6309C06CF91
                                                                                                              Function 0034E1F0 Relevance: 5.3, Strings: 4, Instructions: 347COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: +P;$,P;$,P;$,P;
                                                                                                              • API String ID: 0-2438127156
                                                                                                              • Opcode ID: 82ed9fedf6a633658193706e42f8cb5dbf20654f807b80e5b3d105a43530c0f9
                                                                                                              • Instruction ID: 953340d31b37338cebc339e08cf059ddcbbad25ca865b80140fa40253b68f871
                                                                                                              • Opcode Fuzzy Hash: 82ed9fedf6a633658193706e42f8cb5dbf20654f807b80e5b3d105a43530c0f9
                                                                                                              • Instruction Fuzzy Hash: 1DC114353147009F8A2DDA7485E087E36EBBBD5324F258E1EE1174F6E4D6A5AC028F92
                                                                                                              Function 003B8450 Relevance: 5.3, Strings: 4, Instructions: 343COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: `-IV$`-IV$cannot use operator[] with a string argument with $g*
                                                                                                              • API String ID: 0-1747511787
                                                                                                              • Opcode ID: a6851500e5cbee0e5e168cbe5a52b26b7c5d1cfd025803eda0e04c0d17bfd13b
                                                                                                              • Instruction ID: f4801e25d665e97bf74901d110eb840dc2004b6205b26372059972ab7b18849f
                                                                                                              • Opcode Fuzzy Hash: a6851500e5cbee0e5e168cbe5a52b26b7c5d1cfd025803eda0e04c0d17bfd13b
                                                                                                              • Instruction Fuzzy Hash: CBC1913AA041198FCF158F78D8806ED77EAAF96324F2A4225C9216B6D1DE318D06CBC1
                                                                                                              Function 00396130 Relevance: 4.6, Strings: 3, Instructions: 858COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • cannot use erase() with , xrefs: 003965C6
                                                                                                              • iterator out of range, xrefs: 0039655F
                                                                                                              • iterator does not fit current value, xrefs: 00396513
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: cannot use erase() with $iterator does not fit current value$iterator out of range
                                                                                                              • API String ID: 0-3306149458
                                                                                                              • Opcode ID: d49fcf8678dc80fe991f3a660eb86f562414ad9865261ae18904f1cbd7edf7a2
                                                                                                              • Instruction ID: f266166cbf670cf8ec4f948eb95482e15d286a8a35e893c3da52f695887b6957
                                                                                                              • Opcode Fuzzy Hash: d49fcf8678dc80fe991f3a660eb86f562414ad9865261ae18904f1cbd7edf7a2
                                                                                                              • Instruction Fuzzy Hash: 5862C037B012558FCF158B7898E16FDBBE2AF86360F2E4165D856AB391D7309D09CB80
                                                                                                              Function 003E7448 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetCurrentProcess.KERNEL32(?,?,003E7500,?,?,?,?), ref: 003E746A
                                                                                                              • TerminateProcess.KERNEL32(00000000,?,003E7500,?,?,?,?), ref: 003E7471
                                                                                                              • ExitProcess.KERNEL32 ref: 003E7483
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                              • String ID:
                                                                                                              • API String ID: 1703294689-0
                                                                                                              • Opcode ID: 207599f4381315e75c0b434a06fc5e0ce9d9170133b218ae9b664f1fb8dfbcf0
                                                                                                              • Instruction ID: 69e55e57f9a364711eb59213efc00a1fb4a0c5abe420855ae17fc87dc6699b3c
                                                                                                              • Opcode Fuzzy Hash: 207599f4381315e75c0b434a06fc5e0ce9d9170133b218ae9b664f1fb8dfbcf0
                                                                                                              • Instruction Fuzzy Hash: 1EE04631000188AFCF132FA6DE089A83F68FB44381B414E24F9459A1B1DB35DD62DA84
                                                                                                              Function 003121A0 Relevance: 4.5, Strings: 3, Instructions: 704COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: WF!$WF!$WF!
                                                                                                              • API String ID: 0-125143793
                                                                                                              • Opcode ID: eea2d5fc350f1b9fa8f6d63287889682c2ace1afd08ae48efdfb43893a72b282
                                                                                                              • Instruction ID: 5be20ddf0c0bdbfcbfb22745acc196a26f00baaca2d94e3bff03a44a14750280
                                                                                                              • Opcode Fuzzy Hash: eea2d5fc350f1b9fa8f6d63287889682c2ace1afd08ae48efdfb43893a72b282
                                                                                                              • Instruction Fuzzy Hash: 7B327D6A7042444BCB1E8E3458D05FB73C79FD5350F298A2DE867C72E2DB24CC9A9786
                                                                                                              Function 0026F050 Relevance: 4.3, Strings: 3, Instructions: 548COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: WX$WX$WX
                                                                                                              • API String ID: 0-928921085
                                                                                                              • Opcode ID: fc4dd76816d6da80cdb33749f789b096c2c78935bd2f7d1c29db52d57ad7df1a
                                                                                                              • Instruction ID: f156fa70dc38a162a38c160b2338aeca9a317f986cd7231301d09cd2a07feb7e
                                                                                                              • Opcode Fuzzy Hash: fc4dd76816d6da80cdb33749f789b096c2c78935bd2f7d1c29db52d57ad7df1a
                                                                                                              • Instruction Fuzzy Hash: 3022F976314B42CFCB64CF28E590656B7E2BF85350F298A2DD8A787B91C731E895CB40
                                                                                                              Function 00361210 Relevance: 4.2, Strings: 3, Instructions: 457COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: /J$0J$0J
                                                                                                              • API String ID: 0-2381199896
                                                                                                              • Opcode ID: 4c7013472d4aa5d186af0c06db65d242912725a01147e074d5c387c524bda531
                                                                                                              • Instruction ID: 04bf3806cef9f9be723ce693df66b9c1ead43290e9148bb3a19fa43fe1861e78
                                                                                                              • Opcode Fuzzy Hash: 4c7013472d4aa5d186af0c06db65d242912725a01147e074d5c387c524bda531
                                                                                                              • Instruction Fuzzy Hash: 8CF12E3AA012158F8F19CE68C9E04EEB7F2EB9932072AC255DC16E73D9D6309C45CF95
                                                                                                              Function 002FF250 Relevance: 4.2, Strings: 3, Instructions: 456COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 0>a$0>a$0>a
                                                                                                              • API String ID: 0-3149339676
                                                                                                              • Opcode ID: fe0657983760f8e3663233d4ec920ee69330da522eb169e188422eb19d60e24b
                                                                                                              • Instruction ID: 7997030c2c05e20491c92fad2e36ce597d9463d6cdbaeeaf6e2f037afb257739
                                                                                                              • Opcode Fuzzy Hash: fe0657983760f8e3663233d4ec920ee69330da522eb169e188422eb19d60e24b
                                                                                                              • Instruction Fuzzy Hash: 3FF126763182469FCB188E3896E017EB7D39FC53D0F298A39E95587391D731CC198B82
                                                                                                              Function 003633B0 Relevance: 4.2, Strings: 3, Instructions: 430COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: o8$p8$p8
                                                                                                              • API String ID: 0-3043283007
                                                                                                              • Opcode ID: f481dd612c632e204ce9415952c5dd9fb5de9a1acac733d0119f69ef5a877163
                                                                                                              • Instruction ID: f7ad15ca5b2c481aa506dc28119f29d0b705e0e2ca3c144048bae03ee5dbf471
                                                                                                              • Opcode Fuzzy Hash: f481dd612c632e204ce9415952c5dd9fb5de9a1acac733d0119f69ef5a877163
                                                                                                              • Instruction Fuzzy Hash: 90F13576B04215CF8F0ACF29D8E05BDB7E1EF49320B19821AD816EB7A1C631AD05CF94
                                                                                                              Function 003A32D0 Relevance: 4.1, Strings: 3, Instructions: 367COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "V%I$"V%I$"V%I
                                                                                                              • API String ID: 0-81497453
                                                                                                              • Opcode ID: 1767d6a8290622d44190f0baaf6fbbeab4912020985e31ef447143e6ebefcce8
                                                                                                              • Instruction ID: 01bf6782683dfb53402ed8019c4a1c7a537c61489d5c139f6fe37ce48de1c0af
                                                                                                              • Opcode Fuzzy Hash: 1767d6a8290622d44190f0baaf6fbbeab4912020985e31ef447143e6ebefcce8
                                                                                                              • Instruction Fuzzy Hash: 48D1FA79B04109CF8F1ACA6CD9C05ADB7F6EF9A310B398525F816DB3A4DA31DE018B51
                                                                                                              Function 00346590 Relevance: 4.1, Strings: 3, Instructions: 306COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: i}2$j}2$j}2
                                                                                                              • API String ID: 0-729939743
                                                                                                              • Opcode ID: f6042074f08ea7bcc22ce1e3a3e277bd583152e34c803a93e11fbd77f1a76c16
                                                                                                              • Instruction ID: fe8a2c07f02a07a616066fcee5907a82bae40248e42f34f40c13bf878834dcd1
                                                                                                              • Opcode Fuzzy Hash: f6042074f08ea7bcc22ce1e3a3e277bd583152e34c803a93e11fbd77f1a76c16
                                                                                                              • Instruction Fuzzy Hash: 66B10976E002149FCF19CF68D8915EDBBF6AF8A320F2A4269E815AF391D7315C058F91
                                                                                                              Function 0036F470 Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: O6~$O6~$O6~
                                                                                                              • API String ID: 0-1757311930
                                                                                                              • Opcode ID: 0e6de72a70cd6f0e76e155dc45cf14c74cc8de30be91739f7315262cda355d04
                                                                                                              • Instruction ID: 0e0e4126147cfdc9718696fdb2ddf382481e59b1dda73d09dfcf9432804b5d22
                                                                                                              • Opcode Fuzzy Hash: 0e6de72a70cd6f0e76e155dc45cf14c74cc8de30be91739f7315262cda355d04
                                                                                                              • Instruction Fuzzy Hash: 738170367083505FCA194F28B8D056B77D29FC6790F1ED87EE48A8B369D236CC498B51
                                                                                                              Function 003483F0 Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: fm$fm$fm
                                                                                                              • API String ID: 0-1793705853
                                                                                                              • Opcode ID: 64803bbf1f623378b37ec50eb4cebfd767f498c65f434573a4307d8e0206f67e
                                                                                                              • Instruction ID: 7740de36512ea9f61afc1bd6700dbc967d563fcea5c8e1ddc6949e005a9586b3
                                                                                                              • Opcode Fuzzy Hash: 64803bbf1f623378b37ec50eb4cebfd767f498c65f434573a4307d8e0206f67e
                                                                                                              • Instruction Fuzzy Hash: E2714B373083424BCB159B2495D026FB7D3AFC6720F1B89A9CA590F392DA75AC49CB85
                                                                                                              Function 0032E500 Relevance: 3.4, Strings: 2, Instructions: 905COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Basic $Proxy-Authorization
                                                                                                              • API String ID: 0-1278023847
                                                                                                              • Opcode ID: b316855128808954fe86e3716cf0ce717a35f374c2503931d620d63b9521eaaf
                                                                                                              • Instruction ID: 560bb25ed17a575c9f9fa5d218c0c1850423e319f5a929de6e7089c075e47c21
                                                                                                              • Opcode Fuzzy Hash: b316855128808954fe86e3716cf0ce717a35f374c2503931d620d63b9521eaaf
                                                                                                              • Instruction Fuzzy Hash: B262BF7AB002158FCF098F74B8956AD77E7AF91320F298629D827DB2D1D7348D46C781
                                                                                                              Function 003BC3A0 Relevance: 3.2, Strings: 2, Instructions: 705COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: y6z$y6z
                                                                                                              • API String ID: 0-512828025
                                                                                                              • Opcode ID: f1fa7c2ef5a4702a7278bf61627e70feca057db910b1f3f7f065a3883d1b31aa
                                                                                                              • Instruction ID: a193cd936269ce0bdec8ac211191c0159568767d963d3e82fd9d0d2614d64f46
                                                                                                              • Opcode Fuzzy Hash: f1fa7c2ef5a4702a7278bf61627e70feca057db910b1f3f7f065a3883d1b31aa
                                                                                                              • Instruction Fuzzy Hash: 4842FF75710B008FC735CE38C5905A6B7E2AFC93247699A2DE8A6C7BA5C731EC06CB51
                                                                                                              Function 0032F450 Relevance: 3.0, Strings: 2, Instructions: 480COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Bearer $Proxy-Authorization
                                                                                                              • API String ID: 0-3993570101
                                                                                                              • Opcode ID: bbc79d05b0df3b5cd6cfeb20ab2460298de7cf8c8fb075fde1ef04582ff67e16
                                                                                                              • Instruction ID: 49dbf54a13ce4a9a528559883adb7ab5753bf984e09368bb78df7654ca07078e
                                                                                                              • Opcode Fuzzy Hash: bbc79d05b0df3b5cd6cfeb20ab2460298de7cf8c8fb075fde1ef04582ff67e16
                                                                                                              • Instruction Fuzzy Hash: DF028C76B001568FCB098F38B9906AE77F2AF91720F298639D856DB2E1D731CD45CB81
                                                                                                              Function 002F50F0 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ew8$ew8
                                                                                                              • API String ID: 0-1188254513
                                                                                                              • Opcode ID: fee39427d4c8f0c29815e1963669b47e649acc881ca65812a1bbbed7b108fc3e
                                                                                                              • Instruction ID: 0db4704a3242f35a5e98b5336e1159fd15fc1f0b4d4d8bdc266022e5e74ef730
                                                                                                              • Opcode Fuzzy Hash: fee39427d4c8f0c29815e1963669b47e649acc881ca65812a1bbbed7b108fc3e
                                                                                                              • Instruction Fuzzy Hash: 31C1CB2671C7698BCA148E2854E057FFAD24FC93D0FE8847DEB8A4B355D635CC0A8B81
                                                                                                              Function 002851A0 Relevance: 2.8, Strings: 2, Instructions: 345COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: sG&j$sG&j
                                                                                                              • API String ID: 0-1608128065
                                                                                                              • Opcode ID: 1f7f00ab2fb1f2d28738f44667327c4aea5c044f0e9e0ef1185a9fb0d616397f
                                                                                                              • Instruction ID: 4d59e12e3920f4ad84f1bc2fe7a1acae3ea1c80139878eae1c30fcf0bba8a227
                                                                                                              • Opcode Fuzzy Hash: 1f7f00ab2fb1f2d28738f44667327c4aea5c044f0e9e0ef1185a9fb0d616397f
                                                                                                              • Instruction Fuzzy Hash: B1D1493A6197118FC714DF28C49056A77E2AFC9360F998A6DEC599B3E1CB30CC45CB82
                                                                                                              Function 00398690 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ZkJ$ZkJ
                                                                                                              • API String ID: 0-216089324
                                                                                                              • Opcode ID: eb03141ed55e4552147695c15943153e884c6aa75963877d3273b90ce76bef46
                                                                                                              • Instruction ID: 0a3a77cab8552cc59791641f28f6eabbc376d84ae44f0d300ecac8993281aeb6
                                                                                                              • Opcode Fuzzy Hash: eb03141ed55e4552147695c15943153e884c6aa75963877d3273b90ce76bef46
                                                                                                              • Instruction Fuzzy Hash: DEB1A679B04105CF8F09CB68D8E04BE77F6AFCA360B648269E912DB3A0DA359C45CF55
                                                                                                              Function 0026C270 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @=ei$@=ei
                                                                                                              • API String ID: 0-2133102065
                                                                                                              • Opcode ID: 206d49279021dfd0422e95c82dd8260f921b3252c15d6da6cd345f74f328e240
                                                                                                              • Instruction ID: d686f2debfe1eaa237d8f11ef6f4edcea01391b4c43acf4f06efcd8dc8b54fc4
                                                                                                              • Opcode Fuzzy Hash: 206d49279021dfd0422e95c82dd8260f921b3252c15d6da6cd345f74f328e240
                                                                                                              • Instruction Fuzzy Hash: A39156363282858BCE1C5A3855B017E7AD39FD1350F78C61EE8D74B3D9C9718C9A8786
                                                                                                              Function 00365360 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: GET$HEAD
                                                                                                              • API String ID: 0-1127565650
                                                                                                              • Opcode ID: 37933f731fb1aaef03f3862dac6ab8dec2143fdbebc776395135fc86c574e7da
                                                                                                              • Instruction ID: c00f317c0b99169809b8a2aeaa3a08103d2aae9ab82f8cc2b6f01ba28da6da44
                                                                                                              • Opcode Fuzzy Hash: 37933f731fb1aaef03f3862dac6ab8dec2143fdbebc776395135fc86c574e7da
                                                                                                              • Instruction Fuzzy Hash: 4C81EF31141A059FCB2ADF24D899BEB77E9FF05314F05852CE8AB8B1D2DB35A849CB50
                                                                                                              Function 003A8060 Relevance: 2.4, Strings: 1, Instructions: 1186COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: <N8
                                                                                                              • API String ID: 0-2496143347
                                                                                                              • Opcode ID: 09b26daa44f082cdfa6d610f7019398a36f7345b9f521711ac6c5414be08923e
                                                                                                              • Instruction ID: 7ab14022aa74b7d74dbab7a24b76742ebe57e0344967260e8edf46247ac22a2f
                                                                                                              • Opcode Fuzzy Hash: 09b26daa44f082cdfa6d610f7019398a36f7345b9f521711ac6c5414be08923e
                                                                                                              • Instruction Fuzzy Hash: 6A9207766047408FCB25CF28D8D066677E7EFD6360B198A1DC8968BBA1DB35EC46CB40
                                                                                                              Function 003BB1D0 Relevance: 1.9, Strings: 1, Instructions: 653COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: UhN
                                                                                                              • API String ID: 0-2233034402
                                                                                                              • Opcode ID: 05f386bc35ba52d803f916d57e1abe1886d5ca7e292319c6cc4755e63dbcbabc
                                                                                                              • Instruction ID: 084c2465e1ad70e2af062b71a6dfda8216991c821cd9e1dc8ce753a89c7c1aaf
                                                                                                              • Opcode Fuzzy Hash: 05f386bc35ba52d803f916d57e1abe1886d5ca7e292319c6cc4755e63dbcbabc
                                                                                                              • Instruction Fuzzy Hash: 5B427274B002099FCF1DCF68D4A49BEB7F2EF89314B248559E6169BBA1CB70AC41CB51
                                                                                                              Function 002A1310 Relevance: 1.9, APIs: 1, Instructions: 395COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: deb7fa4cee343b29d90c3d7490efc633b0ed82bfd57f876c80557e29255c3b89
                                                                                                              • Instruction ID: 17eb223c2332117b8bf2f22c2a47a00ef5cecc02e3eeb4a99e33dc5caccc2b81
                                                                                                              • Opcode Fuzzy Hash: deb7fa4cee343b29d90c3d7490efc633b0ed82bfd57f876c80557e29255c3b89
                                                                                                              • Instruction Fuzzy Hash: 2AD15B397282068F8F2C8E2848D117A76D25FC6770F2C896ED427CB7E0DA65DC759B02
                                                                                                              Function 00391310 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: out_of_range
                                                                                                              • API String ID: 0-3053435996
                                                                                                              • Opcode ID: 86207cbeaf6d6a6fc8ceab40aa8b5cd2c48271d99b7e9139d411791345bf75cf
                                                                                                              • Instruction ID: b007814a1ce676d932ea86c9e521081ade46fb2b692052241c5e7f9f4b848883
                                                                                                              • Opcode Fuzzy Hash: 86207cbeaf6d6a6fc8ceab40aa8b5cd2c48271d99b7e9139d411791345bf75cf
                                                                                                              • Instruction Fuzzy Hash: AC229D7AB052064BCF098F78ACD05BE77D6AF913A0F294629D827E72E0D720CD46D746
                                                                                                              Function 0038E0A0 Relevance: 1.8, Strings: 1, Instructions: 569COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • excessive object size: , xrefs: 0038E7FF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: excessive object size:
                                                                                                              • API String ID: 0-3718820671
                                                                                                              • Opcode ID: 03496026392f5f8f9e6592d7dd35fe38c91ca66e900d15591a6d52dee7b279fb
                                                                                                              • Instruction ID: 7e4a01ca5b438457ad073624160bb3b8cfea5d066e9523c99d569df0144506e8
                                                                                                              • Opcode Fuzzy Hash: 03496026392f5f8f9e6592d7dd35fe38c91ca66e900d15591a6d52dee7b279fb
                                                                                                              • Instruction Fuzzy Hash: 3612577AF002189FCF25DB78D8909ED7BE7AF86320B298655E8256B3D5D7308D06CB50
                                                                                                              Function 00352580 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Location
                                                                                                              • API String ID: 0-2817059741
                                                                                                              • Opcode ID: 6ed7f6613810913536ead0e87aa38d8c4d8c21d523f744c12304dcbbbc72df9c
                                                                                                              • Instruction ID: a4142b8236948cfa4c9af715a9f5bd5bcd00b227b056420b6999eeb672bb522b
                                                                                                              • Opcode Fuzzy Hash: 6ed7f6613810913536ead0e87aa38d8c4d8c21d523f744c12304dcbbbc72df9c
                                                                                                              • Instruction Fuzzy Hash: 5F125C36B002154FCF168F649890DEF77E6AB96361F298219DC56972F1D7218D0ECB81
                                                                                                              Function 003FC513 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003FC46E,?,?,00000008,?,?,00401020,00000000), ref: 003FC740
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ExceptionRaise
                                                                                                              • String ID:
                                                                                                              • API String ID: 3997070919-0
                                                                                                              • Opcode ID: ccf4cef3b6784e185c90495fb7e9cf1bf9d0ef853d3e5ff8ab1f4f44652165c7
                                                                                                              • Instruction ID: 4a251460d42220451960ca92e6b1262f7b6a344ea05cef06e434ae66795ea855
                                                                                                              • Opcode Fuzzy Hash: ccf4cef3b6784e185c90495fb7e9cf1bf9d0ef853d3e5ff8ab1f4f44652165c7
                                                                                                              • Instruction Fuzzy Hash: 79B15C3166060CDFD716CF28C586B657BA0FF45364F2A9658E999CF2A1C335E981CF40
                                                                                                              Function 0029A100 Relevance: 1.8, Strings: 1, Instructions: 516COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: <s)
                                                                                                              • API String ID: 0-2492495807
                                                                                                              • Opcode ID: 0072cbd6376ddf0413e159b8f3fb6b0367c7596100f14485be6c8b677a2ba02a
                                                                                                              • Instruction ID: b93bab9a02103655f8b98f3567e90c2c7281e2998e921ad283db067428877097
                                                                                                              • Opcode Fuzzy Hash: 0072cbd6376ddf0413e159b8f3fb6b0367c7596100f14485be6c8b677a2ba02a
                                                                                                              • Instruction Fuzzy Hash: E012527AB21309DFCF14CF5CC9805ADB7F2EB99324B2A4251E815AB364D3709D528BD2
                                                                                                              Function 0027E1F0 Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 0027E2AE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                                                                                              • API String ID: 0-1713319389
                                                                                                              • Opcode ID: 3da27cf4745c67ddd31ad87c03b70caeb057bedfb8e7271874dc9b5d30931535
                                                                                                              • Instruction ID: 995480560687904999ebd25307f7481ba709efdb77ec452b44f4676b89a3b503
                                                                                                              • Opcode Fuzzy Hash: 3da27cf4745c67ddd31ad87c03b70caeb057bedfb8e7271874dc9b5d30931535
                                                                                                              • Instruction Fuzzy Hash: B7F17936A202198FCF14CF3498905EEBBF6EF49324F268669D8166B2D1D7345D16CBA0
                                                                                                              Function 003F351D Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003E9E78: EnterCriticalSection.KERNEL32(?,?,003F4914,?,00413DA8,0000000C), ref: 003E9E87
                                                                                                              • EnumSystemLocalesW.KERNEL32(003F3510,00000001,00413D08,0000000C,003F2E3F,-00000050), ref: 003F3555
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 1272433827-0
                                                                                                              • Opcode ID: 8f0cbbb4efe7931ab4a9c4d511ba60809ee0dc5c4bfef83709a205abd1ac68fa
                                                                                                              • Instruction ID: a8baa5b20a28e47ad0f9dca8a23b374e4b18810e7550f0baeb09496bf8cf90c4
                                                                                                              • Opcode Fuzzy Hash: 8f0cbbb4efe7931ab4a9c4d511ba60809ee0dc5c4bfef83709a205abd1ac68fa
                                                                                                              • Instruction Fuzzy Hash: 46F04972A40218EFDB11EFA8E842BAD7BF0EB89725F10416AF5159B2E0D7754A418F44
                                                                                                              Function 0034A440 Relevance: 1.0, Instructions: 959COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dcbf181eaa36be6770eecf944652b4b0c5a402c4cb994e5ebd55367e674c8331
                                                                                                              • Instruction ID: 3e58de730d8f03566f2fecb524883ff2b6e76db0c372b291f5aa316332feee6b
                                                                                                              • Opcode Fuzzy Hash: dcbf181eaa36be6770eecf944652b4b0c5a402c4cb994e5ebd55367e674c8331
                                                                                                              • Instruction Fuzzy Hash: 54726935348A058BDB1D8B3496E017EB6D29FA5320F25866EE4534FBE0DB34EC459B83
                                                                                                              Function 00390660 Relevance: .9, Instructions: 866COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ff8a7dac5ef5d1dc22d4d71185668c34f39e295d8be6b18e2116a9d15053db73
                                                                                                              • Instruction ID: 49bbfe803438cccdb05ddebf2c0605c050eeff9658077eab1368e7aca432ccb5
                                                                                                              • Opcode Fuzzy Hash: ff8a7dac5ef5d1dc22d4d71185668c34f39e295d8be6b18e2116a9d15053db73
                                                                                                              • Instruction Fuzzy Hash: F5622A76F041658F8F298A78D8D05ED7BE7AFC5320F2E8625D825AB394C6308C458FD1
                                                                                                              Function 00301190 Relevance: .7, Instructions: 694COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ded2e973166081770d4edcd1cd089bca58e916992510ab6ce4ae6478e068c986
                                                                                                              • Instruction ID: 04449d05f98124b74f874e1998cc158ce6bd6f041ca3edbdece6132cea08fedb
                                                                                                              • Opcode Fuzzy Hash: ded2e973166081770d4edcd1cd089bca58e916992510ab6ce4ae6478e068c986
                                                                                                              • Instruction Fuzzy Hash: DD42C336A011098FCF19CFA8D4A06EDB7F6BF44394F298529E816AB2D0D7319D46CF84
                                                                                                              Function 00309120 Relevance: .6, Instructions: 648COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9d7f9e767149598c43d2bef3bf021427b329481b836dcce05d72c923a19bf089
                                                                                                              • Instruction ID: e5530c99ee5c62ca22abbcf1b4be10894a4b5f1a69e56d3e9b8cf6b8ddea9ad3
                                                                                                              • Opcode Fuzzy Hash: 9d7f9e767149598c43d2bef3bf021427b329481b836dcce05d72c923a19bf089
                                                                                                              • Instruction Fuzzy Hash: 53421436A01259CFCB05CF68C8907DDBBF5BF45310F2982AAD455AB292D7359D4ACF80
                                                                                                              Function 002F9540 Relevance: .6, Instructions: 631COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 85778db41b6ba62c73a588e7439275339457357f4abda85ec009d33f8473dc66
                                                                                                              • Instruction ID: 54595c1603bd20ce0a38f0db00e893aa3d8ebdddbd0f5225cef421ef34fc6885
                                                                                                              • Opcode Fuzzy Hash: 85778db41b6ba62c73a588e7439275339457357f4abda85ec009d33f8473dc66
                                                                                                              • Instruction Fuzzy Hash: B642CE35A112098FCF18CF68D490AEEFBF5EF483A4F158529E815AB2A1C7319D56CF90
                                                                                                              Function 0039D690 Relevance: .6, Instructions: 562COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f6417f341924af04b1701832647e49d82eeb6639cb4195dd2b670159295af7ad
                                                                                                              • Instruction ID: 68000d05acce9f43d6f9cfdf3ed421214b074c13937655443c4c1967590b9213
                                                                                                              • Opcode Fuzzy Hash: f6417f341924af04b1701832647e49d82eeb6639cb4195dd2b670159295af7ad
                                                                                                              • Instruction Fuzzy Hash: 6C2207353082418FCF19CF3899D166A77D6AFC6364F25891AE49ACB2A1D730DC49DB82
                                                                                                              Function 003B53C0 Relevance: .5, Instructions: 548COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 18af64e366c0f0304648e45730b920ab8544d309f2064646a01341b5b457487a
                                                                                                              • Instruction ID: 5679e8b1a8a237fe4f9b1e01de85795d1d5087cac2d4b780d9dbb70d8bd8be0f
                                                                                                              • Opcode Fuzzy Hash: 18af64e366c0f0304648e45730b920ab8544d309f2064646a01341b5b457487a
                                                                                                              • Instruction Fuzzy Hash: 90128C76F00555CFCF128A38D8E06EE7BE3AFC9324B6A8625D915DB794C6348C46CB90
                                                                                                              Function 0031E350 Relevance: .5, Instructions: 528COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 231e2576b47b206a1b709763ee11333913d788b5945b1892bb958d523b1c171d
                                                                                                              • Instruction ID: f7d9e7efc31cbaced4f1412402640f42a86e96e3235ea95030ab7ae6e6585748
                                                                                                              • Opcode Fuzzy Hash: 231e2576b47b206a1b709763ee11333913d788b5945b1892bb958d523b1c171d
                                                                                                              • Instruction Fuzzy Hash: 99220232A002558FCB19CF64C894BEEBBF5FF89324F194669D855AB281C7319D89CBC0
                                                                                                              Function 002FC460 Relevance: .5, Instructions: 526COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3280b39da80d550b7c4197b0caaab7bb4081f607efd396652e8142b2f9900d27
                                                                                                              • Instruction ID: c5b7b5d8b636998418f31b8724e9897b5ab76319ad8b7df3490963c57620631a
                                                                                                              • Opcode Fuzzy Hash: 3280b39da80d550b7c4197b0caaab7bb4081f607efd396652e8142b2f9900d27
                                                                                                              • Instruction Fuzzy Hash: DE02397AB2010E4BCF088F6499905BEB7E6AFD13A0F388635D917972E0D720DD56CB85
                                                                                                              Function 003034D0 Relevance: .5, Instructions: 475COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 567887ebff5ecf6083c9147b794e4fe327b8faa3a3de813fa862dfdaf92df846
                                                                                                              • Instruction ID: 5855ba0339d5ce5916768b9349d62a75a10f86ece4fa43d6f13bed01cdd828de
                                                                                                              • Opcode Fuzzy Hash: 567887ebff5ecf6083c9147b794e4fe327b8faa3a3de813fa862dfdaf92df846
                                                                                                              • Instruction Fuzzy Hash: 4D123376A012048FCB15CF34D8A47EE7BF5AF45320F154669E866AB2E2D7319E09CF81
                                                                                                              Function 003046B0 Relevance: .5, Instructions: 467COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e1cceee85dfae327e2f52038d52ba1a1da0e444e8c779fd1a9b8fb4242d84fde
                                                                                                              • Instruction ID: e502b0c25fe43da7d92711ab3b8fc3b5e647c82e9601432ec5598bc717ceb079
                                                                                                              • Opcode Fuzzy Hash: e1cceee85dfae327e2f52038d52ba1a1da0e444e8c779fd1a9b8fb4242d84fde
                                                                                                              • Instruction Fuzzy Hash: AFF18B722093019FC719DF24E8A066BB7E6EFC5310F198A6DE98587392D735DD09CB82
                                                                                                              Function 00368060 Relevance: .5, Instructions: 455COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b243d304a168dd00e17f2669a244ca894f5a20da01f9454151045641097fed27
                                                                                                              • Instruction ID: 4c5974de5ed73781935b82990ed80d08b92e39ff31f86c11b6ec90188d32a58c
                                                                                                              • Opcode Fuzzy Hash: b243d304a168dd00e17f2669a244ca894f5a20da01f9454151045641097fed27
                                                                                                              • Instruction Fuzzy Hash: 59F12A7BF042658BCF158B2888A01EE7BF26F8D350B2AC756DC51A7394CE358C098BD5
                                                                                                              Function 003220A0 Relevance: .4, Instructions: 439COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f82d48eb11a2c7b471979e4ad6ab52fd13e333789362eef45b8d751887715a1
                                                                                                              • Instruction ID: cdd7cd1c1cfcc8a4957e98b2cdebf6b94a7ee9baac0e7ea06e9c46aebc2457db
                                                                                                              • Opcode Fuzzy Hash: 1f82d48eb11a2c7b471979e4ad6ab52fd13e333789362eef45b8d751887715a1
                                                                                                              • Instruction Fuzzy Hash: AFF15B36308321ABCB198A28A9E056F77D3AFC5350F29C92DE4968B795C735CC49DB81
                                                                                                              Function 003752B0 Relevance: .4, Instructions: 435COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9f7085620cabc164c46b827bcbb691f1626822777e5f55e3f401957923777bea
                                                                                                              • Instruction ID: f5a74889968fd395c0af4a7882d978aadc5611bf8a2c180273bd09e38e8ca960
                                                                                                              • Opcode Fuzzy Hash: 9f7085620cabc164c46b827bcbb691f1626822777e5f55e3f401957923777bea
                                                                                                              • Instruction Fuzzy Hash: 78F1687BE006558FCB3D8B6859D01EDBBE29B99360F1BC259D86A7B3D0D2654C05CF80
                                                                                                              Function 002F4330 Relevance: .4, Instructions: 413COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 10602568a77600d6b9a32ea401a9dbe6f3b07ee96ac8b99f2db527cd9829f050
                                                                                                              • Instruction ID: ffd62c37366f424815552991908309ed212956da58b9a04301c307d374b9f0bb
                                                                                                              • Opcode Fuzzy Hash: 10602568a77600d6b9a32ea401a9dbe6f3b07ee96ac8b99f2db527cd9829f050
                                                                                                              • Instruction Fuzzy Hash: B3E13A7A32820A8B8F1C9E24A1F067FF6D29FD53A4F24453DD6674B3E5C6A08C55CB42
                                                                                                              Function 003A52A0 Relevance: .4, Instructions: 403COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c53ff8abe7262f8db7a8c34880f986833d32d5cb4104cb059c33090182bbee03
                                                                                                              • Instruction ID: 8d494799870af5deb2f7ecf3efb229015c474b8ee862d071447f3ac3418484ad
                                                                                                              • Opcode Fuzzy Hash: c53ff8abe7262f8db7a8c34880f986833d32d5cb4104cb059c33090182bbee03
                                                                                                              • Instruction Fuzzy Hash: E1E124B6E04545CFCF158F6895D05EEBBE6EB8A330F6A8129DC59AB791D6318C04CF80
                                                                                                              Function 00293260 Relevance: .4, Instructions: 390COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 376dad6e3f9799856ca2eaaea0e21b4528c9b5d92349c106784ebe14a4ab94df
                                                                                                              • Instruction ID: 657132b9345608bdbd12b6875d5cf9db17c02c9acf0dafbde512c3efd36bbace
                                                                                                              • Opcode Fuzzy Hash: 376dad6e3f9799856ca2eaaea0e21b4528c9b5d92349c106784ebe14a4ab94df
                                                                                                              • Instruction Fuzzy Hash: F0E1C27AF102098F8F14CFA8D5D04AEBBF2AF8D310B258556DC25AB3A0C6759D46CB94
                                                                                                              Function 002F3150 Relevance: .4, Instructions: 380COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f79b9306e3140d613f4650ee999f8947780a9e4de3ab3ddde00c49d6ad660b1e
                                                                                                              • Instruction ID: a3fd5b3a61ca8d840fd096464f3a975b5022f80eb1bc9d9c6eb1c72703c005ce
                                                                                                              • Opcode Fuzzy Hash: f79b9306e3140d613f4650ee999f8947780a9e4de3ab3ddde00c49d6ad660b1e
                                                                                                              • Instruction Fuzzy Hash: AAD15B753281099F8F1CCE2455A047FB2D3ABC4390B68C53EE95B473D4D6728E66C782
                                                                                                              Function 00353370 Relevance: .4, Instructions: 358COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ac1e7bd4c62a69b6c3c201e902968b4385da2c0b4fe75457eaa965ba84ec0713
                                                                                                              • Instruction ID: 87d8bf40ffe1958add51d636dfdcbc736d06ba0befeb5e2724f10619cc4f4006
                                                                                                              • Opcode Fuzzy Hash: ac1e7bd4c62a69b6c3c201e902968b4385da2c0b4fe75457eaa965ba84ec0713
                                                                                                              • Instruction Fuzzy Hash: 6FC14D3D608145CF4A2AC67844D4D3E72D5AB943A1B268A9AED16CF3B4DF34CE4D4BC2
                                                                                                              Function 002EC530 Relevance: .3, Instructions: 341COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 020546de16c9d33603009027da1414ea4b4a348d29ba8380187db047c120237d
                                                                                                              • Instruction ID: 45e1311b8fb5b8074c48249185b67827f2dbcc62f8fae14cb3d68b34cf2df101
                                                                                                              • Opcode Fuzzy Hash: 020546de16c9d33603009027da1414ea4b4a348d29ba8380187db047c120237d
                                                                                                              • Instruction Fuzzy Hash: C5C18D7A7542935BCF188EB998E05BF76D25FD5320B788729D821D73E0C225CC5AC781
                                                                                                              Function 0035F330 Relevance: .3, Instructions: 340COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ea2f874c0cfa06635995c45482075c39ab3b4ee644e63390bd93bd2a24c419a5
                                                                                                              • Instruction ID: 710505ac3594e06d415de020149aaf172a16db374a0837d634a220956a37eb73
                                                                                                              • Opcode Fuzzy Hash: ea2f874c0cfa06635995c45482075c39ab3b4ee644e63390bd93bd2a24c419a5
                                                                                                              • Instruction Fuzzy Hash: 2BC128763006004FCB258F38A8D496677D3AF85361B298A3DD8A7C7AF1D720DC49DB95
                                                                                                              Function 002874D0 Relevance: .3, Instructions: 322COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0e086b4732789c2283b0aaaa79209586165bf40631ffe353c6ea3162ca5d361e
                                                                                                              • Instruction ID: 62e0586ac42b5b3e494812246184d0ba985b2511979508d1d3b1fbef6d49e704
                                                                                                              • Opcode Fuzzy Hash: 0e086b4732789c2283b0aaaa79209586165bf40631ffe353c6ea3162ca5d361e
                                                                                                              • Instruction Fuzzy Hash: 54B1777EB1E2128BCB185E2495E007EB693AFC5350B79861ED8AA177D4D631CC06DBC2
                                                                                                              Function 00364540 Relevance: .3, Instructions: 319COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3069f0b0c8f9e095e860b80125c1fa4c2410fd7a379ec600dd20bd85022a5897
                                                                                                              • Instruction ID: 63226e06e48326c5c518872870f8367fdda381e13aa41a00a7955b107385b53c
                                                                                                              • Opcode Fuzzy Hash: 3069f0b0c8f9e095e860b80125c1fa4c2410fd7a379ec600dd20bd85022a5897
                                                                                                              • Instruction Fuzzy Hash: 30C1F875700A008FC729CF29E8D056677E6AB8B310728CA2ED857CB7A9D730EC49CB55
                                                                                                              Function 002ED090 Relevance: .3, Instructions: 318COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 45d7356184a0ca6c70b9a02cb4504d1ab7ef89c754f1b6e0bad3f61900e45527
                                                                                                              • Instruction ID: 241d612ed36c703be398498bf43a045dc022cf6a668e05fcd2d65dbe849afeae
                                                                                                              • Opcode Fuzzy Hash: 45d7356184a0ca6c70b9a02cb4504d1ab7ef89c754f1b6e0bad3f61900e45527
                                                                                                              • Instruction Fuzzy Hash: F7C18EBE2593518FCB149F39C5C024A77E1AFC5360F9A8765DCA94B3E1C3719C168B82
                                                                                                              Function 002E6530 Relevance: .3, Instructions: 318COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7869a5197309f229813871ea21eacde5ed5e46fbd34cdd2a9614981090cb1f75
                                                                                                              • Instruction ID: fa18c55e7e46371f2bde314d3e3d4c1e1a7834fb96b0f22c9bbb1040f66eaff2
                                                                                                              • Opcode Fuzzy Hash: 7869a5197309f229813871ea21eacde5ed5e46fbd34cdd2a9614981090cb1f75
                                                                                                              • Instruction Fuzzy Hash: E2B16B36F502468BCF14CF7899944EE7BF79F963A0F688229D414673D1D6318D16CB90
                                                                                                              Function 00316140 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 38be3b00635d1d2f58ee0611a15aabe099e3826240a81970d5c746f5d85fdb29
                                                                                                              • Instruction ID: afd18a29db6db967c1d3c27b0fc508e9fe08af674f48fc52c582d1db5a3fb15a
                                                                                                              • Opcode Fuzzy Hash: 38be3b00635d1d2f58ee0611a15aabe099e3826240a81970d5c746f5d85fdb29
                                                                                                              • Instruction Fuzzy Hash: 14B1063B7083549F86158F6884815DEBBD7AFCE360F5B8A59D868573A9C330CC86CB85
                                                                                                              Function 0033C0D0 Relevance: .3, Instructions: 309COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cd03fd90d28665470e2c0478722b6f1b36feb77c923bd8896e86c592dab9faa
                                                                                                              • Instruction ID: fdb4684fd9d02ed4f3e468fe3231b187e1b502380f834b7a6b998b1c3ca381f7
                                                                                                              • Opcode Fuzzy Hash: 0cd03fd90d28665470e2c0478722b6f1b36feb77c923bd8896e86c592dab9faa
                                                                                                              • Instruction Fuzzy Hash: C7B1CF7AF142158FCF2A8A7858D01FE77E5AF49310F39961ACC26F7392D6298C059BD0
                                                                                                              Function 002B9420 Relevance: .3, Instructions: 308COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 719e064f9955db25833147878a906187db1f3d5af976a5d63b7ba4e9f10bfebf
                                                                                                              • Instruction ID: 58a760a0aa81b1898ac3bdb1569c75173e27bf01329e16c57232e06bfd2b1b93
                                                                                                              • Opcode Fuzzy Hash: 719e064f9955db25833147878a906187db1f3d5af976a5d63b7ba4e9f10bfebf
                                                                                                              • Instruction Fuzzy Hash: 55A1AB6A7242454FCB1C4E346CD00BA77C69FD33A0B288A2DE9A7C72E1D614CCA9D747
                                                                                                              Function 002F71B0 Relevance: .3, Instructions: 276COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b488077ab8d3d5514fcc3ffc2a2fc882d69b673680d3c1d51e1cad52f2b237ea
                                                                                                              • Instruction ID: 592358ad1faedb1e81bd3463888ece5e8748e55f4dcae9d45be2459e85e582b6
                                                                                                              • Opcode Fuzzy Hash: b488077ab8d3d5514fcc3ffc2a2fc882d69b673680d3c1d51e1cad52f2b237ea
                                                                                                              • Instruction Fuzzy Hash: BEA1E37562C3499B8B148F28989082FFBE5AFD9390F248D2DFA95C72A1D231CD158B52
                                                                                                              Function 00370420 Relevance: .3, Instructions: 275COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1adb9dcc83d9691b43a324479fee75ad59b8833dc84b3d153567a5a76fb40115
                                                                                                              • Instruction ID: 190d30dd1290150825417d575ac912634924fa80c39edac9a663d0030ee0152a
                                                                                                              • Opcode Fuzzy Hash: 1adb9dcc83d9691b43a324479fee75ad59b8833dc84b3d153567a5a76fb40115
                                                                                                              • Instruction Fuzzy Hash: 75915D26308245CB8B3D8B3598E007A76D59FC5361B29DE2EE41ECB6E0D638DC459F46
                                                                                                              Function 003723A0 Relevance: .3, Instructions: 271COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2bb5c1b3163e9fcf00aa5601fd1a07a8972a8f84e7d319a269b0ff09b3ad9dde
                                                                                                              • Instruction ID: 587e947ff5a2c3bb5d6a16e0b014a940343deb2d3fe465797d5fda5d82c47cba
                                                                                                              • Opcode Fuzzy Hash: 2bb5c1b3163e9fcf00aa5601fd1a07a8972a8f84e7d319a269b0ff09b3ad9dde
                                                                                                              • Instruction Fuzzy Hash: 9BA18479B04105DFCB15CF68D8E09AEBBF6EF8A310B258169E806E7760D6399C05DF60
                                                                                                              Function 003944E0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7200d0cf8a4c98d7b6c7469b5ac50df2453b533314f77b7bf62619be3b2db38
                                                                                                              • Instruction ID: f4b07146e6fc3b85b5ff008288cce642c87bfd6ac0cc0d54f7a043ce4be95267
                                                                                                              • Opcode Fuzzy Hash: a7200d0cf8a4c98d7b6c7469b5ac50df2453b533314f77b7bf62619be3b2db38
                                                                                                              • Instruction Fuzzy Hash: 87A15F79B002098FCF05CF6CD9D09AD77E6AF89354B298529E815EB7A0D731DC46CB90
                                                                                                              Function 00314600 Relevance: .3, Instructions: 265COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e3c2fae472ac6aef7e13143af5c6c46437d270a7fa676b28fa86724aec1e955f
                                                                                                              • Instruction ID: b05a2e5bdf164884da78fcffa48330e082eaa8032ce6550c2379cd20b91dd3c6
                                                                                                              • Opcode Fuzzy Hash: e3c2fae472ac6aef7e13143af5c6c46437d270a7fa676b28fa86724aec1e955f
                                                                                                              • Instruction Fuzzy Hash: 75918EAE7042454B8B0E4E357CD44AB73C79FDA310B298A39DC6BC76A1D714CC899787
                                                                                                              Function 00327660 Relevance: .3, Instructions: 258COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3ad24247ce4ae77397ec479a52341654b4c59c4c7fe876abe16b049ed42cc957
                                                                                                              • Instruction ID: 565e2a1800a6fe5e8dadd062b57a388a5350df643293a5f5de412205840fedd6
                                                                                                              • Opcode Fuzzy Hash: 3ad24247ce4ae77397ec479a52341654b4c59c4c7fe876abe16b049ed42cc957
                                                                                                              • Instruction Fuzzy Hash: 7D91683630C7A08F87159B38B98456A7BD6BBC9310F2ACA59DC95973A8D331CC45CB82
                                                                                                              Function 0027D1C0 Relevance: .2, Instructions: 249COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d34ec12b697bf75b747ed27d9e3c306d6929a03f815409355e4ae9f63ce4560c
                                                                                                              • Instruction ID: d53dddbc9462b22f46c725c20f3ca14c298b178762a78e012f7a6bab0467c139
                                                                                                              • Opcode Fuzzy Hash: d34ec12b697bf75b747ed27d9e3c306d6929a03f815409355e4ae9f63ce4560c
                                                                                                              • Instruction Fuzzy Hash: 15912A3B215202CFC7148E38D99026A77E39FD2364F2AC66DCC6D1B2E1CB719D568B81
                                                                                                              Function 00348090 Relevance: .2, Instructions: 246COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dfc427e22057a0dca713f235c43a737d01656ada2799c5f8d44d941aaa955b3d
                                                                                                              • Instruction ID: c4111bc3fd97761bbb7fe4fa74d559fb6ffdbba6d9bfeb0224e4b5ced3798cd4
                                                                                                              • Opcode Fuzzy Hash: dfc427e22057a0dca713f235c43a737d01656ada2799c5f8d44d941aaa955b3d
                                                                                                              • Instruction Fuzzy Hash: 8F91063AB001459FCB19DF68D9916FE7BF6AF8A710F154529E806AB390CB31AD05CB90
                                                                                                              Function 00280290 Relevance: .2, Instructions: 227COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c2cae4d83d9b0b24789b241733572dbe66571d9d9143d9efef40c5e8295c2bad
                                                                                                              • Instruction ID: 5ee1a0923512fcc67a6b3f3be9fe4c29c293ba7a22ecfd5456e2573c721850be
                                                                                                              • Opcode Fuzzy Hash: c2cae4d83d9b0b24789b241733572dbe66571d9d9143d9efef40c5e8295c2bad
                                                                                                              • Instruction Fuzzy Hash: 8D714D3D3271019B9EACBF6859E857A32D29BD4330F24862DDD178B7F8D9A09C5C4781
                                                                                                              Function 003921D0 Relevance: .2, Instructions: 215COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e0712ff2370fdf8ae497924425a6fb37d6c34af8609a677295bd9e5a3ef6ae47
                                                                                                              • Instruction ID: 3a26b7a8eabaa8204c967a495fd1828c9a45b6ed08a4be9afcfa74fcf6a728a4
                                                                                                              • Opcode Fuzzy Hash: e0712ff2370fdf8ae497924425a6fb37d6c34af8609a677295bd9e5a3ef6ae47
                                                                                                              • Instruction Fuzzy Hash: 5F71CF3A705149AB8F1A8BB868E11FF7BD7EF86310B29403DDC46C7791D6208C09CB85
                                                                                                              Function 003780A0 Relevance: .2, Instructions: 208COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b4137b815bd8a50719c65af717ae6419a2eb7fde7d9de619eb7d7cad6cc2b63a
                                                                                                              • Instruction ID: dc48e347b131f764d52229f858cc87084c14e160689b651a7e94d4ab48e04d93
                                                                                                              • Opcode Fuzzy Hash: b4137b815bd8a50719c65af717ae6419a2eb7fde7d9de619eb7d7cad6cc2b63a
                                                                                                              • Instruction Fuzzy Hash: 38618B223442009F8B288B396CDD57B77D6DFD6665F28C92DE89DC72D2CA14CC099B46
                                                                                                              Function 002F6120 Relevance: .2, Instructions: 208COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5ac3f228d949d23907a5773fe6f415cb78e36227dc6f093fd20b5e84cede50ab
                                                                                                              • Instruction ID: e19eb709576f291bb61b65c71d18c8ca6a699b836e0c7c378a2606281a4e3772
                                                                                                              • Opcode Fuzzy Hash: 5ac3f228d949d23907a5773fe6f415cb78e36227dc6f093fd20b5e84cede50ab
                                                                                                              • Instruction Fuzzy Hash: AB71377571472A8F8F048F6888D45BFBBF1DF9E790B248175DE15AB3A2C2218C158BD4
                                                                                                              Function 002CA1F0 Relevance: .2, Instructions: 206COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2dae631dc65e76fc34b0f188c92a0b2581fa83402c7f2103318416f458227d94
                                                                                                              • Instruction ID: 5ae22095bfbee27948a688cbf2e9efad447c2d199f953ac3d8d270d59b06a715
                                                                                                              • Opcode Fuzzy Hash: 2dae631dc65e76fc34b0f188c92a0b2581fa83402c7f2103318416f458227d94
                                                                                                              • Instruction Fuzzy Hash: 47617B75B1415A8F8F08CE38D880AAAB6E36FC5328728873DD806D73A1D535DD55CB87
                                                                                                              Function 003B0300 Relevance: .2, Instructions: 204COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7fb1903d009ff1a4a1f411a9780397523071373ce535265406d33ff2049e6114
                                                                                                              • Instruction ID: 7d4572a11f76cb908c5928a8a48ad15122028a158bfa2bdfe2fc4990fc796a75
                                                                                                              • Opcode Fuzzy Hash: 7fb1903d009ff1a4a1f411a9780397523071373ce535265406d33ff2049e6114
                                                                                                              • Instruction Fuzzy Hash: 12616C367083408F87298A39D8D05AF37D7AFC5314F29C929E66ACB758C735CC099B51
                                                                                                              Function 003E3630 Relevance: .1, Instructions: 76COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                              • Instruction ID: 5b000e81de5d2e5f2b4b2fa1e6db2ef4911a7a1c88a2bf88711eb842a1610ce7
                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                              • Instruction Fuzzy Hash: D4112B772001F163D6168A3FC9FC6F6A395EBC9321B6F437AD0418B7D4D2239B459504
                                                                                                              Function 003E564F Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 357COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _free$Info
                                                                                                              • String ID: xS@
                                                                                                              • API String ID: 2509303402-1122611197
                                                                                                              • Opcode ID: 9a541cee901bcf77744b4047c1d6027924672b9df5ea36bc3e60a48b231eadab
                                                                                                              • Instruction ID: f1049ef6b18961fdd7d0343091f5be4e874f53860cc75042a7c9dbe484570c81
                                                                                                              • Opcode Fuzzy Hash: 9a541cee901bcf77744b4047c1d6027924672b9df5ea36bc3e60a48b231eadab
                                                                                                              • Instruction Fuzzy Hash: 2DD1BE71900759DFDB12CF69C881BEEBBF5FF09304F144229E999AB282D770A945CB60
                                                                                                              Function 003F15E4 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 003F1703
                                                                                                              • CatchIt.LIBVCRUNTIME ref: 003F1862
                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 003F1963
                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 003F197E
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CallCatchFramesNestedUnexpectedUnwindtype_info::operator==
                                                                                                              • String ID: csm$csm$csm$pE@
                                                                                                              • API String ID: 2332921423-2118370272
                                                                                                              • Opcode ID: fadf7cdcc9e2b0ef729c2a5f54f1fbb26fed58f5e0404e8c62de808bfe9d3281
                                                                                                              • Instruction ID: 5330edd8643be85d025c6177c25bd449bfe9e3f26356d450ed4eadc03a3ecb05
                                                                                                              • Opcode Fuzzy Hash: fadf7cdcc9e2b0ef729c2a5f54f1fbb26fed58f5e0404e8c62de808bfe9d3281
                                                                                                              • Instruction Fuzzy Hash: 38B19B7580020DEFCF2AEFA4E9809BEB7B5FF14310B15416AEA156B212C771EA51CF91
                                                                                                              Function 003BD3A0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 211COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003BD40C
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: Q726$Q726$Q726$Q726$Q726$Q726
                                                                                                              • API String ID: 885266447-2818609084
                                                                                                              • Opcode ID: 6a50188c669373c0e8acdd96d50244ffd389e189920d2d7bd5b2381c126ffb5a
                                                                                                              • Instruction ID: 8cc5a85c0d2b09acc4bab12966a8426200bb12e93ade46e91a91d74e8734230c
                                                                                                              • Opcode Fuzzy Hash: 6a50188c669373c0e8acdd96d50244ffd389e189920d2d7bd5b2381c126ffb5a
                                                                                                              • Instruction Fuzzy Hash: ED712A753042409FCB1D8B2895A45B977D2AFC5358F29892DED5B8B6E0EB31DC058B42
                                                                                                              Function 003FF027 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003FF412: CreateFileW.KERNEL32(00000000,00000000,?,003FF0D0,?,?,00000000), ref: 003FF42F
                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003FF13B
                                                                                                              • __dosmaperr.LIBCMT ref: 003FF142
                                                                                                              • GetFileType.KERNEL32 ref: 003FF14E
                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 003FF158
                                                                                                              • __dosmaperr.LIBCMT ref: 003FF161
                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 003FF181
                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 003FF2CE
                                                                                                              • GetLastError.KERNEL32 ref: 003FF300
                                                                                                              • __dosmaperr.LIBCMT ref: 003FF307
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                              • String ID:
                                                                                                              • API String ID: 4237864984-0
                                                                                                              • Opcode ID: 0f9365cc8af78fed4dcb0a59ae1202f5f977c4371f8d1b0440a4734c3323626f
                                                                                                              • Instruction ID: c8e781e8a68b260d8bf8cb094abc57679532d7c825542b108cc29220ea7f8fbc
                                                                                                              • Opcode Fuzzy Hash: 0f9365cc8af78fed4dcb0a59ae1202f5f977c4371f8d1b0440a4734c3323626f
                                                                                                              • Instruction Fuzzy Hash: B5A1F432A001599FCF1AAF68DC91BBD3BB1EF06324F15016AED11AF2E1DB359912CB51
                                                                                                              Function 003E34A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 003E34D7
                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 003E34DF
                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 003E3568
                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 003E3593
                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 003E35E8
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                              • String ID: csm$k0>
                                                                                                              • API String ID: 1170836740-3628863860
                                                                                                              • Opcode ID: b9e5a72bdac082bdaa4464dbb6261088e6e2a3fc071a104e2c9362fc39f81722
                                                                                                              • Instruction ID: 7bafbdf93b1b4214b773edc7f1b332f1ea10497ec4c1072bc8ea86827295ede5
                                                                                                              • Opcode Fuzzy Hash: b9e5a72bdac082bdaa4464dbb6261088e6e2a3fc071a104e2c9362fc39f81722
                                                                                                              • Instruction Fuzzy Hash: EB41D734A00268EBCF12DF2AC848AAEBBB5AF46314F148255E9185B3D2D735DF05CB91
                                                                                                              Function 003F6220 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003F6580: _free.LIBCMT ref: 003F65A5
                                                                                                              • _free.LIBCMT ref: 003F626E
                                                                                                                • Part of subcall function 003F2567: HeapFree.KERNEL32(00000000,00000000), ref: 003F257D
                                                                                                                • Part of subcall function 003F2567: GetLastError.KERNEL32(?,?,003E93CB), ref: 003F258F
                                                                                                              • _free.LIBCMT ref: 003F6279
                                                                                                              • _free.LIBCMT ref: 003F6284
                                                                                                              • _free.LIBCMT ref: 003F62D8
                                                                                                              • _free.LIBCMT ref: 003F62E3
                                                                                                              • _free.LIBCMT ref: 003F62EE
                                                                                                              • _free.LIBCMT ref: 003F62F9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                              • String ID:
                                                                                                              • API String ID: 776569668-0
                                                                                                              • Opcode ID: 10f89baa2e0e33ddf7736a6c1844a4c53b43da7e62d178f93e44d7a4bdad20d8
                                                                                                              • Instruction ID: adb96d7500de4286ce61a260795779245e8cbfcd1a732787495b921640206ac3
                                                                                                              • Opcode Fuzzy Hash: 10f89baa2e0e33ddf7736a6c1844a4c53b43da7e62d178f93e44d7a4bdad20d8
                                                                                                              • Instruction Fuzzy Hash: B1114F71540B0CEAD622F7B0CD17FEBBB9C9F02700F400815B39D7E892EA65B5084A51
                                                                                                              Function 003E225F Relevance: 9.2, APIs: 6, Instructions: 225COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,002CA75C,?,?,?,?,?,?,?,?), ref: 003E22EA
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,?,002CA75C,?,?,?,?,?,?,?), ref: 003E2376
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,002CA75C,?,?,?,?,?,?,?), ref: 003E23E1
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000,?,?,002CA75C,?,?,?,?,?,?,?), ref: 003E23FD
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,002CA75C,?,?,?,?,?,?,?), ref: 003E2460
                                                                                                              • CompareStringEx.KERNEL32 ref: 003E247D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                              • String ID:
                                                                                                              • API String ID: 2984826149-0
                                                                                                              • Opcode ID: 0321c06cd5f6422a64e7660f77b41b369b28ae192ef4934ca10275c791282a9d
                                                                                                              • Instruction ID: cca53350aa429122f998c50b76b029bc9c32a0cc0475a1e064e03b53845ddd4b
                                                                                                              • Opcode Fuzzy Hash: 0321c06cd5f6422a64e7660f77b41b369b28ae192ef4934ca10275c791282a9d
                                                                                                              • Instruction Fuzzy Hash: 987183729002A9ABDF239FA7CC46BEF7BBDAF05710F160655E944B61D1D7358C008BA0
                                                                                                              Function 003E24E7 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001,53EF2B4F,?,F180C046,?,?,?), ref: 003E2530
                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,00000000,?,00000000,00000000,?,F180C046,?,?,?,?), ref: 003E259B
                                                                                                              • LCMapStringEx.KERNEL32 ref: 003E25B8
                                                                                                              • LCMapStringEx.KERNEL32 ref: 003E25F7
                                                                                                              • LCMapStringEx.KERNEL32 ref: 003E2656
                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000,?,F180C046,?,?,?,?), ref: 003E2679
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ByteCharMultiStringWide
                                                                                                              • String ID:
                                                                                                              • API String ID: 2829165498-0
                                                                                                              • Opcode ID: e1d96e3836ca4898644a122eba4f848981817d2a909406ae7880d5609d44d21c
                                                                                                              • Instruction ID: 5fec1fd445fa8b39ff67ffad7df5842ebed0b95990b753ff858c54e00308d232
                                                                                                              • Opcode Fuzzy Hash: e1d96e3836ca4898644a122eba4f848981817d2a909406ae7880d5609d44d21c
                                                                                                              • Instruction Fuzzy Hash: 4D51C2726002AAABDB228F62CC45FAB7BADEF44740F164724FD14AA1D0DBB1CC108B50
                                                                                                              Function 0028C170 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 200COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 0028C1DC
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___std_exception_destroy
                                                                                                              • String ID: [(h-$[(h-$[(h-
                                                                                                              • API String ID: 4194217158-1510110052
                                                                                                              • Opcode ID: 6790d710870ba68a8ffb15b320d7190d6719effda05eb45fadd49bc4a3b1284d
                                                                                                              • Instruction ID: 23672206a76ae99faf6e0aa18aff87ca054f2243727fc87d2bf861a65487ed15
                                                                                                              • Opcode Fuzzy Hash: 6790d710870ba68a8ffb15b320d7190d6719effda05eb45fadd49bc4a3b1284d
                                                                                                              • Instruction Fuzzy Hash: 98615C7E2212428B8A189F34B9C486E73D6ABD5330F34CA29E815DB2E5D774CC5AC751
                                                                                                              Function 002D81A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 188COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: zq$zq$zq$zq
                                                                                                              • API String ID: 0-4085270261
                                                                                                              • Opcode ID: 2217f7bf9c865c4ada4a67e947816cde395ca7158e761895683c2ae9a7e87771
                                                                                                              • Instruction ID: 68d1e5e4ab4f97b9287a116009f63d303931798c5e3e085a9307cac21f5c0a0e
                                                                                                              • Opcode Fuzzy Hash: 2217f7bf9c865c4ada4a67e947816cde395ca7158e761895683c2ae9a7e87771
                                                                                                              • Instruction Fuzzy Hash: F4514D35328642CFCB188E2C98D456977D2AFC5360F28892EE565CB3B5CA31CC658B46
                                                                                                              Function 002C4620 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 179COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _strlen
                                                                                                              • String ID: NobE$NobE$NobE$NobE
                                                                                                              • API String ID: 4218353326-1689557959
                                                                                                              • Opcode ID: d51bc4e186f07a24271e06688745a71389876280469f2803409681b4c0211261
                                                                                                              • Instruction ID: 34bafe0fcbd6d74421326630cc3ef4a939a32c9a84646d21147473fddcf018d6
                                                                                                              • Opcode Fuzzy Hash: d51bc4e186f07a24271e06688745a71389876280469f2803409681b4c0211261
                                                                                                              • Instruction Fuzzy Hash: 025127753183858BC724EF28A4E4A6FBBE2AFD5310F694A1DE9C587361D7319C14CB82
                                                                                                              Function 0028D060 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 168COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0028D141
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                              • String ID: +@$)V:$)V:
                                                                                                              • API String ID: 323602529-199243432
                                                                                                              • Opcode ID: 50b19b7bb1043fd7c5c1ffab25f38e9d1b59f7e26eda74e0e94b81b43712c599
                                                                                                              • Instruction ID: 4cee27053c7c022ef6f13a975e01bd4139849a8619613916291d17b5dedd0808
                                                                                                              • Opcode Fuzzy Hash: 50b19b7bb1043fd7c5c1ffab25f38e9d1b59f7e26eda74e0e94b81b43712c599
                                                                                                              • Instruction Fuzzy Hash: CC61E479A1125A8FCB14DF18D584AEEBBF1BF45310F24862AD844A73E0D771AE59CB80
                                                                                                              Function 00310320 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _strlen
                                                                                                              • String ID: NobE$NobE$NobE$NobE
                                                                                                              • API String ID: 4218353326-1689557959
                                                                                                              • Opcode ID: 78fca06719b70119582365c05aab377f3f4a67617f611f0b504a9e9fcfbc13d0
                                                                                                              • Instruction ID: 1ef0061c2a8308762baef79d94f49efdc077041ba45589da6110d57adfbc2c59
                                                                                                              • Opcode Fuzzy Hash: 78fca06719b70119582365c05aab377f3f4a67617f611f0b504a9e9fcfbc13d0
                                                                                                              • Instruction Fuzzy Hash: B6416A3A30C3409B8B2D492554D00BE7BD75BC9250F2E8A6EF6A5077A1D9714CD5CF82
                                                                                                              Function 003F860F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe, xrefs: 003F8614
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\MW-c924f3d7-8004-4e1e-8992-5f223243484f\files\piovbar.exe
                                                                                                              • API String ID: 0-4135127890
                                                                                                              • Opcode ID: 10eee6f980775c4e6f26d2781adff0dfc69c585029691bc0fbd31bfa5aef8987
                                                                                                              • Instruction ID: b39821ac4877cac2be095070a614667be62a1a367f4c7fc3029686ebce513982
                                                                                                              • Opcode Fuzzy Hash: 10eee6f980775c4e6f26d2781adff0dfc69c585029691bc0fbd31bfa5aef8987
                                                                                                              • Instruction Fuzzy Hash: DA21C27220065DAFDB16AF628C90D7B77ADEF0136C7114A15F725EA5D0EB30EC5087A0
                                                                                                              Function 00296660 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71libraryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: LibraryLoad
                                                                                                              • String ID: MN$NN$NN$NN
                                                                                                              • API String ID: 1029625771-4163503589
                                                                                                              • Opcode ID: 69b7df2e2680a272af740ef3bac7301e8589944ec7311dc731eb50957be2064f
                                                                                                              • Instruction ID: 996b6ce51ae7a28fca36366bc8614b65d0f4221d8c0d303040bd61e0073bac17
                                                                                                              • Opcode Fuzzy Hash: 69b7df2e2680a272af740ef3bac7301e8589944ec7311dc731eb50957be2064f
                                                                                                              • Instruction Fuzzy Hash: 19113B302386024F9F344E5454DCABAA1CB97C4365B304827D3168A3B1D5FF4C788B67
                                                                                                              Function 003E73F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,003E747F,?,?,003E7500,?,?,?), ref: 003E740A
                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess,00000000,?,?,003E747F,?,?,003E7500,?,?,?), ref: 003E741D
                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,003E747F,?,?,003E7500,?,?,?), ref: 003E7440
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                              • Opcode ID: 405113679e89950c06b01061376b8cd58c58647ca44183f69d44072cf613054b
                                                                                                              • Instruction ID: 9468b086b3acc970a93a74344698bb7f49c7e3920433b3e905dddfcb3cbea66c
                                                                                                              • Opcode Fuzzy Hash: 405113679e89950c06b01061376b8cd58c58647ca44183f69d44072cf613054b
                                                                                                              • Instruction Fuzzy Hash: 0EF08230A00218FBDB229B92DE09B9D7E79EB00755F504571B504B11E0DB748E10DB96
                                                                                                              Function 003E15B5 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetCurrentThreadId.KERNEL32(80850B43,00000000,?,003082F4,?,?,?,?,?,003063BC,?), ref: 003E15C9
                                                                                                              • AcquireSRWLockExclusive.KERNEL32(?,?,003082F4,?,?,?,?,?,003063BC,?), ref: 003E15E8
                                                                                                              • AcquireSRWLockExclusive.KERNEL32(?,0DA08CEC,AD3E0D23,?,003082F4,?,?,?,?,?,003063BC,?), ref: 003E1616
                                                                                                              • TryAcquireSRWLockExclusive.KERNEL32(?,0DA08CEC,AD3E0D23,?,003082F4,?,?,?,?,?,003063BC,?), ref: 003E1671
                                                                                                              • TryAcquireSRWLockExclusive.KERNEL32(?,0DA08CEC,AD3E0D23,?,003082F4,?,?,?,?,?,003063BC,?), ref: 003E1688
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 66001078-0
                                                                                                              • Opcode ID: d11051936414ae580ba62f87d50e3c3c7a5af8ba479a18a8ea98f5e8e16ffc60
                                                                                                              • Instruction ID: 7096966e57a0320f3677ec71b1f7806f6a99c68fcb37207464be4f1529e32c68
                                                                                                              • Opcode Fuzzy Hash: d11051936414ae580ba62f87d50e3c3c7a5af8ba479a18a8ea98f5e8e16ffc60
                                                                                                              • Instruction Fuzzy Hash: DB419C30A00666DFCB22DF66C5809AAB3F9FF04310B294B29D856D7AD0D730E990CB51
                                                                                                              Function 003F613C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • _free.LIBCMT ref: 003F6154
                                                                                                                • Part of subcall function 003F2567: HeapFree.KERNEL32(00000000,00000000), ref: 003F257D
                                                                                                                • Part of subcall function 003F2567: GetLastError.KERNEL32(?,?,003E93CB), ref: 003F258F
                                                                                                              • _free.LIBCMT ref: 003F6166
                                                                                                              • _free.LIBCMT ref: 003F6178
                                                                                                              • _free.LIBCMT ref: 003F618A
                                                                                                              • _free.LIBCMT ref: 003F619C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                              • String ID:
                                                                                                              • API String ID: 776569668-0
                                                                                                              • Opcode ID: e11d874bf2626286e37352b19eb099cb3600c06c0dba388958c820454dd73b55
                                                                                                              • Instruction ID: 8d2005ced2b8333b7d4b4d1985b3a0cca4e9864a60e41993b6fb1dad3500659c
                                                                                                              • Opcode Fuzzy Hash: e11d874bf2626286e37352b19eb099cb3600c06c0dba388958c820454dd73b55
                                                                                                              • Instruction Fuzzy Hash: 51F0363250424CEB8622EB64E997C7BF7F9FA05B107594819FA6DDB502C734FC809654
                                                                                                              Function 00291550 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 002915DE
                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 002916A2
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                              • String ID: ^#Z$^#Z
                                                                                                              • API String ID: 323602529-344646268
                                                                                                              • Opcode ID: 09cb74d8e82190440f75ea7ceb42bf2433b6975e3aa0d3e50da3ad692a5fd7c2
                                                                                                              • Instruction ID: 221ba6afe22d16fc53c679cedbfc07134d6557a71369d6c95c472c121060255f
                                                                                                              • Opcode Fuzzy Hash: 09cb74d8e82190440f75ea7ceb42bf2433b6975e3aa0d3e50da3ad692a5fd7c2
                                                                                                              • Instruction Fuzzy Hash: DC41BBB2E102078FCF08DF6999456EE7BF5BB81360F698268D4019B2E1E775CD25CB80
                                                                                                              Function 003032C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 114COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00303356
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___std_exception_destroy
                                                                                                              • String ID: $[ke$$[ke
                                                                                                              • API String ID: 4194217158-553253152
                                                                                                              • Opcode ID: 3c503f6e89b5a6e2173bcb5300cc5a504b5540e9d3a04fd617f1f4a2fcb5b005
                                                                                                              • Instruction ID: 281c69dfe5ce1e2925520cc1dc956c27ae6590460325c7170d16eb2d09f4c9b8
                                                                                                              • Opcode Fuzzy Hash: 3c503f6e89b5a6e2173bcb5300cc5a504b5540e9d3a04fd617f1f4a2fcb5b005
                                                                                                              • Instruction Fuzzy Hash: 934157B6A001158FCF08CBA898A09AEB7F9EF84310B198579E501EB291D730DE85C754
                                                                                                              Function 003783D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 108COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $px$$px
                                                                                                              • API String ID: 0-2330100114
                                                                                                              • Opcode ID: 0e4d94401db03df5c96abf9f58a5bfba857602052f16d812cdb61f6ef0c673e6
                                                                                                              • Instruction ID: a583254e8ab7c2d4463fd23f98b989cd264a142166048fc148b15284b884baba
                                                                                                              • Opcode Fuzzy Hash: 0e4d94401db03df5c96abf9f58a5bfba857602052f16d812cdb61f6ef0c673e6
                                                                                                              • Instruction Fuzzy Hash: AA41C5312083069FD315CF29D8C8A1BBBE5AFC6304F55C82DE4999B391D7B9DC098B51
                                                                                                              Function 003F53CE Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _strrchr
                                                                                                              • String ID:
                                                                                                              • API String ID: 3213747228-0
                                                                                                              • Opcode ID: e3ab4daca58ab337413983c6104a8f6b6446a546718726665175edd5a5ad9326
                                                                                                              • Instruction ID: 91483330d5e8b5a1b3a457e9782b3ac06546f8132759597704352ae7e6a2aca4
                                                                                                              • Opcode Fuzzy Hash: e3ab4daca58ab337413983c6104a8f6b6446a546718726665175edd5a5ad9326
                                                                                                              • Instruction Fuzzy Hash: 48B13772900A899FDB13CF28C881BBEBBE6EF55340F264169EB55DF242D6348D41CB60
                                                                                                              Function 003A3030 Relevance: 6.2, APIs: 4, Instructions: 172COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 003A30C8
                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 003A30D9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___std_exception_destroy
                                                                                                              • String ID:
                                                                                                              • API String ID: 4194217158-0
                                                                                                              • Opcode ID: aa4965a3bde6538f1b7b4b85b41f8e7c69cd711232696624f7238bbc8fd7952c
                                                                                                              • Instruction ID: f308039fe61e265460fd506da5647d6848c357ce1b0d882661dc73859951de86
                                                                                                              • Opcode Fuzzy Hash: aa4965a3bde6538f1b7b4b85b41f8e7c69cd711232696624f7238bbc8fd7952c
                                                                                                              • Instruction Fuzzy Hash: E75129B6A001058BCF15CB74A8951EEB7A5EF91360B35863AE812E73E0D335DE49CB91
                                                                                                              Function 003F130B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AdjustPointer
                                                                                                              • String ID:
                                                                                                              • API String ID: 1740715915-0
                                                                                                              • Opcode ID: 5b7b212759f75eb1a29eeb9d42de53c6aeda6c0fec089bad41eb4fadfd14daf2
                                                                                                              • Instruction ID: f401d1b165aa94b344c990978a3e5b208eada9c680b72fb01f680f4dfcbd43f5
                                                                                                              • Opcode Fuzzy Hash: 5b7b212759f75eb1a29eeb9d42de53c6aeda6c0fec089bad41eb4fadfd14daf2
                                                                                                              • Instruction Fuzzy Hash: CD51147660421AEFDB2B8F12E845B7A73B8EF80700F25412DEE055B691D731ED40DB90
                                                                                                              Function 00378560 Relevance: 6.2, APIs: 4, Instructions: 166COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00378652
                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00378664
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___std_exception_destroy
                                                                                                              • String ID:
                                                                                                              • API String ID: 4194217158-0
                                                                                                              • Opcode ID: a4a92b6d4fea621088d7eaa9154959ec2e5543e0a427def2baa931237fad7351
                                                                                                              • Instruction ID: 05e2e5ecee0094ee7f1adda85086830333b6793500e4d23318a63981c11a5189
                                                                                                              • Opcode Fuzzy Hash: a4a92b6d4fea621088d7eaa9154959ec2e5543e0a427def2baa931237fad7351
                                                                                                              • Instruction Fuzzy Hash: 4C515AB1B40245DBCF299F289CC94AE77E5BF45314B24852AE806EB391DB34DD09CB62
                                                                                                              Function 00394310 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00394392
                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 003943C4
                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 0039443F
                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00394471
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___std_exception_copy
                                                                                                              • String ID:
                                                                                                              • API String ID: 2659868963-0
                                                                                                              • Opcode ID: 6e5da9db7852b0b4771f16e6349e79b1478bfbd2c34f2634f7e3764c78e20cb2
                                                                                                              • Instruction ID: 7a852ae2e54f59d5c12b8b3c4add3061427c611837cc0620bf5d6f2a6ee768bf
                                                                                                              • Opcode Fuzzy Hash: 6e5da9db7852b0b4771f16e6349e79b1478bfbd2c34f2634f7e3764c78e20cb2
                                                                                                              • Instruction Fuzzy Hash: AB410EB5204305AFD310CF28D885A1ABBF5BFC5314F25CA29E8999B790C378E918CB91
                                                                                                              Function 003F80F8 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003E552B: _free.LIBCMT ref: 003E5539
                                                                                                                • Part of subcall function 003F266B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,003F3BF1,?,00000000,00000000), ref: 003F2717
                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00000000,?,00000000), ref: 003F8160
                                                                                                              • __dosmaperr.LIBCMT ref: 003F8167
                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 003F81A6
                                                                                                              • __dosmaperr.LIBCMT ref: 003F81AD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                              • String ID:
                                                                                                              • API String ID: 167067550-0
                                                                                                              • Opcode ID: eba8f9ab52d12d6fb8ea22100e2089d6f583a527059181169d6de23055181c39
                                                                                                              • Instruction ID: f072e9168dc128e70cefe114aaff2a6f276cc893b0dc02eeaed76ddfc28e089a
                                                                                                              • Opcode Fuzzy Hash: eba8f9ab52d12d6fb8ea22100e2089d6f583a527059181169d6de23055181c39
                                                                                                              • Instruction Fuzzy Hash: 5E21F87160021DBFDB26AF62CC81D7BB7ADEF053687118B29F6259B590DB30EC4187A0
                                                                                                              Function 0040019D Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • WriteConsoleW.KERNEL32 ref: 004001B4
                                                                                                              • GetLastError.KERNEL32(?,003FF995,00280607,00000001,00280607,00280607,?,003FB087,83F088FF,00000010,00280607,83F088FF,00280607,?,003FAB1B,00280607), ref: 004001C0
                                                                                                                • Part of subcall function 00400211: CloseHandle.KERNEL32(FFFFFFFE), ref: 00400221
                                                                                                              • ___initconout.LIBCMT ref: 004001D0
                                                                                                                • Part of subcall function 004001F2: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000), ref: 00400205
                                                                                                              • WriteConsoleW.KERNEL32 ref: 004001E5
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                              • String ID:
                                                                                                              • API String ID: 2744216297-0
                                                                                                              • Opcode ID: 5205c874fe23c86339faded2ba2fe754213f04479d945476c632d74a4a83117d
                                                                                                              • Instruction ID: b68a5fd2088b10f2d86a731e9e6f6dba78fef1d26fb6a7507075f75d27c0443c
                                                                                                              • Opcode Fuzzy Hash: 5205c874fe23c86339faded2ba2fe754213f04479d945476c632d74a4a83117d
                                                                                                              • Instruction Fuzzy Hash: 66F01C36400118BBCF221FD2EC08A9E3F26EB093A0F008435FA18A6160DA3289609B98
                                                                                                              Function 002740A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 002740BA
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___std_exception_destroy
                                                                                                              • String ID: ID$ID
                                                                                                              • API String ID: 4194217158-3629721452
                                                                                                              • Opcode ID: c81555185c6dc8b62b039965f4c25911ca0c1e211007b584a64970addc3e445d
                                                                                                              • Instruction ID: 6297a9c280ee25e843ab799044c469cf14a2f72faf9f995a3067585552a9da82
                                                                                                              • Opcode Fuzzy Hash: c81555185c6dc8b62b039965f4c25911ca0c1e211007b584a64970addc3e445d
                                                                                                              • Instruction Fuzzy Hash: D341FC392381528F8A18BE7D698446572C1E790324B68C62EE71DCF3E9D7B1DC758B81
                                                                                                              Function 003E817C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 003F25A1: RtlAllocateHeap.NTDLL(00000000,4D88C033,4D88C033,?,003F425A,00000220,003FA5F1,4D88C033,?,?,?,?,00000000,00000000,?,003FA5F1), ref: 003F25D3
                                                                                                              • _free.LIBCMT ref: 003E828B
                                                                                                              • _free.LIBCMT ref: 003E82A2
                                                                                                              • _free.LIBCMT ref: 003E82BF
                                                                                                              • _free.LIBCMT ref: 003E82DA
                                                                                                              • _free.LIBCMT ref: 003E82F1
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _free$AllocateHeap
                                                                                                              • String ID: <[@
                                                                                                              • API String ID: 3033488037-4255318249
                                                                                                              • Opcode ID: 32d19c6d091d626798240959891ed86099e775192eafa926b09c03083e19455d
                                                                                                              • Instruction ID: 937a34903527247e6b3e159efcd70fb79de4f96fd2f017a02a60febbea989f0d
                                                                                                              • Opcode Fuzzy Hash: 32d19c6d091d626798240959891ed86099e775192eafa926b09c03083e19455d
                                                                                                              • Instruction Fuzzy Hash: F3410231E00B15EFDB12DF96C842B6AB7B4FF54714F1146A9EA09AB2D0E771EA01CB40
                                                                                                              Function 003F1274 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 003F14EB
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___except_validate_context_record
                                                                                                              • String ID: csm$csm
                                                                                                              • API String ID: 3493665558-3733052814
                                                                                                              • Opcode ID: 3568647522947c646ffff1d7044dfab2b9ea950d0f845bbf7367bb636f6304e4
                                                                                                              • Instruction ID: 949e6ba1a11099bc0b80d3bb7976b354de6faa2cccf9bfe3b47bf4a94b6e19a3
                                                                                                              • Opcode Fuzzy Hash: 3568647522947c646ffff1d7044dfab2b9ea950d0f845bbf7367bb636f6304e4
                                                                                                              • Instruction Fuzzy Hash: 9B31F2B650021CDFCF278F51E8408BA7BA6FF8A314B19415AFA0D4A121D732CC62DF81
                                                                                                              Function 003F61A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.671663725.0000000000261000.00000020.00000001.01000000.00000007.sdmp, Offset: 00260000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.671637903.0000000000260000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671860980.0000000000402000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671867139.0000000000414000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000417000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671873991.0000000000421000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.671885218.0000000000425000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_260000_piovbar.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _free
                                                                                                              • String ID: j@
                                                                                                              • API String ID: 269201875-234837537
                                                                                                              • Opcode ID: ea520adb458e26b5efbde9edbce9c630cdaf2c0deddb3a453d1c19d6a07932e8
                                                                                                              • Instruction ID: dc4386e34c9569c2dfcffbe79f096fd30aa33a43e6d6ab389c01a545a3396e80
                                                                                                              • Opcode Fuzzy Hash: ea520adb458e26b5efbde9edbce9c630cdaf2c0deddb3a453d1c19d6a07932e8
                                                                                                              • Instruction Fuzzy Hash: 53F0C233508618BAE7136A21AC43BBB7B9CEB82774F25043BFB0C9E183DE21580146B5